./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor231904554 <...> Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts. execve("./syz-executor231904554", ["./syz-executor231904554"], 0x7fff6316c970 /* 10 vars */) = 0 brk(NULL) = 0x555555db9000 brk(0x555555db9e00) = 0x555555db9e00 arch_prctl(ARCH_SET_FS, 0x555555db9480) = 0 set_tid_address(0x555555db9750) = 295 set_robust_list(0x555555db9760, 24) = 0 rseq(0x555555db9da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor231904554", 4096) = 27 getrandom("\xaa\xbe\x13\x1c\xfc\xff\x24\x43", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555db9e00 brk(0x555555ddae00) = 0x555555ddae00 brk(0x555555ddb000) = 0x555555ddb000 mprotect(0x7f3f8b100000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f3f8b055940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3f8b05ecc0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f3f8b055940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3f8b05ecc0}, NULL, 8) = 0 mkdir("./syzkaller.uT7fTt", 0700) = 0 chmod("./syzkaller.uT7fTt", 0777) = 0 chdir("./syzkaller.uT7fTt") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 297 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555555db9760, 24) = 0 [pid 297] chdir("./0") = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 297] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("./file0", 0777) = 0 [ 21.097353][ T28] audit: type=1400 audit(1715428362.030:66): avc: denied { execmem } for pid=295 comm="syz-executor231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.100925][ T28] audit: type=1400 audit(1715428362.030:67): avc: denied { read write } for pid=295 comm="syz-executor231" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.104867][ T28] audit: type=1400 audit(1715428362.030:68): avc: denied { open } for pid=295 comm="syz-executor231" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.108997][ T28] audit: type=1400 audit(1715428362.030:69): avc: denied { ioctl } for pid=295 comm="syz-executor231" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.113151][ T297] loop0: detected capacity change from 0 to 512 [ 21.116142][ T297] EXT4-fs: Ignoring removed mblk_io_submit option [ 21.117251][ T28] audit: type=1400 audit(1715428362.050:70): avc: denied { mounton } for pid=297 comm="syz-executor231" path="/root/syzkaller.uT7fTt/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 297] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("./file0", 0777) = 0 [pid 297] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 297] mkdir("./file1", 000) = 0 [pid 297] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 297] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 297] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 21.139485][ T297] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 21.154806][ T297] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 21.167119][ T297] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 21.176198][ T28] audit: type=1400 audit(1715428362.110:71): avc: denied { mount } for pid=297 comm="syz-executor231" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 297] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 297] open(".", O_RDONLY) = 5 [pid 297] lseek(5, 2047, SEEK_SET) = 2047 [ 21.187438][ T297] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 21.198353][ T28] audit: type=1400 audit(1715428362.110:72): avc: denied { write } for pid=297 comm="syz-executor231" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.219189][ T297] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 21.239860][ T28] audit: type=1400 audit(1715428362.110:73): avc: denied { add_name } for pid=297 comm="syz-executor231" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.251276][ T297] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 297] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 297] exit_group(0) = ? [pid 297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 21.271949][ T28] audit: type=1400 audit(1715428362.110:74): avc: denied { create } for pid=297 comm="syz-executor231" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 21.284837][ T297] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/0/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555555db9760, 24) = 0 [pid 300] chdir("./1") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file0", 0777) = 0 [ 21.305176][ T28] audit: type=1400 audit(1715428362.110:75): avc: denied { create } for pid=297 comm="syz-executor231" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.369474][ T295] EXT4-fs (loop0): unmounting filesystem. [ 21.386964][ T300] loop0: detected capacity change from 0 to 512 [pid 300] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 300] mkdir("./file1", 000) = 0 [pid 300] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 300] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 300] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 21.394072][ T300] EXT4-fs: Ignoring removed mblk_io_submit option [ 21.401904][ T300] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 21.417143][ T300] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 21.429586][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 300] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 300] open(".", O_RDONLY) = 5 [pid 300] lseek(5, 2047, SEEK_SET) = 2047 [ 21.441331][ T300] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 21.461844][ T300] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 21.473799][ T300] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 21.486860][ T300] ================================================================== [ 21.494704][ T300] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880 [ 21.502510][ T300] Read of size 2 at addr ffff8881217cb003 by task syz-executor231/300 [ 21.510496][ T300] [ 21.512674][ T300] CPU: 1 PID: 300 Comm: syz-executor231 Not tainted 6.1.75-syzkaller-00003-g4d55129aea65 #0 [ 21.522689][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 21.532587][ T300] Call Trace: [ 21.535704][ T300] [ 21.538482][ T300] dump_stack_lvl+0x151/0x1b7 [ 21.542994][ T300] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 21.548287][ T300] ? _printk+0xd1/0x111 [ 21.552284][ T300] ? __virt_addr_valid+0x242/0x2f0 [ 21.557226][ T300] print_report+0x158/0x4e0 [ 21.561569][ T300] ? __virt_addr_valid+0x242/0x2f0 [ 21.566515][ T300] ? kasan_addr_to_slab+0xd/0x80 [ 21.571297][ T300] ? __ext4_check_dir_entry+0x700/0x880 [ 21.576671][ T300] kasan_report+0x13c/0x170 [ 21.581012][ T300] ? __ext4_check_dir_entry+0x700/0x880 [ 21.586390][ T300] __asan_report_load2_noabort+0x14/0x20 [ 21.591860][ T300] __ext4_check_dir_entry+0x700/0x880 [ 21.597069][ T300] ext4_readdir+0x1386/0x3930 [ 21.601582][ T300] ? __sched_clock_gtod_offset+0x100/0x100 [ 21.607252][ T300] ? down_read_killable+0xf82/0x1970 [ 21.612344][ T300] ? ext4_dir_llseek+0x540/0x540 [ 21.617115][ T300] ? finish_task_switch+0x167/0x7b0 [ 21.622150][ T300] ? __schedule+0xcaf/0x1550 [ 21.626604][ T300] ? avc_policy_seqno+0x1b/0x70 [ 21.631263][ T300] ? __kasan_check_read+0x11/0x20 [ 21.636123][ T300] ? fsnotify_perm+0x470/0x5d0 [ 21.640724][ T300] ? security_file_permission+0x86/0xb0 [ 21.646105][ T300] iterate_dir+0x265/0x610 [ 21.650359][ T300] ? ext4_dir_llseek+0x540/0x540 [ 21.655136][ T300] __se_sys_getdents64+0x1c1/0x460 [ 21.660079][ T300] ? __x64_sys_getdents64+0x90/0x90 [ 21.665112][ T300] ? filldir+0x670/0x670 [ 21.669235][ T300] ? __kasan_check_write+0x14/0x20 [ 21.674138][ T300] ? fpregs_restore_userregs+0x130/0x290 [ 21.679607][ T300] __x64_sys_getdents64+0x7b/0x90 [ 21.684466][ T300] do_syscall_64+0x3d/0xb0 [ 21.688724][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 21.694448][ T300] RIP: 0033:0x7f3f8b08c0e9 [ 21.698701][ T300] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 21.718163][ T300] RSP: 002b:00007ffc4c3447a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 21.726389][ T300] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3f8b08c0e9 [ 21.734209][ T300] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005 [ 21.742016][ T300] RBP: 0000000000000000 R08: 00007ffc4c3447dc R09: 00007ffc4c3447dc [ 21.749823][ T300] R10: 00007ffc4c3447dc R11: 0000000000000246 R12: 00007ffc4c3447dc [ 21.757634][ T300] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffc4c344810 [ 21.765448][ T300] [ 21.768327][ T300] [ 21.770478][ T300] The buggy address belongs to the physical page: [ 21.776753][ T300] page:ffffea000485f2c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1217cb [ 21.786795][ T300] flags: 0x4000000000000000(zone=1) [ 21.791839][ T300] raw: 4000000000000000 ffffea000485f308 ffff8881f703bb68 0000000000000000 [ 21.800261][ T300] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 21.808671][ T300] page dumped because: kasan: bad access detected [ 21.814930][ T300] page_owner tracks the page as freed [ 21.820125][ T300] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 235, tgid 235 (sshd), ts 14746125651, free_ts 14770395574 [ 21.838702][ T300] post_alloc_hook+0x213/0x220 [ 21.843298][ T300] prep_new_page+0x1b/0x110 [ 21.847639][ T300] get_page_from_freelist+0x27ea/0x2870 [ 21.853024][ T300] __alloc_pages+0x3a1/0x780 [ 21.857446][ T300] __folio_alloc+0x15/0x40 [ 21.861698][ T300] handle_mm_fault+0x1fb0/0x2f40 [ 21.866473][ T300] exc_page_fault+0x3b3/0x700 [ 21.870986][ T300] asm_exc_page_fault+0x27/0x30 [ 21.875672][ T300] page last free stack trace: [ 21.880194][ T300] free_unref_page_prepare+0x83d/0x850 [ 21.885481][ T300] free_unref_page_list+0xf1/0x7b0 [ 21.890430][ T300] release_pages+0xf7f/0xfe0 [ 21.894855][ T300] free_pages_and_swap_cache+0x8a/0xa0 [ 21.900149][ T300] tlb_finish_mmu+0x1e0/0x3f0 [ 21.904660][ T300] unmap_region+0x2c1/0x310 [ 21.909009][ T300] do_mas_align_munmap+0xd05/0x1400 [ 21.914042][ T300] do_mas_munmap+0x23e/0x2b0 [ 21.918460][ T300] __vm_munmap+0x263/0x3a0 [ 21.922719][ T300] __x64_sys_munmap+0x6b/0x80 [ 21.927227][ T300] do_syscall_64+0x3d/0xb0 [ 21.931483][ T300] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 21.937214][ T300] [ 21.939379][ T300] Memory state around the buggy address: [ 21.944850][ T300] ffff8881217caf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.952748][ T300] ffff8881217caf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.960646][ T300] >ffff8881217cb000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.968541][ T300] ^ [ 21.972449][ T300] ffff8881217cb080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.980349][ T300] ffff8881217cb100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.988244][ T300] ================================================================== [pid 300] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555555db9760, 24) = 0 [pid 303] chdir("./2") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 303] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 21.996777][ T300] Disabling lock debugging due to kernel taint [ 22.002852][ T300] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/1/file0: bad entry in directory: directory entry overrun - offset=1023, inode=542842880, rec_len=8224, size=1024 fake=0 [ 22.030798][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file0", 0777) = 0 [ 22.052071][ T303] loop0: detected capacity change from 0 to 512 [ 22.059123][ T303] EXT4-fs: Ignoring removed mblk_io_submit option [ 22.066908][ T303] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.082301][ T303] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 303] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 303] mkdir("./file1", 000) = 0 [pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 303] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 303] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 303] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 303] open(".", O_RDONLY) = 5 [pid 303] lseek(5, 2047, SEEK_SET) = 2047 [ 22.094618][ T303] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.106552][ T303] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.127620][ T303] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.139478][ T303] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 303] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555555db9760, 24) = 0 [pid 305] chdir("./3") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 305] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 305] close(3) = 0 [pid 305] close(4) = 0 [pid 305] mkdir("./file0", 0777) = 0 [ 22.152719][ T303] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 22.178855][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.192886][ T305] loop0: detected capacity change from 0 to 512 [pid 305] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [pid 305] close(4) = 0 [pid 305] mkdir("./file0", 0777) = 0 [pid 305] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 305] mkdir("./file1", 000) = 0 [pid 305] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 305] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 305] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 22.200004][ T305] EXT4-fs: Ignoring removed mblk_io_submit option [ 22.207590][ T305] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.222858][ T305] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.235236][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 305] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 305] open(".", O_RDONLY) = 5 [pid 305] lseek(5, 2047, SEEK_SET) = 2047 [ 22.249529][ T305] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.270029][ T305] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.281683][ T305] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 305] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 305] exit_group(0) = ? [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555555db9760, 24) = 0 [pid 307] chdir("./4") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 307] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] close(4) = 0 [pid 307] mkdir("./file0", 0777) = 0 [ 22.294792][ T305] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 22.321474][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.336148][ T307] loop0: detected capacity change from 0 to 512 [ 22.343250][ T307] EXT4-fs: Ignoring removed mblk_io_submit option [pid 307] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] mkdir("./file0", 0777) = 0 [pid 307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 307] mkdir("./file1", 000) = 0 [pid 307] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 307] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 307] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 22.351198][ T307] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.366452][ T307] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.378766][ T307] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 307] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 307] open(".", O_RDONLY) = 5 [pid 307] lseek(5, 2047, SEEK_SET) = 2047 [ 22.393122][ T307] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.413742][ T307] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.425600][ T307] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 307] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 307] exit_group(0) = ? [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 309 attached , child_tidptr=0x555555db9750) = 309 [pid 309] set_robust_list(0x555555db9760, 24) = 0 [pid 309] chdir("./5") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] memfd_create("syzkaller", 0) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 309] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] close(3) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("./file0", 0777) = 0 [ 22.438763][ T307] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/4/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 22.465585][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.483652][ T309] loop0: detected capacity change from 0 to 512 [ 22.490594][ T309] EXT4-fs: Ignoring removed mblk_io_submit option [pid 309] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 309] mkdir("./file1", 000) = 0 [pid 309] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 309] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 309] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 22.498504][ T309] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.513813][ T309] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.526011][ T309] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 309] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 309] open(".", O_RDONLY) = 5 [pid 309] lseek(5, 2047, SEEK_SET) = 2047 [ 22.540896][ T309] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.561968][ T309] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.573702][ T309] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 309] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x555555db9760, 24) = 0 [pid 311] chdir("./6") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] memfd_create("syzkaller", 0) = 3 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 311] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 311] close(3) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./file0", 0777) = 0 [ 22.586868][ T309] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/5/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 22.612503][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.633518][ T311] loop0: detected capacity change from 0 to 512 [ 22.641114][ T311] EXT4-fs: Ignoring removed mblk_io_submit option [pid 311] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./file0") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_CLR_FD) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./file0", 0777) = 0 [pid 311] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 311] mkdir("./file1", 000) = 0 [pid 311] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 311] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 311] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 22.648998][ T311] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.664117][ T311] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.676269][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 311] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 311] open(".", O_RDONLY) = 5 [pid 311] lseek(5, 2047, SEEK_SET) = 2047 [ 22.691028][ T311] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.711561][ T311] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.723432][ T311] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 311] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 311] exit_group(0) = ? [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555555db9760, 24) = 0 [pid 313] chdir("./7") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] memfd_create("syzkaller", 0) = 3 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 313] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 313] close(3) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("./file0", 0777) = 0 [ 22.736766][ T311] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 22.762671][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.776896][ T313] loop0: detected capacity change from 0 to 512 [ 22.783863][ T313] EXT4-fs: Ignoring removed mblk_io_submit option [pid 313] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 313] chdir("./file0") = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("./file0", 0777) = 0 [pid 313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 313] mkdir("./file1", 000) = 0 [pid 313] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 313] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 313] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 313] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 313] open(".", O_RDONLY) = 5 [pid 313] lseek(5, 2047, SEEK_SET) = 2047 [ 22.791540][ T313] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 22.806736][ T313] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.818947][ T313] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.830881][ T313] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 313] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 313] exit_group(0) = ? [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 22.851899][ T313] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 22.863591][ T313] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 22.876699][ T313] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555555db9760, 24) = 0 [pid 315] chdir("./8") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] memfd_create("syzkaller", 0) = 3 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 315] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 315] close(3) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("./file0", 0777) = 0 [ 22.904099][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.924288][ T315] loop0: detected capacity change from 0 to 512 [ 22.931210][ T315] EXT4-fs: Ignoring removed mblk_io_submit option [ 22.938993][ T315] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_CLR_FD) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 315] mkdir("./file1", 000) = 0 [pid 315] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 315] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 315] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 315] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 315] open(".", O_RDONLY) = 5 [pid 315] lseek(5, 2047, SEEK_SET) = 2047 [ 22.954371][ T315] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 22.966732][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 22.978453][ T315] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 315] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 315] exit_group(0) = ? [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x555555db9760, 24) = 0 [pid 318] chdir("./9") = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 318] memfd_create("syzkaller", 0) = 3 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 318] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.999430][ T315] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.011164][ T315] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 23.024484][ T315] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/8/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1394617856, rec_len=26723, size=1024 fake=0 [ 23.050825][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 318] close(3) = 0 [pid 318] close(4) = 0 [pid 318] mkdir("./file0", 0777) = 0 [ 23.066022][ T318] loop0: detected capacity change from 0 to 512 [ 23.074248][ T318] EXT4-fs: Ignoring removed mblk_io_submit option [ 23.082179][ T318] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.097413][ T318] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 318] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 318] chdir("./file0") = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 318] ioctl(4, LOOP_CLR_FD) = 0 [pid 318] close(4) = 0 [pid 318] mkdir("./file0", 0777) = 0 [pid 318] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 318] mkdir("./file1", 000) = 0 [pid 318] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 318] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 318] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 318] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 318] open(".", O_RDONLY) = 5 [pid 318] lseek(5, 2047, SEEK_SET) = 2047 [ 23.109732][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.122305][ T318] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.142847][ T318] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 318] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 318] exit_group(0) = ? [pid 318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555555db9760, 24) = 0 [pid 320] chdir("./10") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 320] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.154515][ T318] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 23.167627][ T318] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/9/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1411150592, rec_len=65221, size=1024 fake=0 [ 23.195011][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] close(4) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file0") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 320] mkdir("./file1", 000) = 0 [pid 320] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 320] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 320] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.211971][ T320] loop0: detected capacity change from 0 to 512 [ 23.219016][ T320] EXT4-fs: Ignoring removed mblk_io_submit option [ 23.226793][ T320] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.242323][ T320] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.254528][ T320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 320] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 320] open(".", O_RDONLY) = 5 [pid 320] lseek(5, 2047, SEEK_SET) = 2047 [ 23.266467][ T320] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.287083][ T320] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.298772][ T320] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 320] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 320] exit_group(0) = ? [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555555db9760, 24) = 0 [pid 322] chdir("./11") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 322] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file0", 0777) = 0 [ 23.311909][ T320] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/10/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 23.338845][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.353429][ T322] loop0: detected capacity change from 0 to 512 [ 23.361251][ T322] EXT4-fs: Ignoring removed mblk_io_submit option [pid 322] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 322] mkdir("./file1", 000) = 0 [pid 322] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 322] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 322] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.368827][ T322] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.383969][ T322] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.396339][ T322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 322] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 322] open(".", O_RDONLY) = 5 [pid 322] lseek(5, 2047, SEEK_SET) = 2047 [ 23.410710][ T322] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.431749][ T322] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.443412][ T322] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 322] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555555db9760, 24) = 0 [pid 324] chdir("./12") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] memfd_create("syzkaller", 0) = 3 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 324] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 324] close(3) = 0 [pid 324] close(4) = 0 [pid 324] mkdir("./file0", 0777) = 0 [ 23.456543][ T322] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 23.483115][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.497833][ T324] loop0: detected capacity change from 0 to 512 [ 23.505400][ T324] EXT4-fs: Ignoring removed mblk_io_submit option [pid 324] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 324] chdir("./file0") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_CLR_FD) = 0 [pid 324] close(4) = 0 [pid 324] mkdir("./file0", 0777) = 0 [pid 324] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 324] mkdir("./file1", 000) = 0 [pid 324] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 324] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 324] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.513159][ T324] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.528444][ T324] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.540761][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 324] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 324] open(".", O_RDONLY) = 5 [pid 324] lseek(5, 2047, SEEK_SET) = 2047 [ 23.555175][ T324] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.576154][ T324] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.587821][ T324] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 324] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 324] exit_group(0) = ? [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555555db9760, 24) = 0 [pid 326] chdir("./13") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] memfd_create("syzkaller", 0) = 3 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 326] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 326] close(3) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("./file0", 0777) = 0 [ 23.600940][ T324] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/12/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 23.627842][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.648319][ T326] loop0: detected capacity change from 0 to 512 [ 23.655475][ T326] EXT4-fs: Ignoring removed mblk_io_submit option [pid 326] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 326] chdir("./file0") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_CLR_FD) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("./file0", 0777) = 0 [pid 326] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 326] mkdir("./file1", 000) = 0 [pid 326] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 326] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 326] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.663313][ T326] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.678696][ T326] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.690849][ T326] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 326] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 326] open(".", O_RDONLY) = 5 [pid 326] lseek(5, 2047, SEEK_SET) = 2047 [ 23.705243][ T326] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.725981][ T326] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.737667][ T326] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 326] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 326] exit_group(0) = ? [pid 326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555555db9760, 24) = 0 [pid 328] chdir("./14") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 328] memfd_create("syzkaller", 0) = 3 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 328] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 328] close(3) = 0 [pid 328] close(4) = 0 [pid 328] mkdir("./file0", 0777) = 0 [ 23.750768][ T326] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/13/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 23.776672][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.795885][ T328] loop0: detected capacity change from 0 to 512 [ 23.804027][ T328] EXT4-fs: Ignoring removed mblk_io_submit option [pid 328] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 328] chdir("./file0") = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_CLR_FD) = 0 [pid 328] close(4) = 0 [pid 328] mkdir("./file0", 0777) = 0 [pid 328] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 328] mkdir("./file1", 000) = 0 [pid 328] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 328] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 328] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.811938][ T328] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 23.827137][ T328] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.839470][ T328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 328] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 328] open(".", O_RDONLY) = 5 [pid 328] lseek(5, 2047, SEEK_SET) = 2047 [pid 328] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 328] exit_group(0) = ? [pid 328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 23.851576][ T328] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 23.872241][ T328] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 23.883897][ T328] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 23.897044][ T328] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/14/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555555db9760, 24) = 0 [pid 330] chdir("./15") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] memfd_create("syzkaller", 0) = 3 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 330] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 330] close(3) = 0 [pid 330] close(4) = 0 [pid 330] mkdir("./file0", 0777) = 0 [ 23.924358][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.942321][ T330] loop0: detected capacity change from 0 to 512 [ 23.949349][ T330] EXT4-fs: Ignoring removed mblk_io_submit option [ 23.957198][ T330] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_CLR_FD) = 0 [pid 330] close(4) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 330] mkdir("./file1", 000) = 0 [pid 330] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 330] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 330] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 330] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 330] open(".", O_RDONLY) = 5 [pid 330] lseek(5, 2047, SEEK_SET) = 2047 [ 23.972380][ T330] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 23.984668][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 23.998615][ T330] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 330] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 330] exit_group(0) = ? [pid 330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 24.019819][ T330] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.031559][ T330] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 24.044666][ T330] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/15/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555555db9760, 24) = 0 [pid 333] chdir("./16") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 333] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./file0", 0777) = 0 [ 24.071042][ T295] EXT4-fs (loop0): unmounting filesystem. [ 24.092743][ T333] loop0: detected capacity change from 0 to 512 [ 24.100354][ T333] EXT4-fs: Ignoring removed mblk_io_submit option [ 24.108267][ T333] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 333] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./file0") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./file0", 0777) = 0 [pid 333] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 333] mkdir("./file1", 000) = 0 [pid 333] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 333] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 333] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 333] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 333] open(".", O_RDONLY) = 5 [pid 333] lseek(5, 2047, SEEK_SET) = 2047 [ 24.123817][ T333] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 24.135992][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.147468][ T333] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 333] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 333] exit_group(0) = ? [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 24.168126][ T333] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.179928][ T333] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 24.193071][ T333] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/16/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 335 attached , child_tidptr=0x555555db9750) = 335 [pid 335] set_robust_list(0x555555db9760, 24) = 0 [pid 335] chdir("./17") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 335] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("./file0", 0777) = 0 [ 24.220611][ T295] EXT4-fs (loop0): unmounting filesystem. [ 24.239006][ T335] loop0: detected capacity change from 0 to 512 [ 24.247155][ T335] EXT4-fs: Ignoring removed mblk_io_submit option [ 24.255156][ T335] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("./file0", 0777) = 0 [pid 335] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 335] mkdir("./file1", 000) = 0 [pid 335] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 335] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 335] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 335] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 335] open(".", O_RDONLY) = 5 [pid 335] lseek(5, 2047, SEEK_SET) = 2047 [ 24.270368][ T335] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 24.282644][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.296666][ T335] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 335] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 335] exit_group(0) = ? [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 337 attached , child_tidptr=0x555555db9750) = 337 [pid 337] set_robust_list(0x555555db9760, 24) = 0 [pid 337] chdir("./18") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] memfd_create("syzkaller", 0) = 3 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 337] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.317794][ T335] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.329490][ T335] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 24.342667][ T335] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/17/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 24.368678][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 337] close(3) = 0 [pid 337] close(4) = 0 [pid 337] mkdir("./file0", 0777) = 0 [ 24.386490][ T337] loop0: detected capacity change from 0 to 512 [ 24.394430][ T337] EXT4-fs: Ignoring removed mblk_io_submit option [ 24.402446][ T337] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 24.417860][ T337] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 337] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 337] chdir("./file0") = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_CLR_FD) = 0 [pid 337] close(4) = 0 [pid 337] mkdir("./file0", 0777) = 0 [pid 337] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 337] mkdir("./file1", 000) = 0 [pid 337] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 337] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 337] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 337] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 337] open(".", O_RDONLY) = 5 [pid 337] lseek(5, 2047, SEEK_SET) = 2047 [ 24.430135][ T337] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.442314][ T337] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.463600][ T337] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 337] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 337] exit_group(0) = ? [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555555db9760, 24) = 0 [pid 339] chdir("./19") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 339] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.475377][ T337] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 24.488512][ T337] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/18/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=271872, rec_len=0, size=1024 fake=0 [ 24.515510][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 339] close(3) = 0 [pid 339] close(4) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [ 24.534043][ T339] loop0: detected capacity change from 0 to 512 [ 24.541442][ T339] EXT4-fs: Ignoring removed mblk_io_submit option [ 24.549474][ T339] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 24.564647][ T339] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 24.577021][ T339] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 339] mkdir("./file0", 0777) = 0 [pid 339] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 339] mkdir("./file1", 000) = 0 [pid 339] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 339] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 339] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 339] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 339] open(".", O_RDONLY) = 5 [pid 339] lseek(5, 2047, SEEK_SET) = 2047 [ 24.588798][ T339] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.609740][ T339] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.621422][ T339] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 339] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 339] exit_group(0) = ? [pid 339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555555db9760, 24) = 0 [pid 341] chdir("./20") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 341] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [ 24.634532][ T339] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/19/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 [ 24.661860][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file0") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 341] mkdir("./file1", 000) = 0 [pid 341] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 341] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 341] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 24.683474][ T341] loop0: detected capacity change from 0 to 512 [ 24.690516][ T341] EXT4-fs: Ignoring removed mblk_io_submit option [ 24.698428][ T341] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 24.713601][ T341] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 24.725777][ T341] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 341] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 341] open(".", O_RDONLY) = 5 [pid 341] lseek(5, 2047, SEEK_SET) = 2047 [ 24.737937][ T341] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.758660][ T341] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.770363][ T341] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 341] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555555db9760, 24) = 0 [pid 343] chdir("./21") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 343] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file0", 0777) = 0 [ 24.783440][ T341] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/20/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 24.810186][ T295] EXT4-fs (loop0): unmounting filesystem. [ 24.824769][ T343] loop0: detected capacity change from 0 to 512 [ 24.832735][ T343] EXT4-fs: Ignoring removed mblk_io_submit option [pid 343] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file0") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file0", 0777) = 0 [pid 343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 343] mkdir("./file1", 000) = 0 [pid 343] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 343] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 343] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 24.840775][ T343] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 24.855933][ T343] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 24.868248][ T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 343] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 343] open(".", O_RDONLY) = 5 [pid 343] lseek(5, 2047, SEEK_SET) = 2047 [ 24.882729][ T343] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.903449][ T343] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 24.915131][ T343] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 343] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 343] exit_group(0) = ? [pid 343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555555db9760, 24) = 0 [pid 345] chdir("./22") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 345] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] close(4) = 0 [pid 345] mkdir("./file0", 0777) = 0 [ 24.928223][ T343] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/21/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 [ 24.955542][ T295] EXT4-fs (loop0): unmounting filesystem. [ 24.973441][ T345] loop0: detected capacity change from 0 to 512 [ 24.980394][ T345] EXT4-fs: Ignoring removed mblk_io_submit option [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 345] mkdir("./file1", 000) = 0 [pid 345] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 345] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 345] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 24.988095][ T345] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.003241][ T345] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.015574][ T345] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 345] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 345] open(".", O_RDONLY) = 5 [pid 345] lseek(5, 2047, SEEK_SET) = 2047 [ 25.030383][ T345] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.051612][ T345] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.063464][ T345] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 345] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 345] exit_group(0) = ? [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x555555db9760, 24) = 0 [pid 348] chdir("./23") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 348] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] close(4) = 0 [pid 348] mkdir("./file0", 0777) = 0 [ 25.076625][ T345] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/22/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 [ 25.104129][ T295] EXT4-fs (loop0): unmounting filesystem. [ 25.118110][ T348] loop0: detected capacity change from 0 to 512 [ 25.125078][ T348] EXT4-fs: Ignoring removed mblk_io_submit option [pid 348] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("./file0") = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] mkdir("./file0", 0777) = 0 [pid 348] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 348] mkdir("./file1", 000) = 0 [pid 348] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 348] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 348] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 348] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 348] open(".", O_RDONLY) = 5 [pid 348] lseek(5, 2047, SEEK_SET) = 2047 [ 25.133442][ T348] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.148754][ T348] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.160925][ T348] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.172226][ T348] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 348] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 348] exit_group(0) = ? [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 25.192751][ T348] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.204398][ T348] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 25.217518][ T348] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/23/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555555db9760, 24) = 0 [pid 352] chdir("./24") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 352] memfd_create("syzkaller", 0) = 3 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 352] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 352] close(3) = 0 [pid 352] close(4) = 0 [pid 352] mkdir("./file0", 0777) = 0 [ 25.243902][ T295] EXT4-fs (loop0): unmounting filesystem. [ 25.258317][ T352] loop0: detected capacity change from 0 to 512 [ 25.265671][ T352] EXT4-fs: Ignoring removed mblk_io_submit option [ 25.273506][ T352] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 352] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 352] chdir("./file0") = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_CLR_FD) = 0 [pid 352] close(4) = 0 [pid 352] mkdir("./file0", 0777) = 0 [pid 352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 352] mkdir("./file1", 000) = 0 [pid 352] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 352] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 352] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 352] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 352] open(".", O_RDONLY) = 5 [pid 352] lseek(5, 2047, SEEK_SET) = 2047 [ 25.288949][ T352] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.301131][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.312664][ T352] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 352] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 352] exit_group(0) = ? [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555555db9760, 24) = 0 [pid 354] chdir("./25") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 354] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.333613][ T352] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.345267][ T352] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 25.358382][ T352] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/24/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=273674240, rec_len=16267, size=1024 fake=0 [ 25.384891][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 354] close(3) = 0 [pid 354] close(4) = 0 [pid 354] mkdir("./file0", 0777) = 0 [ 25.400033][ T354] loop0: detected capacity change from 0 to 512 [ 25.408095][ T354] EXT4-fs: Ignoring removed mblk_io_submit option [ 25.415880][ T354] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.431154][ T354] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("./file0") = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] mkdir("./file0", 0777) = 0 [pid 354] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 354] mkdir("./file1", 000) = 0 [pid 354] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 354] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 354] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 354] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 354] open(".", O_RDONLY) = 5 [pid 354] lseek(5, 2047, SEEK_SET) = 2047 [ 25.443518][ T354] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.455666][ T354] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.476238][ T354] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 354] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 354] exit_group(0) = ? [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x555555db9760, 24) = 0 [pid 356] chdir("./26") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 356] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.488094][ T354] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 25.501224][ T354] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/25/file0: bad entry in directory: directory entry overrun - offset=1023, inode=4608, rec_len=4096, size=1024 fake=0 [ 25.528085][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 356] close(3) = 0 [pid 356] close(4) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_CLR_FD) = 0 [pid 356] close(4) = 0 [ 25.546161][ T356] loop0: detected capacity change from 0 to 512 [ 25.553653][ T356] EXT4-fs: Ignoring removed mblk_io_submit option [ 25.561619][ T356] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.576747][ T356] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.589033][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 356] mkdir("./file0", 0777) = 0 [pid 356] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 356] mkdir("./file1", 000) = 0 [pid 356] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 356] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 356] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 356] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 356] open(".", O_RDONLY) = 5 [pid 356] lseek(5, 2047, SEEK_SET) = 2047 [ 25.600775][ T356] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.621780][ T356] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.633462][ T356] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 356] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 356] exit_group(0) = ? [pid 356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x555555db9760, 24) = 0 [pid 358] chdir("./27") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 358] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] close(4) = 0 [ 25.646557][ T356] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 25.673761][ T295] EXT4-fs (loop0): unmounting filesystem. [ 25.694452][ T358] loop0: detected capacity change from 0 to 512 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file0") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] mkdir("./file0", 0777) = 0 [pid 358] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 358] mkdir("./file1", 000) = 0 [pid 358] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 358] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 358] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 25.701487][ T358] EXT4-fs: Ignoring removed mblk_io_submit option [ 25.709455][ T358] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.724805][ T358] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.737078][ T358] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 358] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 358] open(".", O_RDONLY) = 5 [pid 358] lseek(5, 2047, SEEK_SET) = 2047 [ 25.750809][ T358] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.771309][ T358] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.782964][ T358] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 358] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 358] exit_group(0) = ? [pid 358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555555db9760, 24) = 0 [pid 360] chdir("./28") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./file0", 0777) = 0 [ 25.796076][ T358] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/27/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 25.822413][ T295] EXT4-fs (loop0): unmounting filesystem. [ 25.836607][ T360] loop0: detected capacity change from 0 to 512 [ 25.844593][ T360] EXT4-fs: Ignoring removed mblk_io_submit option [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 360] mkdir("./file1", 000) = 0 [pid 360] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 360] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 360] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 25.852571][ T360] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 25.867710][ T360] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 25.880098][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 360] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 360] open(".", O_RDONLY) = 5 [pid 360] lseek(5, 2047, SEEK_SET) = 2047 [ 25.891799][ T360] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.912510][ T360] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 25.924196][ T360] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 360] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 362 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555555db9760, 24) = 0 [pid 362] chdir("./29") = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] memfd_create("syzkaller", 0) = 3 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 362] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 362] close(3) = 0 [pid 362] close(4) = 0 [pid 362] mkdir("./file0", 0777) = 0 [ 25.937292][ T360] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/28/file0: bad entry in directory: directory entry overrun - offset=1023, inode=493568, rec_len=3072, size=1024 fake=0 [ 25.964143][ T295] EXT4-fs (loop0): unmounting filesystem. [ 25.982632][ T362] loop0: detected capacity change from 0 to 512 [ 25.989554][ T362] EXT4-fs: Ignoring removed mblk_io_submit option [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_CLR_FD) = 0 [pid 362] close(4) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 362] mkdir("./file1", 000) = 0 [pid 362] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 362] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 362] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 25.997532][ T362] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.012721][ T362] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 26.024961][ T362] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 362] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 362] open(".", O_RDONLY) = 5 [pid 362] lseek(5, 2047, SEEK_SET) = 2047 [ 26.040040][ T362] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.060558][ T362] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.072429][ T362] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 362] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 362] exit_group(0) = ? [pid 362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x555555db9760, 24) = 0 [pid 366] chdir("./30") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 366] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file0", 0777) = 0 [ 26.085605][ T362] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/29/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 26.114958][ T295] EXT4-fs (loop0): unmounting filesystem. [ 26.134671][ T366] loop0: detected capacity change from 0 to 512 [ 26.142696][ T366] EXT4-fs: Ignoring removed mblk_io_submit option [pid 366] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file0") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file0", 0777) = 0 [pid 366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 366] mkdir("./file1", 000) = 0 [pid 366] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 366] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 366] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 26.150623][ T366] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.165879][ T366] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 26.178075][ T366] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 366] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 366] open(".", O_RDONLY) = 5 [pid 366] lseek(5, 2047, SEEK_SET) = 2047 [ 26.192743][ T366] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.213362][ T366] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.225091][ T366] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 366] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555555db9760, 24) = 0 [pid 368] chdir("./31") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 368] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 26.238166][ T366] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/30/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 [ 26.264586][ T295] EXT4-fs (loop0): unmounting filesystem. [ 26.278703][ T368] loop0: detected capacity change from 0 to 512 [ 26.286713][ T368] EXT4-fs: Ignoring removed mblk_io_submit option [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 368] mkdir("./file1", 000) = 0 [pid 368] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 368] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 368] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 368] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 368] open(".", O_RDONLY) = 5 [pid 368] lseek(5, 2047, SEEK_SET) = 2047 [ 26.294624][ T368] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.309897][ T368] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 26.322222][ T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 26.334696][ T368] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 368] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555555db9760, 24) = 0 [pid 370] chdir("./32") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 370] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.355286][ T368] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.367181][ T368] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 26.380332][ T368] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/31/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 370] mkdir("./file1", 000) = 0 [pid 370] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 370] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 370] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 26.420844][ T370] loop0: detected capacity change from 0 to 512 [ 26.428767][ T370] EXT4-fs: Ignoring removed mblk_io_submit option [ 26.436690][ T370] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.451942][ T370] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 370] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 370] open(".", O_RDONLY) = 5 [pid 370] lseek(5, 2047, SEEK_SET) = 2047 [ 26.469926][ T370] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.500712][ T370] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 370] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555555db9760, 24) = 0 [pid 372] chdir("./33") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 372] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("./file0", 0777) = 0 [ 26.512567][ T370] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 26.525892][ T370] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/32/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1147670016, rec_len=28686, size=1024 fake=0 [ 26.563432][ T372] loop0: detected capacity change from 0 to 512 [pid 372] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("./file0", 0777) = 0 [pid 372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 372] mkdir("./file1", 000) = 0 [pid 372] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 372] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 372] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 26.571243][ T372] EXT4-fs: Ignoring removed mblk_io_submit option [ 26.579032][ T372] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.594174][ T372] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 372] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 372] open(".", O_RDONLY) = 5 [pid 372] lseek(5, 2047, SEEK_SET) = 2047 [ 26.612913][ T372] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.634134][ T372] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.645899][ T372] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 372] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 372] exit_group(0) = ? [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555555db9760, 24) = 0 [pid 374] chdir("./34") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 374] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 374] close(3) = 0 [pid 374] close(4) = 0 [pid 374] mkdir("./file0", 0777) = 0 [ 26.659228][ T372] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/33/file0: bad entry in directory: directory entry overrun - offset=1023, inode=8514816, rec_len=6656, size=1024 fake=0 [ 26.695406][ T374] loop0: detected capacity change from 0 to 512 [ 26.703568][ T374] EXT4-fs: Ignoring removed mblk_io_submit option [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_CLR_FD) = 0 [pid 374] close(4) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 374] mkdir("./file1", 000) = 0 [pid 374] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 374] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 374] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 26.711370][ T374] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.726612][ T374] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 374] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 374] open(".", O_RDONLY) = 5 [pid 374] lseek(5, 2047, SEEK_SET) = 2047 [pid 374] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 374] exit_group(0) = ? [pid 374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x555555db9760, 24) = 0 [pid 376] chdir("./35") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 376] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.753731][ T374] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.774385][ T374] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.786080][ T374] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 26.799195][ T374] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/34/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 376] close(3) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("./file0", 0777) = 0 [pid 376] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 376] chdir("./file0") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_CLR_FD) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("./file0", 0777) = 0 [pid 376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 376] mkdir("./file1", 000) = 0 [pid 376] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 376] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 376] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 26.837292][ T376] loop0: detected capacity change from 0 to 512 [ 26.844349][ T376] EXT4-fs: Ignoring removed mblk_io_submit option [ 26.852349][ T376] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.867522][ T376] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 376] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 376] open(".", O_RDONLY) = 5 [pid 376] lseek(5, 2047, SEEK_SET) = 2047 [ 26.882856][ T376] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 26.903911][ T376] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 26.915594][ T376] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 376] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555555db9760, 24) = 0 [pid 378] chdir("./36") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] memfd_create("syzkaller", 0) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 378] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file0", 0777) = 0 [ 26.928710][ T376] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/35/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 26.963725][ T378] loop0: detected capacity change from 0 to 512 [ 26.970701][ T378] EXT4-fs: Ignoring removed mblk_io_submit option [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file0") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file0", 0777) = 0 [pid 378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 378] mkdir("./file1", 000) = 0 [pid 378] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 378] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 378] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 378] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 378] open(".", O_RDONLY) = 5 [pid 378] lseek(5, 2047, SEEK_SET) = 2047 [ 26.978631][ T378] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 26.993868][ T378] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 27.008800][ T378] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 378] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x555555db9760, 24) = 0 [pid 381] chdir("./37") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 381] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.030086][ T378] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.041836][ T378] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 27.054987][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/36/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1147670016, rec_len=28686, size=1024 fake=0 [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] close(4) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file0") = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 381] mkdir("./file1", 000) = 0 [pid 381] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 381] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 381] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 27.093222][ T381] loop0: detected capacity change from 0 to 512 [ 27.101188][ T381] EXT4-fs: Ignoring removed mblk_io_submit option [ 27.108970][ T381] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.124253][ T381] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 381] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 381] open(".", O_RDONLY) = 5 [pid 381] lseek(5, 2047, SEEK_SET) = 2047 [ 27.142040][ T381] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.162537][ T381] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.174364][ T381] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 381] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 381] exit_group(0) = ? [pid 381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 383 ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x555555db9760, 24) = 0 [pid 383] chdir("./38") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 383] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 383] close(3) = 0 [pid 383] close(4) = 0 [pid 383] mkdir("./file0", 0777) = 0 [ 27.187513][ T381] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/37/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 27.223882][ T383] loop0: detected capacity change from 0 to 512 [ 27.231972][ T383] EXT4-fs: Ignoring removed mblk_io_submit option [pid 383] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [pid 383] close(4) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 383] mkdir("./file1", 000) = 0 [pid 383] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 383] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 383] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 383] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 383] open(".", O_RDONLY) = 5 [pid 383] lseek(5, 2047, SEEK_SET) = 2047 [ 27.239716][ T383] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.254928][ T383] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 27.272115][ T383] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 383] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 383] exit_group(0) = ? [pid 383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555555db9760, 24) = 0 [pid 385] chdir("./39") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] memfd_create("syzkaller", 0) = 3 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 385] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.292853][ T383] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.304575][ T383] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 27.317647][ T383] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/38/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 385] close(3) = 0 [pid 385] close(4) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_CLR_FD) = 0 [pid 385] close(4) = 0 [pid 385] mkdir("./file0", 0777) = 0 [pid 385] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 385] mkdir("./file1", 000) = 0 [pid 385] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 385] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 385] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 27.358628][ T385] loop0: detected capacity change from 0 to 512 [ 27.365652][ T385] EXT4-fs: Ignoring removed mblk_io_submit option [ 27.373818][ T385] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.389045][ T385] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 385] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 385] open(".", O_RDONLY) = 5 [pid 385] lseek(5, 2047, SEEK_SET) = 2047 [ 27.404569][ T385] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.425412][ T385] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.437121][ T385] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 385] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555555db9760, 24) = 0 [pid 387] chdir("./40") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] memfd_create("syzkaller", 0) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 387] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 387] close(3) = 0 [pid 387] close(4) = 0 [pid 387] mkdir("./file0", 0777) = 0 [ 27.450421][ T385] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/39/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 [ 27.486662][ T387] loop0: detected capacity change from 0 to 512 [ 27.494664][ T387] EXT4-fs: Ignoring removed mblk_io_submit option [pid 387] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 387] chdir("./file0") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_CLR_FD) = 0 [pid 387] close(4) = 0 [pid 387] mkdir("./file0", 0777) = 0 [pid 387] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 387] mkdir("./file1", 000) = 0 [pid 387] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 387] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 387] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 387] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 387] open(".", O_RDONLY) = 5 [pid 387] lseek(5, 2047, SEEK_SET) = 2047 [ 27.502702][ T387] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.517996][ T387] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 27.534847][ T387] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 387] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x555555db9760, 24) = 0 [pid 389] chdir("./41") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] memfd_create("syzkaller", 0) = 3 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 389] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.555529][ T387] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.567362][ T387] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 27.580597][ T387] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/40/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 389] close(3) = 0 [pid 389] close(4) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 389] chdir("./file0") = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 389] ioctl(4, LOOP_CLR_FD) = 0 [pid 389] close(4) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 389] mkdir("./file1", 000) = 0 [pid 389] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 389] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 389] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 27.615866][ T389] loop0: detected capacity change from 0 to 512 [ 27.623288][ T389] EXT4-fs: Ignoring removed mblk_io_submit option [ 27.631195][ T389] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.646344][ T389] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 389] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 389] open(".", O_RDONLY) = 5 [pid 389] lseek(5, 2047, SEEK_SET) = 2047 [ 27.663777][ T389] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.684771][ T389] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.696437][ T389] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 389] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 389] exit_group(0) = ? [pid 389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555555db9760, 24) = 0 [pid 391] chdir("./42") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] memfd_create("syzkaller", 0) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 391] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 391] close(3) = 0 [pid 391] close(4) = 0 [pid 391] mkdir("./file0", 0777) = 0 [ 27.709549][ T389] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 27.748188][ T391] loop0: detected capacity change from 0 to 512 [ 27.755143][ T391] EXT4-fs: Ignoring removed mblk_io_submit option [pid 391] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 391] chdir("./file0") = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_CLR_FD) = 0 [pid 391] close(4) = 0 [pid 391] mkdir("./file0", 0777) = 0 [pid 391] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 391] mkdir("./file1", 000) = 0 [pid 391] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 391] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 391] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 391] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 391] open(".", O_RDONLY) = 5 [pid 391] lseek(5, 2047, SEEK_SET) = 2047 [ 27.763034][ T391] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.778320][ T391] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 27.796486][ T391] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 391] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 391] exit_group(0) = ? [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 393 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x555555db9760, 24) = 0 [pid 393] chdir("./43") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] memfd_create("syzkaller", 0) = 3 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 393] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.817495][ T391] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.829257][ T391] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 27.842396][ T391] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/42/file0: bad entry in directory: directory entry overrun - offset=1023, inode=877031424, rec_len=64588, size=1024 fake=0 [pid 393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 393] close(3) = 0 [pid 393] close(4) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 393] chdir("./file0") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_CLR_FD) = 0 [pid 393] close(4) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 393] mkdir("./file1", 000) = 0 [pid 393] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 393] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 393] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 27.881629][ T393] loop0: detected capacity change from 0 to 512 [ 27.889021][ T393] EXT4-fs: Ignoring removed mblk_io_submit option [ 27.896853][ T393] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 27.912164][ T393] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 393] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 393] open(".", O_RDONLY) = 5 [pid 393] lseek(5, 2047, SEEK_SET) = 2047 [ 27.927715][ T393] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.948808][ T393] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 27.960564][ T393] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 393] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 393] exit_group(0) = ? [pid 393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x555555db9760, 24) = 0 [pid 395] chdir("./44") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 395] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] close(4) = 0 [pid 395] mkdir("./file0", 0777) = 0 [ 27.973750][ T393] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/43/file0: bad entry in directory: directory entry overrun - offset=1023, inode=493568, rec_len=3072, size=1024 fake=0 [ 28.013762][ T395] loop0: detected capacity change from 0 to 512 [ 28.020834][ T395] EXT4-fs: Ignoring removed mblk_io_submit option [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_CLR_FD) = 0 [pid 395] close(4) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 395] mkdir("./file1", 000) = 0 [pid 395] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 395] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 395] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 395] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 395] open(".", O_RDONLY) = 5 [pid 395] lseek(5, 2047, SEEK_SET) = 2047 [ 28.028706][ T395] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.043867][ T395] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 28.061049][ T395] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 395] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 395] exit_group(0) = ? [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x555555db9760, 24) = 0 [pid 398] chdir("./45") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 398] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.081702][ T395] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.093479][ T395] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 28.106570][ T395] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/44/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1714368000, rec_len=27753, size=1024 fake=0 [pid 398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 398] close(3) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 398] mkdir("./file1", 000) = 0 [pid 398] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 398] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 398] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 28.145575][ T398] loop0: detected capacity change from 0 to 512 [ 28.152523][ T398] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.160467][ T398] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.175693][ T398] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 398] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 398] open(".", O_RDONLY) = 5 [pid 398] lseek(5, 2047, SEEK_SET) = 2047 [ 28.202909][ T398] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.223393][ T398] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.235062][ T398] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 398] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555555db9760, 24) = 0 [pid 400] chdir("./46") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] memfd_create("syzkaller", 0) = 3 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 400] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 400] close(3) = 0 [pid 400] close(4) = 0 [pid 400] mkdir("./file0", 0777) = 0 [ 28.248286][ T398] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/45/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 28.286830][ T400] loop0: detected capacity change from 0 to 512 [ 28.294557][ T400] EXT4-fs: Ignoring removed mblk_io_submit option [pid 400] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_CLR_FD) = 0 [pid 400] close(4) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 400] mkdir("./file1", 000) = 0 [pid 400] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 400] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 400] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 28.302507][ T400] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.317837][ T400] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 400] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 400] open(".", O_RDONLY) = 5 [pid 400] lseek(5, 2047, SEEK_SET) = 2047 [ 28.336229][ T400] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.357159][ T400] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.369020][ T400] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 400] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 400] exit_group(0) = ? [pid 400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 402 ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x555555db9760, 24) = 0 [pid 402] chdir("./47") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 402] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 402] close(3) = 0 [pid 402] close(4) = 0 [pid 402] mkdir("./file0", 0777) = 0 [ 28.382322][ T400] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/46/file0: bad entry in directory: directory entry overrun - offset=1023, inode=877031424, rec_len=64588, size=1024 fake=0 [ 28.423140][ T402] loop0: detected capacity change from 0 to 512 [ 28.430130][ T402] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.437976][ T402] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 402] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file0") = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 402] mkdir("./file1", 000) = 0 [pid 402] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 402] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 402] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 402] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 402] open(".", O_RDONLY) = 5 [pid 402] lseek(5, 2047, SEEK_SET) = 2047 [ 28.453130][ T402] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 28.472342][ T402] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 402] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 402] exit_group(0) = ? [pid 402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x555555db9760, 24) = 0 [pid 404] chdir("./48") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 404] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.494375][ T402] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.506073][ T402] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 28.519160][ T402] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/47/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 [pid 404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 404] close(3) = 0 [pid 404] close(4) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] mkdir("./file0", 0777) = 0 [pid 404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 404] mkdir("./file1", 000) = 0 [pid 404] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 404] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 404] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 28.554525][ T404] loop0: detected capacity change from 0 to 512 [ 28.562168][ T404] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.570025][ T404] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.585350][ T404] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 404] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 404] open(".", O_RDONLY) = 5 [pid 404] lseek(5, 2047, SEEK_SET) = 2047 [ 28.603875][ T404] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.624447][ T404] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.636136][ T404] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 404] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 404] exit_group(0) = ? [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 406 ./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x555555db9760, 24) = 0 [pid 406] chdir("./49") = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 406] setpgid(0, 0) = 0 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 406] write(3, "1000", 4) = 4 [pid 406] close(3) = 0 [pid 406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 406] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 406] close(3) = 0 [pid 406] close(4) = 0 [pid 406] mkdir("./file0", 0777) = 0 [ 28.649231][ T404] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/48/file0: bad entry in directory: directory entry overrun - offset=1023, inode=406686976, rec_len=3660, size=1024 fake=0 [ 28.691453][ T406] loop0: detected capacity change from 0 to 512 [pid 406] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file0") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 406] mkdir("./file1", 000) = 0 [pid 406] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 406] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 406] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 28.699697][ T406] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.707507][ T406] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.722725][ T406] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 406] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 406] open(".", O_RDONLY) = 5 [pid 406] lseek(5, 2047, SEEK_SET) = 2047 [pid 406] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 406] exit_group(0) = ? [ 28.737640][ T406] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.758577][ T406] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 28.770236][ T406] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x555555db9760, 24) = 0 [pid 408] chdir("./50") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 408] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./file0", 0777) = 0 [ 28.783368][ T406] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/49/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 28.818152][ T408] loop0: detected capacity change from 0 to 512 [ 28.825057][ T408] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.832929][ T408] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 408] mkdir("./file1", 000) = 0 [pid 408] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 408] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 408] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 408] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 408] open(".", O_RDONLY) = 5 [pid 408] lseek(5, 2047, SEEK_SET) = 2047 [ 28.848228][ T408] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 28.865620][ T408] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.886275][ T408] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 408] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 408] exit_group(0) = ? [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x555555db9760, 24) = 0 [pid 410] chdir("./51") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 410] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 410] close(3) = 0 [pid 410] close(4) = 0 [pid 410] mkdir("./file0", 0777) = 0 [ 28.898098][ T408] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 28.911326][ T408] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/50/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 28.946342][ T410] loop0: detected capacity change from 0 to 512 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_CLR_FD) = 0 [pid 410] close(4) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 410] mkdir("./file1", 000) = 0 [pid 410] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 410] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 410] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 28.953466][ T410] EXT4-fs: Ignoring removed mblk_io_submit option [ 28.961573][ T410] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 28.976798][ T410] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 410] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 410] open(".", O_RDONLY) = 5 [pid 410] lseek(5, 2047, SEEK_SET) = 2047 [ 28.996789][ T410] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.017392][ T410] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.029206][ T410] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 410] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 410] exit_group(0) = ? [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x555555db9760, 24) = 0 [pid 414] chdir("./52") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 414] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("./file0", 0777) = 0 [ 29.042522][ T410] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/51/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 29.077712][ T414] loop0: detected capacity change from 0 to 512 [ 29.085866][ T414] EXT4-fs: Ignoring removed mblk_io_submit option [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 414] mkdir("./file1", 000) = 0 [pid 414] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 414] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 414] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 414] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 414] open(".", O_RDONLY) = 5 [pid 414] lseek(5, 2047, SEEK_SET) = 2047 [ 29.093718][ T414] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.108870][ T414] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 29.127468][ T414] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 414] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 414] exit_group(0) = ? [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x555555db9760, 24) = 0 [pid 416] chdir("./53") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] memfd_create("syzkaller", 0) = 3 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 416] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.148120][ T414] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.159769][ T414] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 29.172977][ T414] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/52/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1714368000, rec_len=27753, size=1024 fake=0 [pid 416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 416] close(3) = 0 [pid 416] close(4) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 416] ioctl(4, LOOP_CLR_FD) = 0 [pid 416] close(4) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 416] mkdir("./file1", 000) = 0 [pid 416] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 416] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 416] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 29.217503][ T416] loop0: detected capacity change from 0 to 512 [ 29.224654][ T416] EXT4-fs: Ignoring removed mblk_io_submit option [ 29.232461][ T416] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.247602][ T416] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 416] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 416] open(".", O_RDONLY) = 5 [pid 416] lseek(5, 2047, SEEK_SET) = 2047 [ 29.262864][ T416] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.283406][ T416] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.295081][ T416] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 416] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 416] exit_group(0) = ? [pid 416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x555555db9760, 24) = 0 [pid 418] chdir("./54") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] memfd_create("syzkaller", 0) = 3 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 418] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 418] close(3) = 0 [pid 418] close(4) = 0 [pid 418] mkdir("./file0", 0777) = 0 [ 29.308228][ T416] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/53/file0: bad entry in directory: directory entry overrun - offset=1023, inode=188361728, rec_len=60672, size=1024 fake=0 [ 29.343909][ T418] loop0: detected capacity change from 0 to 512 [ 29.351642][ T418] EXT4-fs: Ignoring removed mblk_io_submit option [pid 418] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 418] chdir("./file0") = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 418] ioctl(4, LOOP_CLR_FD) = 0 [pid 418] close(4) = 0 [pid 418] mkdir("./file0", 0777) = 0 [pid 418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 418] mkdir("./file1", 000) = 0 [pid 418] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 418] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 418] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 418] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 418] open(".", O_RDONLY) = 5 [pid 418] lseek(5, 2047, SEEK_SET) = 2047 [ 29.359286][ T418] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.374657][ T418] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 29.390584][ T418] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 418] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 418] exit_group(0) = ? [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555555db9760, 24) = 0 [pid 420] chdir("./55") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] memfd_create("syzkaller", 0) = 3 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 420] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.411226][ T418] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.422937][ T418] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 29.436154][ T418] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/54/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1633771776, rec_len=24929, size=1024 fake=0 [pid 420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 420] close(3) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_CLR_FD) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 420] mkdir("./file1", 000) = 0 [pid 420] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 420] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 420] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 29.475593][ T420] loop0: detected capacity change from 0 to 512 [ 29.482654][ T420] EXT4-fs: Ignoring removed mblk_io_submit option [ 29.490589][ T420] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.505865][ T420] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 420] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 420] open(".", O_RDONLY) = 5 [pid 420] lseek(5, 2047, SEEK_SET) = 2047 [ 29.524225][ T420] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.545222][ T420] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.556910][ T420] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 420] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 420] exit_group(0) = ? [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x555555db9760, 24) = 0 [pid 422] chdir("./56") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] memfd_create("syzkaller", 0) = 3 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 422] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 422] close(3) = 0 [pid 422] close(4) = 0 [pid 422] mkdir("./file0", 0777) = 0 [ 29.570273][ T420] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/55/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 29.609633][ T422] loop0: detected capacity change from 0 to 512 [ 29.616552][ T422] EXT4-fs: Ignoring removed mblk_io_submit option [pid 422] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 422] chdir("./file0") = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 422] ioctl(4, LOOP_CLR_FD) = 0 [pid 422] close(4) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 422] mkdir("./file1", 000) = 0 [pid 422] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 422] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 422] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 29.624392][ T422] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.639730][ T422] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 422] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 422] open(".", O_RDONLY) = 5 [pid 422] lseek(5, 2047, SEEK_SET) = 2047 [pid 422] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 422] exit_group(0) = ? [pid 422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555555db9760, 24) = 0 [pid 424] chdir("./57") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 424] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.658041][ T422] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.678501][ T422] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.690179][ T422] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 29.703272][ T422] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/56/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 424] mkdir("./file1", 000) = 0 [pid 424] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 424] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 424] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 29.739489][ T424] loop0: detected capacity change from 0 to 512 [ 29.747246][ T424] EXT4-fs: Ignoring removed mblk_io_submit option [ 29.755088][ T424] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.770301][ T424] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 424] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 424] open(".", O_RDONLY) = 5 [pid 424] lseek(5, 2047, SEEK_SET) = 2047 [ 29.789109][ T424] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.809703][ T424] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.821387][ T424] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 424] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 424] exit_group(0) = ? [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 426 ./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x555555db9760, 24) = 0 [pid 426] chdir("./58") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] memfd_create("syzkaller", 0) = 3 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 426] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 426] close(3) = 0 [pid 426] close(4) = 0 [pid 426] mkdir("./file0", 0777) = 0 [ 29.834487][ T424] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/57/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 29.876276][ T426] loop0: detected capacity change from 0 to 512 [ 29.883412][ T426] EXT4-fs: Ignoring removed mblk_io_submit option [pid 426] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_CLR_FD) = 0 [pid 426] close(4) = 0 [pid 426] mkdir("./file0", 0777) = 0 [pid 426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 426] mkdir("./file1", 000) = 0 [pid 426] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 426] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 426] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 426] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 426] open(".", O_RDONLY) = 5 [pid 426] lseek(5, 2047, SEEK_SET) = 2047 [ 29.891612][ T426] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 29.906766][ T426] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 426] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 426] exit_group(0) = ? [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x555555db9760, 24) = 0 [pid 428] chdir("./59") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] memfd_create("syzkaller", 0) = 3 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 428] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.922613][ T426] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.943426][ T426] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 29.955162][ T426] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 29.968280][ T426] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/58/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 428] close(3) = 0 [pid 428] close(4) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 428] ioctl(4, LOOP_CLR_FD) = 0 [pid 428] close(4) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 428] mkdir("./file1", 000) = 0 [pid 428] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 428] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 428] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.002608][ T428] loop0: detected capacity change from 0 to 512 [ 30.011190][ T428] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.019104][ T428] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.034452][ T428] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 428] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 428] open(".", O_RDONLY) = 5 [pid 428] lseek(5, 2047, SEEK_SET) = 2047 [ 30.052080][ T428] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.072767][ T428] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.084481][ T428] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 428] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 428] exit_group(0) = ? [pid 428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 431 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x555555db9760, 24) = 0 [pid 431] chdir("./60") = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 431] write(3, "1000", 4) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 431] memfd_create("syzkaller", 0) = 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 431] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 431] close(3) = 0 [pid 431] close(4) = 0 [pid 431] mkdir("./file0", 0777) = 0 [ 30.097537][ T428] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/59/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=134557696, rec_len=16267, size=1024 fake=0 [ 30.138137][ T431] loop0: detected capacity change from 0 to 512 [ 30.146086][ T431] EXT4-fs: Ignoring removed mblk_io_submit option [pid 431] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 431] chdir("./file0") = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_CLR_FD) = 0 [pid 431] close(4) = 0 [pid 431] mkdir("./file0", 0777) = 0 [pid 431] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 431] mkdir("./file1", 000) = 0 [pid 431] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 431] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 431] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.153849][ T431] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.169138][ T431] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 431] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 431] open(".", O_RDONLY) = 5 [pid 431] lseek(5, 2047, SEEK_SET) = 2047 [ 30.186450][ T431] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.207161][ T431] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.219060][ T431] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 431] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 431] exit_group(0) = ? [pid 431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x555555db9760, 24) = 0 [pid 433] chdir("./61") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 433] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] close(4) = 0 [pid 433] mkdir("./file0", 0777) = 0 [ 30.232216][ T431] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/60/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 30.272333][ T433] loop0: detected capacity change from 0 to 512 [ 30.279355][ T433] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.287149][ T433] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 433] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("./file0") = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] mkdir("./file0", 0777) = 0 [pid 433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 433] mkdir("./file1", 000) = 0 [pid 433] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 433] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 433] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 433] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 433] open(".", O_RDONLY) = 5 [pid 433] lseek(5, 2047, SEEK_SET) = 2047 [ 30.302372][ T433] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 30.318065][ T433] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.338776][ T433] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 433] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 433] exit_group(0) = ? [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555555db9760, 24) = 0 [pid 435] chdir("./62") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 435] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.350479][ T433] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 30.363699][ T433] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/61/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./file0", 0777) = 0 [ 30.403377][ T435] loop0: detected capacity change from 0 to 512 [ 30.411496][ T435] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.418284][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 30.418296][ T28] audit: type=1400 audit(1715428371.360:81): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 435] mkdir("./file1", 000) = 0 [pid 435] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 435] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 435] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.419697][ T435] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.424094][ T28] audit: type=1400 audit(1715428371.360:82): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.446460][ T435] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 435] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 435] open(".", O_RDONLY) = 5 [pid 435] lseek(5, 2047, SEEK_SET) = 2047 [ 30.498762][ T435] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.519850][ T435] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.531575][ T435] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 435] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 435] exit_group(0) = ? [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 437 ./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x555555db9760, 24) = 0 [pid 437] chdir("./63") = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 437] setpgid(0, 0) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 437] memfd_create("syzkaller", 0) = 3 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 437] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 437] close(3) = 0 [pid 437] close(4) = 0 [pid 437] mkdir("./file0", 0777) = 0 [ 30.544626][ T435] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/62/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 30.580024][ T437] loop0: detected capacity change from 0 to 512 [ 30.588356][ T437] EXT4-fs: Ignoring removed mblk_io_submit option [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_CLR_FD) = 0 [pid 437] close(4) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 437] mkdir("./file1", 000) = 0 [pid 437] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 437] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 437] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 437] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 437] open(".", O_RDONLY) = 5 [pid 437] lseek(5, 2047, SEEK_SET) = 2047 [ 30.596114][ T437] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.611328][ T437] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 30.629561][ T437] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 437] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 437] exit_group(0) = ? [pid 437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555555db9760, 24) = 0 [pid 439] chdir("./64") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] memfd_create("syzkaller", 0) = 3 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 439] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.650050][ T437] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.661722][ T437] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 30.674989][ T437] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/63/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 439] close(3) = 0 [pid 439] close(4) = 0 [pid 439] mkdir("./file0", 0777) = 0 [pid 439] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_CLR_FD) = 0 [pid 439] close(4) = 0 [pid 439] mkdir("./file0", 0777) = 0 [pid 439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 439] mkdir("./file1", 000) = 0 [pid 439] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 439] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 439] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.714992][ T439] loop0: detected capacity change from 0 to 512 [ 30.723105][ T439] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.731042][ T439] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.746420][ T439] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 439] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 439] open(".", O_RDONLY) = 5 [pid 439] lseek(5, 2047, SEEK_SET) = 2047 [ 30.765143][ T439] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.785861][ T439] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.797593][ T439] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 439] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 439] exit_group(0) = ? [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555555db9760, 24) = 0 [pid 441] chdir("./65") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 441] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./file0", 0777) = 0 [ 30.810655][ T439] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/64/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 [ 30.850708][ T441] loop0: detected capacity change from 0 to 512 [ 30.857995][ T441] EXT4-fs: Ignoring removed mblk_io_submit option [pid 441] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./file0") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./file0", 0777) = 0 [pid 441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 441] mkdir("./file1", 000) = 0 [pid 441] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 441] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 441] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 441] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 441] open(".", O_RDONLY) = 5 [pid 441] lseek(5, 2047, SEEK_SET) = 2047 [ 30.866144][ T441] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 30.881468][ T441] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 30.896511][ T441] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 441] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 441] exit_group(0) = ? [pid 441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 444 ./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x555555db9760, 24) = 0 [pid 444] chdir("./66") = 0 [pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 444] setpgid(0, 0) = 0 [pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 444] write(3, "1000", 4) = 4 [pid 444] close(3) = 0 [pid 444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 444] memfd_create("syzkaller", 0) = 3 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 444] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.917103][ T441] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 30.929033][ T441] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 30.942211][ T441] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/65/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1714368000, rec_len=27753, size=1024 fake=0 [pid 444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 444] close(3) = 0 [pid 444] close(4) = 0 [pid 444] mkdir("./file0", 0777) = 0 [pid 444] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 444] chdir("./file0") = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 444] ioctl(4, LOOP_CLR_FD) = 0 [pid 444] close(4) = 0 [pid 444] mkdir("./file0", 0777) = 0 [pid 444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 444] mkdir("./file1", 000) = 0 [pid 444] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 444] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 444] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.976424][ T444] loop0: detected capacity change from 0 to 512 [ 30.983425][ T444] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.991258][ T444] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 31.006437][ T444] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 444] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 444] open(".", O_RDONLY) = 5 [pid 444] lseek(5, 2047, SEEK_SET) = 2047 [ 31.023340][ T444] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 31.044181][ T444] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 31.055926][ T444] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 444] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 444] exit_group(0) = ? [pid 444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x555555db9760, 24) = 0 [pid 447] chdir("./67") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] memfd_create("syzkaller", 0) = 3 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 447] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 447] close(3) = 0 [pid 447] close(4) = 0 [pid 447] mkdir("./file0", 0777) = 0 [ 31.069087][ T444] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/66/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 31.110285][ T447] loop0: detected capacity change from 0 to 512 [ 31.118594][ T447] EXT4-fs: Ignoring removed mblk_io_submit option [pid 447] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 447] chdir("./file0") = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 447] ioctl(4, LOOP_CLR_FD) = 0 [pid 447] close(4) = 0 [pid 447] mkdir("./file0", 0777) = 0 [pid 447] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 447] mkdir("./file1", 000) = 0 [pid 447] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 447] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 447] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 31.126391][ T447] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 31.141612][ T447] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 447] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 447] open(".", O_RDONLY) = 5 [pid 447] lseek(5, 2047, SEEK_SET) = 2047 [ 31.159670][ T447] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 31.180888][ T447] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 31.192639][ T447] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 447] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 447] exit_group(0) = ? [pid 447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x555555db9760, 24) = 0 [pid 449] chdir("./68") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 449] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 449] close(3) = 0 [pid 449] close(4) = 0 [pid 449] mkdir("./file0", 0777) = 0 [ 31.205804][ T447] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/67/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=1714368000, rec_len=27753, size=1024 fake=0 [ 31.241036][ T449] loop0: detected capacity change from 0 to 512 [ 31.248342][ T449] EXT4-fs: Ignoring removed mblk_io_submit option [ 31.256310][ T449] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [pid 449] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_CLR_FD) = 0 [pid 449] close(4) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 449] mkdir("./file1", 000) = 0 [pid 449] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 449] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 449] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 449] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 449] open(".", O_RDONLY) = 5 [pid 449] lseek(5, 2047, SEEK_SET) = 2047 [ 31.271484][ T449] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [ 31.290036][ T449] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 31.310645][ T449] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [pid 449] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 449] exit_group(0) = ? [pid 449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x555555db9760, 24) = 0 [pid 451] chdir("./69") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] memfd_create("syzkaller", 0) = 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 451] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 31.322510][ T449] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [ 31.335663][ T449] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/68/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=170814720, rec_len=24909, size=1024 fake=0 [pid 451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 451] close(3) = 0 [pid 451] close(4) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 451] chdir("./file0") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_CLR_FD) = 0 [pid 451] close(4) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 451] mkdir("./file1", 000) = 0 [pid 451] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 451] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 451] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 31.376672][ T451] loop0: detected capacity change from 0 to 512 [ 31.383664][ T451] EXT4-fs: Ignoring removed mblk_io_submit option [ 31.391402][ T451] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor231: inline data xattr refers to an external xattr inode [ 31.406819][ T451] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor231: couldn't read orphan inode 12 (err -117) [pid 451] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 451] open(".", O_RDONLY) = 5 [pid 451] lseek(5, 2047, SEEK_SET) = 2047 [ 31.425576][ T451] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor231: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 31.446240][ T451] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor231: Unrecognised inode hash code 49 [ 31.458013][ T451] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor231: Corrupt directory, running e2fsck is recommended [pid 451] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 451] exit_group(0) = ? [pid 451] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555dba7f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555dc2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555dc2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555555dba7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555db9750) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x555555db9760, 24) = 0 [pid 453] chdir("./70") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] memfd_create("syzkaller", 0) = 3 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3f82c4c000 [pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 453] munmap(0x7f3f82c4c000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 453] close(3) = 0 [pid 453] close(4) = 0 [pid 453] mkdir("./file0", 0777) = 0 [ 31.471235][ T451] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor231: path /root/syzkaller.uT7fTt/69/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [ 31.513670][ T453] loop0: detected capacity change from 0 to 512 [ 31.521545][ T453] EXT4-fs: Ignoring removed mblk_io_submit option