./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1657113867 <...> Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. execve("./syz-executor1657113867", ["./syz-executor1657113867"], 0x7ffda8ea04e0 /* 10 vars */) = 0 brk(NULL) = 0x55556f386000 brk(0x55556f386d00) = 0x55556f386d00 arch_prctl(ARCH_SET_FS, 0x55556f386380) = 0 set_tid_address(0x55556f386650) = 288 set_robust_list(0x55556f386660, 24) = 0 rseq(0x55556f386ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1657113867", 4096) = 28 getrandom("\x74\xcb\x7d\xb2\x2a\x0d\xc3\x45", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f386d00 brk(0x55556f3a7d00) = 0x55556f3a7d00 brk(0x55556f3a8000) = 0x55556f3a8000 mprotect(0x7f04dfd22000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 getrandom("\x28\xe1\xce\x79\xa7\x93\x18\x91", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.8extPX", 0700) = 0 chmod("./syzkaller.8extPX", 0777) = 0 chdir("./syzkaller.8extPX") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 290 executing program ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x55556f386660, 24) = 0 [pid 290] chdir("./0") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] write(1, "executing program\n", 18) = 18 [pid 290] memfd_create("syzkaller", 0) = 3 [pid 290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 290] munmap(0x7f04d786f000, 138412032) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 290] close(3) = 0 [ 23.131044][ T24] audit: type=1400 audit(1742284372.500:66): avc: denied { execmem } for pid=288 comm="syz-executor165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.150470][ T24] audit: type=1400 audit(1742284372.500:67): avc: denied { read write } for pid=288 comm="syz-executor165" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 290] close(4) = 0 [pid 290] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 23.174771][ T24] audit: type=1400 audit(1742284372.500:68): avc: denied { open } for pid=288 comm="syz-executor165" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.198856][ T24] audit: type=1400 audit(1742284372.500:69): avc: denied { ioctl } for pid=288 comm="syz-executor165" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.250771][ T24] audit: type=1400 audit(1742284372.620:70): avc: denied { mounton } for pid=290 comm="syz-executor165" path=2F726F6F742F73797A6B616C6C65722E3865787450582F302FE91F7189591E9233614B dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.257126][ T290] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [pid 290] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 290] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 290] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 290] ioctl(4, LOOP_CLR_FD) = 0 [pid 290] close(4) = 0 [pid 290] chdir("./file0") = 0 [pid 290] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 290] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 290] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 290] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 290] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 290] exit_group(0) = ? [pid 290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=290, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [ 23.292048][ T290] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 23.304731][ T290] EXT4-fs (loop0): 1 orphan inode deleted [ 23.310305][ T290] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.319168][ T24] audit: type=1400 audit(1742284372.680:71): avc: denied { mount } for pid=290 comm="syz-executor165" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 23.340956][ T24] audit: type=1400 audit(1742284372.680:72): avc: denied { write } for pid=290 comm="syz-executor165" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.363158][ T24] audit: type=1400 audit(1742284372.680:73): avc: denied { add_name } for pid=290 comm="syz-executor165" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 23.385155][ T24] audit: type=1400 audit(1742284372.710:74): avc: denied { create } for pid=290 comm="syz-executor165" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.406325][ T24] audit: type=1400 audit(1742284372.710:75): avc: denied { read append open } for pid=290 comm="syz-executor165" path=2F726F6F742F73797A6B616C6C65722E3865787450582F302FE91F7189591E9233614B2F66696C65302F6E65745F7072696F2E7072696F696478 dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 openat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x55556f386660, 24) = 0 [pid 293] chdir("./1") = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [pid 293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 293] write(1, "executing program\n", 18executing program ) = 18 [pid 293] memfd_create("syzkaller", 0) = 3 [pid 293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 293] munmap(0x7f04d786f000, 138412032) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 293] close(3) = 0 [pid 293] close(4) = 0 [pid 293] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 293] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 293] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 293] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_CLR_FD) = 0 [pid 293] close(4) = 0 [pid 293] chdir("./file0") = 0 [pid 293] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 293] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 293] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 293] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 293] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 293] exit_group(0) = ? [pid 293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 23.544525][ T293] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 23.558416][ T293] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 23.571166][ T293] EXT4-fs (loop0): 1 orphan inode deleted [ 23.576720][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 297 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x55556f386660, 24) = 0 [pid 297] chdir("./2") = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] write(1, "executing program\n", 18) = 18 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 297] munmap(0x7f04d786f000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 297] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 297] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 297] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 297] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 297] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 297] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 297] exit_group(0) = ? [pid 297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 23.642298][ T297] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 23.656216][ T297] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 23.668990][ T297] EXT4-fs (loop0): 1 orphan inode deleted [ 23.675195][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55556f386660, 24) = 0 [pid 300] chdir("./3") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7f04d786f000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 300] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 300] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 300] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 300] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 300] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 300] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 23.854004][ T300] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 23.867985][ T300] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 23.880765][ T300] EXT4-fs (loop0): 1 orphan inode deleted [ 23.886325][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x55556f386660, 24) = 0 [pid 303] chdir("./4") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 303] write(1, "executing program\n", 18) = 18 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 303] munmap(0x7f04d786f000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 303] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 303] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 303] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 303] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 24.004074][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 24.018260][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 24.031518][ T303] EXT4-fs (loop0): 1 orphan inode deleted [ 24.037070][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.048815][ T303] ================================================================== [ 24.056741][ T303] BUG: KASAN: use-after-free in ext4_insert_dentry+0x392/0x710 [ 24.064095][ T303] Write of size 250 at addr ffff88811ba44f18 by task syz-executor165/303 [ 24.072319][ T303] [ 24.074513][ T303] CPU: 1 PID: 303 Comm: syz-executor165 Not tainted 5.10.234-syzkaller-00033-g094fc3778d6b #0 [ 24.084561][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 24.094481][ T303] Call Trace: [ 24.097590][ T303] dump_stack_lvl+0x1e2/0x24b [ 24.102097][ T303] ? bfq_pos_tree_add_move+0x43b/0x43b [ 24.107390][ T303] ? panic+0x812/0x812 [ 24.111301][ T303] ? __ext4_handle_dirty_metadata+0x36e/0x810 [ 24.117217][ T303] print_address_description+0x81/0x3b0 [ 24.122856][ T303] kasan_report+0x179/0x1c0 [ 24.127182][ T303] ? ext4_insert_dentry+0x392/0x710 [ 24.132211][ T303] ? ext4_insert_dentry+0x392/0x710 [ 24.137244][ T303] kasan_check_range+0x293/0x2a0 [ 24.142017][ T303] ? ext4_insert_dentry+0x392/0x710 [ 24.147051][ T303] memcpy+0x44/0x70 [ 24.150707][ T303] ext4_insert_dentry+0x392/0x710 [ 24.155558][ T303] add_dirent_to_buf+0x3ac/0x780 [ 24.160357][ T303] ? ext4_dx_add_entry+0x1600/0x1600 [ 24.165458][ T303] ? ext4_handle_dirty_dx_node+0x41c/0x580 [ 24.171110][ T303] make_indexed_dir+0xe9f/0x1500 [ 24.175889][ T303] ? add_dirent_to_buf+0x780/0x780 [ 24.180909][ T303] ? add_dirent_to_buf+0x36f/0x780 [ 24.185945][ T303] ? ext4_dx_add_entry+0x1600/0x1600 [ 24.191200][ T303] ? __kasan_check_read+0x11/0x20 [ 24.196049][ T303] ? __ext4_read_dirblock+0x4d8/0x8c0 [ 24.201258][ T303] ext4_add_entry+0xdcf/0x1280 [ 24.205853][ T303] ? ext4_inc_count+0x190/0x190 [ 24.210536][ T303] ? ext4_init_new_dir+0x7c8/0xa20 [ 24.215488][ T303] ? ext4_init_dot_dotdot+0x500/0x500 [ 24.220708][ T303] ext4_mkdir+0x4d2/0xba0 [ 24.224857][ T303] ? ext4_symlink+0xe40/0xe40 [ 24.229372][ T303] ? selinux_inode_mkdir+0x22/0x30 [ 24.234318][ T303] ? security_inode_mkdir+0xbc/0x100 [ 24.239442][ T303] vfs_mkdir+0x4cf/0x6c0 [ 24.243517][ T303] do_mkdirat+0x1a6/0x2c0 [ 24.247685][ T303] ? do_mknodat+0x450/0x450 [ 24.252026][ T303] ? fpu__clear_all+0x20/0x20 [ 24.256587][ T303] __x64_sys_mkdirat+0x7b/0x90 [ 24.261140][ T303] do_syscall_64+0x34/0x70 [ 24.265389][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.271115][ T303] RIP: 0033:0x7f04dfcae269 [ 24.275368][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.294898][ T303] RSP: 002b:00007ffd454b2328 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 24.303139][ T303] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f04dfcae269 [ 24.310950][ T303] RDX: 0000000000000000 RSI: 00004000000005c0 RDI: 00000000ffffff9c [ 24.318760][ T303] RBP: 0000400000000180 R08: 00007ffd454b2360 R09: 00007ffd454b2360 [ 24.326573][ T303] R10: 00007ffd454b2360 R11: 0000000000000246 R12: 00007ffd454b234c [ 24.334819][ T303] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffd454b2380 [ 24.342628][ T303] [ 24.344794][ T303] The buggy address belongs to the page: [ 24.350288][ T303] page:ffffea00046e9100 refcount:3 mapcount:0 mapping:ffff888100449c10 index:0x3f pfn:0x11ba44 [ 24.360426][ T303] aops:def_blk_aops ino:0 [ 24.364589][ T303] flags: 0x400000000000202a(referenced|dirty|active|private) [ 24.371799][ T303] raw: 400000000000202a dead000000000100 dead000000000122 ffff888100449c10 [ 24.380214][ T303] raw: 000000000000003f ffff88811c3d7000 00000003ffffffff ffff88810013e000 [ 24.388625][ T303] page dumped because: kasan: bad access detected [ 24.394874][ T303] page->mem_cgroup:ffff88810013e000 [ 24.399921][ T303] page_owner tracks the page as allocated [ 24.405481][ T303] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 303, ts 24048375401, free_ts 23997920917 [ 24.422308][ T303] prep_new_page+0x166/0x180 [ 24.426732][ T303] get_page_from_freelist+0x2d8c/0x2f30 [ 24.432123][ T303] __alloc_pages_nodemask+0x435/0xaf0 [ 24.437528][ T303] pagecache_get_page+0x669/0x950 [ 24.442357][ T303] __getblk_gfp+0x221/0x7e0 [ 24.446697][ T303] ext4_getblk+0x259/0x660 [ 24.450948][ T303] ext4_bread+0x2f/0x1b0 [ 24.455116][ T303] ext4_append+0x29a/0x4d0 [ 24.459367][ T303] make_indexed_dir+0x505/0x1500 [ 24.464138][ T303] ext4_add_entry+0xdcf/0x1280 [ 24.468922][ T303] ext4_mkdir+0x4d2/0xba0 [ 24.473089][ T303] vfs_mkdir+0x4cf/0x6c0 [ 24.477165][ T303] do_mkdirat+0x1a6/0x2c0 [ 24.481332][ T303] __x64_sys_mkdirat+0x7b/0x90 [ 24.485934][ T303] do_syscall_64+0x34/0x70 [ 24.490183][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.495910][ T303] page last free stack trace: [ 24.500444][ T303] free_unref_page_prepare+0x2ae/0x2d0 [ 24.505732][ T303] free_unref_page_list+0x122/0xb20 [ 24.510765][ T303] release_pages+0xea0/0xef0 [ 24.515187][ T303] free_pages_and_swap_cache+0x8a/0xa0 [ 24.520479][ T303] tlb_finish_mmu+0x177/0x320 [ 24.524988][ T303] unmap_region+0x31c/0x370 [ 24.529334][ T303] __do_munmap+0x699/0x8c0 [ 24.533583][ T303] __se_sys_munmap+0x120/0x1a0 [ 24.538183][ T303] __x64_sys_munmap+0x5b/0x70 [ 24.542697][ T303] do_syscall_64+0x34/0x70 [ 24.546951][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.552675][ T303] [ 24.554842][ T303] Memory state around the buggy address: [ 24.560318][ T303] ffff88811ba44f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.568211][ T303] ffff88811ba44f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.576110][ T303] >ffff88811ba45000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.584006][ T303] ^ [ 24.587912][ T303] ffff88811ba45080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 24.595815][ T303] ffff88811ba45100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [pid 303] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 24.603705][ T303] ================================================================== [ 24.611604][ T303] Disabling lock debugging due to kernel taint umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55556f386660, 24) = 0 [pid 307] chdir("./5") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 307] munmap(0x7f04d786f000, 138412032) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] close(4) = 0 [pid 307] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 307] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 307] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] chdir("./file0") = 0 [pid 307] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 307] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 307] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 307] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 307] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 307] exit_group(0) = ? [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 [ 24.693781][ T307] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 24.707803][ T307] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 24.720951][ T307] EXT4-fs (loop0): 1 orphan inode deleted [ 24.726482][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x55556f386660, 24) = 0 [pid 310] chdir("./6") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] memfd_create("syzkaller", 0) = 3 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 310] munmap(0x7f04d786f000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 310] close(3) = 0 [pid 310] close(4) = 0 [pid 310] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 310] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 310] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 310] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 310] ioctl(4, LOOP_CLR_FD) = 0 [pid 310] close(4) = 0 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 310] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 310] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 310] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 310] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 310] exit_group(0) = ? [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.804738][ T310] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 24.818651][ T310] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 24.831474][ T310] EXT4-fs (loop0): 1 orphan inode deleted [ 24.837001][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x55556f386660, 24) = 0 [pid 313] chdir("./7") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] write(1, "executing program\n", 18) = 18 [pid 313] memfd_create("syzkaller", 0) = 3 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 313] munmap(0x7f04d786f000, 138412032) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 313] close(3) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 313] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 313] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 313] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 313] close(4) = 0 [pid 313] chdir("./file0") = 0 [pid 313] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 313] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 313] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 313] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 313] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 313] exit_group(0) = ? [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.975208][ T313] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 24.989401][ T313] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.002391][ T313] EXT4-fs (loop0): 1 orphan inode deleted [ 25.007929][ T313] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x55556f386660, 24) = 0 [pid 316] chdir("./8") = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] memfd_create("syzkaller", 0) = 3 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 316] munmap(0x7f04d786f000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 316] close(3) = 0 [pid 316] close(4) = 0 [pid 316] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 316] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 316] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 316] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_CLR_FD) = 0 [pid 316] close(4) = 0 [pid 316] chdir("./file0") = 0 [pid 316] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 316] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 316] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 316] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 316] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 316] exit_group(0) = ? [pid 316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 25.134727][ T316] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.148638][ T316] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.161814][ T316] EXT4-fs (loop0): 1 orphan inode deleted [ 25.167355][ T316] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x55556f386660, 24) = 0 [pid 319] chdir("./9") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 319] munmap(0x7f04d786f000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 319] close(3) = 0 [pid 319] close(4) = 0 [pid 319] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 319] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 319] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [pid 319] close(4) = 0 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 319] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 319] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 319] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 319] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 319] exit_group(0) = ? [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 25.295654][ T319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.309702][ T319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.322626][ T319] EXT4-fs (loop0): 1 orphan inode deleted [ 25.328163][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x55556f386660, 24) = 0 [pid 322] chdir("./10") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 322] munmap(0x7f04d786f000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 322] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 322] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 322] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 322] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 322] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 322] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 25.494742][ T322] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.508891][ T322] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.522034][ T322] EXT4-fs (loop0): 1 orphan inode deleted [ 25.527658][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x55556f386660, 24) = 0 [pid 326] chdir("./11") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] memfd_create("syzkaller", 0) = 3 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 326] munmap(0x7f04d786f000, 138412032) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 326] close(3) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 326] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 326] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 326] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_CLR_FD) = 0 [pid 326] close(4) = 0 [pid 326] chdir("./file0") = 0 [pid 326] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 326] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 326] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 326] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 326] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 326] exit_group(0) = ? [pid 326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.672571][ T326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.686495][ T326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.699463][ T326] EXT4-fs (loop0): 1 orphan inode deleted [ 25.705008][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x55556f386660, 24) = 0 [pid 329] chdir("./12") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 329] write(1, "executing program\n", 18) = 18 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 329] munmap(0x7f04d786f000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 329] close(3) = 0 [pid 329] close(4) = 0 [pid 329] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 329] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 329] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 329] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 329] close(4) = 0 [pid 329] chdir("./file0") = 0 [pid 329] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 329] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 329] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 329] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 329] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 329] exit_group(0) = ? [pid 329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 25.893852][ T329] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.907782][ T329] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 25.920522][ T329] EXT4-fs (loop0): 1 orphan inode deleted [ 25.926054][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x55556f386660, 24) = 0 [pid 332] chdir("./13") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] memfd_create("syzkaller", 0) = 3 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 332] munmap(0x7f04d786f000, 138412032) = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 332] close(3) = 0 [pid 332] close(4) = 0 [pid 332] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 332] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 332] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 332] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_CLR_FD) = 0 [pid 332] close(4) = 0 [pid 332] chdir("./file0") = 0 [pid 332] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 332] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 332] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 332] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 332] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 332] exit_group(0) = ? [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.982289][ T332] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 25.996184][ T332] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.009247][ T332] EXT4-fs (loop0): 1 orphan inode deleted [ 26.015060][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x55556f386660, 24) = 0 [pid 335] chdir("./14") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 335] munmap(0x7f04d786f000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 335] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 335] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 335] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 335] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 335] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 335] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 335] exit_group(0) = ? [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.135345][ T335] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.149276][ T335] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.162131][ T335] EXT4-fs (loop0): 1 orphan inode deleted [ 26.167655][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x55556f386660, 24) = 0 [pid 338] chdir("./15") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 338] munmap(0x7f04d786f000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 338] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 338] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] chdir("./file0") = 0 [pid 338] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 338] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 338] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 338] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 338] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 338] exit_group(0) = ? [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 26.334791][ T338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.348686][ T338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.361328][ T338] EXT4-fs (loop0): 1 orphan inode deleted [ 26.366960][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x55556f386660, 24) = 0 [pid 341] chdir("./16") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] write(1, "executing program\n", 18executing program ) = 18 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 341] munmap(0x7f04d786f000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 341] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 341] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] chdir("./file0") = 0 [pid 341] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 341] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 341] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 341] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 341] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 26.515466][ T341] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.529554][ T341] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.542232][ T341] EXT4-fs (loop0): 1 orphan inode deleted [ 26.547783][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x55556f386660, 24) = 0 [pid 344] chdir("./17") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18) = 18 [pid 344] memfd_create("syzkaller", 0) = 3 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 344] munmap(0x7f04d786f000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 344] close(3) = 0 [pid 344] close(4) = 0 [pid 344] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 344] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 344] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 344] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_CLR_FD) = 0 [pid 344] close(4) = 0 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 344] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 344] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 344] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 344] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 344] exit_group(0) = ? [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 26.652969][ T344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.666998][ T344] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.680481][ T344] EXT4-fs (loop0): 1 orphan inode deleted [ 26.686027][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x55556f386660, 24) = 0 [pid 348] chdir("./18") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] write(1, "executing program\n", 18executing program ) = 18 [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 348] munmap(0x7f04d786f000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] close(4) = 0 [pid 348] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 348] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 348] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] chdir("./file0") = 0 [pid 348] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 348] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 348] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 348] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 348] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 348] exit_group(0) = ? [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 26.833512][ T348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.847554][ T348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.860206][ T348] EXT4-fs (loop0): 1 orphan inode deleted [ 26.865735][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 351 ./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x55556f386660, 24) = 0 [pid 351] chdir("./19") = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 351] setpgid(0, 0) = 0 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 351] write(3, "1000", 4) = 4 [pid 351] close(3) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 351] write(1, "executing program\n", 18) = 18 [pid 351] memfd_create("syzkaller", 0) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 351] munmap(0x7f04d786f000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] close(4) = 0 [pid 351] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 351] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 351] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] chdir("./file0") = 0 [pid 351] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 351] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 351] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 351] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 351] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 351] exit_group(0) = ? [pid 351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 26.931002][ T351] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 26.944975][ T351] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 26.957763][ T351] EXT4-fs (loop0): 1 orphan inode deleted [ 26.963599][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x55556f386660, 24) = 0 [pid 354] chdir("./20") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] write(1, "executing program\n", 18) = 18 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 354] munmap(0x7f04d786f000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 354] close(3) = 0 [pid 354] close(4) = 0 [pid 354] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 354] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 354] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] chdir("./file0") = 0 [pid 354] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 354] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 354] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 354] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 354] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 354] exit_group(0) = ? [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 27.134071][ T354] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.148211][ T354] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.160962][ T354] EXT4-fs (loop0): 1 orphan inode deleted [ 27.166607][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x55556f386660, 24) = 0 [pid 357] chdir("./21") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] memfd_create("syzkaller", 0) = 3 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 357] munmap(0x7f04d786f000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 357] close(3) = 0 [pid 357] close(4) = 0 [pid 357] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 357] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 357] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 357] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] close(4) = 0 [pid 357] chdir("./file0") = 0 [pid 357] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 357] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 357] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 357] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 357] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 357] exit_group(0) = ? [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 27.297033][ T357] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.310944][ T357] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.324054][ T357] EXT4-fs (loop0): 1 orphan inode deleted [ 27.329771][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x55556f386660, 24) = 0 [pid 360] chdir("./22") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] write(1, "executing program\n", 18executing program ) = 18 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7f04d786f000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 360] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 360] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 360] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 360] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 360] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 27.472943][ T360] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.486921][ T360] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.499695][ T360] EXT4-fs (loop0): 1 orphan inode deleted [ 27.505227][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55556f386660, 24) = 0 [pid 363] chdir("./23") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] memfd_create("syzkaller", 0) = 3 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 363] munmap(0x7f04d786f000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 363] close(3) = 0 [pid 363] close(4) = 0 [pid 363] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 363] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 363] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 363] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_CLR_FD) = 0 [pid 363] close(4) = 0 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 363] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 363] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 363] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 363] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 363] exit_group(0) = ? [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 27.606141][ T363] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.620081][ T363] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.632974][ T363] EXT4-fs (loop0): 1 orphan inode deleted [ 27.638516][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55556f386660, 24) = 0 [pid 367] chdir("./24") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18) = 18 [pid 367] memfd_create("syzkaller", 0) = 3 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 367] munmap(0x7f04d786f000, 138412032) = 0 [pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 367] close(3) = 0 [pid 367] close(4) = 0 [pid 367] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 367] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 367] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 367] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 367] ioctl(4, LOOP_CLR_FD) = 0 [pid 367] close(4) = 0 [pid 367] chdir("./file0") = 0 [pid 367] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 367] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 367] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 367] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 367] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 367] exit_group(0) = ? [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 27.770960][ T367] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.785444][ T367] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.798756][ T367] EXT4-fs (loop0): 1 orphan inode deleted [ 27.804908][ T367] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x55556f386660, 24) = 0 [pid 370] chdir("./25") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 370] munmap(0x7f04d786f000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 370] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 370] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 370] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 370] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 370] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 370] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 27.891600][ T370] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 27.905740][ T370] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 27.918530][ T370] EXT4-fs (loop0): 1 orphan inode deleted [ 27.924110][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55556f386660, 24) = 0 [pid 373] chdir("./26") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18) = 18 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 373] munmap(0x7f04d786f000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 373] close(3) = 0 [pid 373] close(4) = 0 [pid 373] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 373] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 373] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 373] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_CLR_FD) = 0 [pid 373] close(4) = 0 [pid 373] chdir("./file0") = 0 [pid 373] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 373] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 373] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 373] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 373] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 373] exit_group(0) = ? [pid 373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 28.056622][ T373] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.070501][ T373] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.083184][ T373] EXT4-fs (loop0): 1 orphan inode deleted [ 28.088757][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue rmdir("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x55556f386660, 24) = 0 [pid 376] chdir("./27") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 376] write(1, "executing program\n", 18) = 18 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 376] munmap(0x7f04d786f000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 376] close(3) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 376] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 376] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 376] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_CLR_FD) = 0 [pid 376] close(4) = 0 [pid 376] chdir("./file0") = 0 [pid 376] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 376] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 376] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 376] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 376] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 376] exit_group(0) = ? [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 28.160083][ T376] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.174385][ T376] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.187268][ T376] EXT4-fs (loop0): 1 orphan inode deleted [ 28.192833][ T376] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x55556f386660, 24) = 0 [pid 379] chdir("./28") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 379] munmap(0x7f04d786f000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 379] close(3) = 0 [pid 379] close(4) = 0 [pid 379] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 379] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 379] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 379] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] chdir("./file0") = 0 [pid 379] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 379] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 379] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 379] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 379] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 379] exit_group(0) = ? [pid 379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 28.271544][ T379] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.285595][ T379] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.298285][ T379] EXT4-fs (loop0): 1 orphan inode deleted [ 28.303863][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x55556f386660, 24) = 0 [pid 382] chdir("./29") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] write(1, "executing program\n", 18executing program ) = 18 [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 382] munmap(0x7f04d786f000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 382] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 382] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 382] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_CLR_FD) = 0 [pid 382] close(4) = 0 [pid 382] chdir("./file0") = 0 [pid 382] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 382] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 382] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 382] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 382] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x55556f386660, 24) = 0 [pid 385] chdir("./30") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18) = 18 [pid 385] memfd_create("syzkaller", 0) = 3 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 385] munmap(0x7f04d786f000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 385] close(3) = 0 [ 28.401142][ T382] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.415173][ T382] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.428127][ T382] EXT4-fs (loop0): 1 orphan inode deleted [ 28.433840][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 385] close(4) = 0 [pid 385] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 385] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 385] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 385] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_CLR_FD) = 0 [pid 385] close(4) = 0 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 385] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 385] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 385] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 385] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 28.522636][ T385] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.536706][ T385] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.549483][ T385] EXT4-fs (loop0): 1 orphan inode deleted [ 28.555024][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x55556f386660, 24) = 0 [pid 388] chdir("./31") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] write(1, "executing program\n", 18) = 18 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 388] munmap(0x7f04d786f000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] close(4) = 0 [pid 388] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 388] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 388] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 388] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 388] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 388] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 28.615804][ T388] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.629821][ T388] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.643020][ T388] EXT4-fs (loop0): 1 orphan inode deleted [ 28.649122][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x55556f386660, 24) = 0 [pid 392] chdir("./32") = 0 executing program [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 392] munmap(0x7f04d786f000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] close(4) = 0 [pid 392] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 392] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 392] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 392] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_CLR_FD) = 0 [pid 392] close(4) = 0 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 392] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 392] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 392] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 392] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 392] exit_group(0) = ? [pid 392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 28.814345][ T392] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.828212][ T392] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 28.840897][ T392] EXT4-fs (loop0): 1 orphan inode deleted [ 28.846427][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x55556f386660, 24) = 0 [pid 395] chdir("./33") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] write(1, "executing program\n", 18) = 18 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 395] munmap(0x7f04d786f000, 138412032) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] close(4) = 0 [pid 395] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 395] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 395] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 395] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_CLR_FD) = 0 [pid 395] close(4) = 0 [pid 395] chdir("./file0") = 0 [pid 395] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 395] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 395] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 395] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 395] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 395] exit_group(0) = ? [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 28.983604][ T395] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 28.997541][ T395] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.010275][ T395] EXT4-fs (loop0): 1 orphan inode deleted [ 29.015801][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x55556f386660, 24) = 0 [pid 398] chdir("./34") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] write(1, "executing program\n", 18) = 18 [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 398] munmap(0x7f04d786f000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 398] close(3) = 0 [pid 398] close(4) = 0 [pid 398] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 398] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 398] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 398] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4) = 0 [pid 398] chdir("./file0") = 0 [pid 398] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 398] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 398] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 398] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 398] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 29.131476][ T398] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.145451][ T398] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.158417][ T398] EXT4-fs (loop0): 1 orphan inode deleted [ 29.164859][ T398] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x55556f386660, 24) = 0 [pid 401] chdir("./35") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] write(1, "executing program\n", 18executing program ) = 18 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 401] munmap(0x7f04d786f000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 401] close(3) = 0 [pid 401] close(4) = 0 [pid 401] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 401] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 401] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] chdir("./file0") = 0 [pid 401] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 401] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 401] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 401] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 401] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 401] exit_group(0) = ? [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 29.381457][ T401] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.396259][ T401] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.409309][ T401] EXT4-fs (loop0): 1 orphan inode deleted [ 29.415440][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x55556f386660, 24) = 0 [pid 404] chdir("./36") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 404] munmap(0x7f04d786f000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 404] close(3) = 0 [pid 404] close(4) = 0 [pid 404] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 404] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 404] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 404] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 404] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 404] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 404] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 404] exit_group(0) = ? [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 29.535519][ T404] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.551281][ T404] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.566299][ T404] EXT4-fs (loop0): 1 orphan inode deleted [ 29.572339][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55556f386660, 24) = 0 executing program [pid 408] chdir("./37") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18) = 18 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 408] munmap(0x7f04d786f000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 408] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 408] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 408] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 408] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 408] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 408] exit_group(0) = ? [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 29.645811][ T408] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.659997][ T408] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.672747][ T408] EXT4-fs (loop0): 1 orphan inode deleted [ 29.678306][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x55556f386660, 24) = 0 [pid 411] chdir("./38") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18) = 18 [pid 411] memfd_create("syzkaller", 0) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 411] munmap(0x7f04d786f000, 138412032) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 411] close(3) = 0 [pid 411] close(4) = 0 [pid 411] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 411] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 411] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 411] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 411] close(4) = 0 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 411] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 411] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 411] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 411] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 411] exit_group(0) = ? [pid 411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 29.851497][ T411] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.865343][ T411] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 29.878009][ T411] EXT4-fs (loop0): 1 orphan inode deleted [ 29.883598][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x55556f386660, 24) = 0 [pid 414] chdir("./39") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18) = 18 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 414] munmap(0x7f04d786f000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 414] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 414] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 414] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 414] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 414] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 414] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 414] exit_group(0) = ? [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 29.982177][ T414] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 29.996025][ T414] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.008748][ T414] EXT4-fs (loop0): 1 orphan inode deleted [ 30.014327][ T414] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x55556f386660, 24) = 0 [pid 417] chdir("./40") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] write(1, "executing program\n", 18) = 18 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 417] munmap(0x7f04d786f000, 138412032) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 417] close(3) = 0 [pid 417] close(4) = 0 [pid 417] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 417] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 417] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [pid 417] close(4) = 0 [pid 417] chdir("./file0") = 0 [pid 417] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 417] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 417] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 417] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 417] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 417] exit_group(0) = ? [pid 417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 [ 30.171573][ T417] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.185504][ T417] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.198446][ T417] EXT4-fs (loop0): 1 orphan inode deleted [ 30.204004][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue close(4) = 0 rmdir("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x55556f386660, 24) = 0 [pid 420] chdir("./41") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] memfd_create("syzkaller", 0) = 3 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 420] munmap(0x7f04d786f000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 420] close(3) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 420] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 420] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 420] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_CLR_FD) = 0 [pid 420] close(4) = 0 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 420] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 420] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 420] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 420] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 420] exit_group(0) = ? [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 30.266408][ T420] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.280283][ T420] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.292964][ T420] EXT4-fs (loop0): 1 orphan inode deleted [ 30.298616][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x55556f386660, 24) = 0 [pid 423] chdir("./42") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] write(1, "executing program\n", 18) = 18 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 423] munmap(0x7f04d786f000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 423] close(3) = 0 [pid 423] close(4) = 0 [pid 423] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 423] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 423] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 423] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 423] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 423] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 423] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 423] exit_group(0) = ? [pid 423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 30.421366][ T423] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.435468][ T423] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.448185][ T423] EXT4-fs (loop0): 1 orphan inode deleted [ 30.453934][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 426 ./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x55556f386660, 24) = 0 [pid 426] chdir("./43") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] write(1, "executing program\n", 18executing program ) = 18 [pid 426] memfd_create("syzkaller", 0) = 3 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 426] munmap(0x7f04d786f000, 138412032) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 426] close(3) = 0 [pid 426] close(4) = 0 [pid 426] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 426] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 426] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 426] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_CLR_FD) = 0 [pid 426] close(4) = 0 [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 426] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 426] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 426] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 426] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 426] exit_group(0) = ? [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 30.613800][ T426] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.627696][ T426] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.640616][ T426] EXT4-fs (loop0): 1 orphan inode deleted [ 30.646169][ T426] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x55556f386660, 24) = 0 [pid 430] chdir("./44") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 430] munmap(0x7f04d786f000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] close(4) = 0 [pid 430] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 430] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 430] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] chdir("./file0") = 0 [pid 430] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 430] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 430] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 430] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 430] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 30.804112][ T430] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.818075][ T430] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.830750][ T430] EXT4-fs (loop0): 1 orphan inode deleted [ 30.836288][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x55556f386660, 24) = 0 [pid 433] chdir("./45") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 433] munmap(0x7f04d786f000, 138412032) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] close(4) = 0 [pid 433] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 433] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 433] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] chdir("./file0") = 0 [pid 433] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 433] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 433] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 433] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 433] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 433] exit_group(0) = ? [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 30.935595][ T433] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 30.949654][ T433] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 30.962552][ T433] EXT4-fs (loop0): 1 orphan inode deleted [ 30.968093][ T433] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 436 ./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x55556f386660, 24) = 0 [pid 436] chdir("./46") = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] setpgid(0, 0) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 436] write(3, "1000", 4) = 4 [pid 436] close(3) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 436] write(1, "executing program\n", 18) = 18 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 436] munmap(0x7f04d786f000, 138412032) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 436] close(3) = 0 [pid 436] close(4) = 0 [pid 436] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 436] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 436] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] chdir("./file0") = 0 [pid 436] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 436] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 436] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 436] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 436] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 436] exit_group(0) = ? [pid 436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 31.051135][ T436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.065176][ T436] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.077990][ T436] EXT4-fs (loop0): 1 orphan inode deleted [ 31.083807][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x55556f386660, 24) = 0 [pid 439] chdir("./47") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18) = 18 [pid 439] memfd_create("syzkaller", 0) = 3 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 439] munmap(0x7f04d786f000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 439] close(3) = 0 [pid 439] close(4) = 0 [pid 439] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 439] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 439] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 439] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_CLR_FD) = 0 [pid 439] close(4) = 0 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 439] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 439] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 439] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 439] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 439] exit_group(0) = ? [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 31.213984][ T439] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.227955][ T439] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.240636][ T439] EXT4-fs (loop0): 1 orphan inode deleted [ 31.246173][ T439] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 442 ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x55556f386660, 24) = 0 [pid 442] chdir("./48") = 0 [pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 442] setpgid(0, 0) = 0 [pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 442] write(3, "1000", 4) = 4 [pid 442] close(3) = 0 [pid 442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 442] write(1, "executing program\n", 18executing program ) = 18 [pid 442] memfd_create("syzkaller", 0) = 3 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 442] munmap(0x7f04d786f000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 442] close(3) = 0 [pid 442] close(4) = 0 [pid 442] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 442] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 442] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_CLR_FD) = 0 [pid 442] close(4) = 0 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 442] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 442] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 442] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 442] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 442] exit_group(0) = ? [pid 442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 31.371137][ T442] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.385115][ T442] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.398051][ T442] EXT4-fs (loop0): 1 orphan inode deleted [ 31.403624][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x55556f386660, 24) = 0 [pid 445] chdir("./49") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] memfd_create("syzkaller", 0) = 3 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 445] munmap(0x7f04d786f000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 445] close(3) = 0 [pid 445] close(4) = 0 [pid 445] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 445] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 445] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 445] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 445] ioctl(4, LOOP_CLR_FD) = 0 [pid 445] close(4) = 0 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 445] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 445] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 445] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 445] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 445] exit_group(0) = ? [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 31.516562][ T445] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.531056][ T445] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.543748][ T445] EXT4-fs (loop0): 1 orphan inode deleted [ 31.549384][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x55556f386660, 24) = 0 [pid 449] chdir("./50") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] write(1, "executing program\n", 18) = 18 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 449] munmap(0x7f04d786f000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 449] close(3) = 0 [pid 449] close(4) = 0 [pid 449] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 449] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 449] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 449] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_CLR_FD) = 0 [pid 449] close(4) = 0 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 449] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 449] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 449] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 449] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 449] exit_group(0) = ? [pid 449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 31.656648][ T449] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.670579][ T449] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.683435][ T449] EXT4-fs (loop0): 1 orphan inode deleted [ 31.688974][ T449] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x55556f386660, 24) = 0 [pid 452] chdir("./51") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 452] munmap(0x7f04d786f000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [pid 452] close(4) = 0 [pid 452] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 452] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 452] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 452] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_CLR_FD) = 0 [pid 452] close(4) = 0 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 452] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 452] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 452] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 452] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 452] exit_group(0) = ? [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 [ 31.841321][ T452] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.855203][ T452] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.867936][ T452] EXT4-fs (loop0): 1 orphan inode deleted [ 31.873652][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x55556f386660, 24) = 0 [pid 455] chdir("./52") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] memfd_create("syzkaller", 0) = 3 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 455] munmap(0x7f04d786f000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 455] close(3) = 0 [pid 455] close(4) = 0 [pid 455] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 455] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 455] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 455] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_CLR_FD) = 0 [pid 455] close(4) = 0 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 455] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 455] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 455] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 455] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 455] exit_group(0) = ? [pid 455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 31.932316][ T455] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 31.946467][ T455] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 31.959604][ T455] EXT4-fs (loop0): 1 orphan inode deleted [ 31.965313][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 459 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x55556f386660, 24) = 0 executing program [pid 459] chdir("./53") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18) = 18 [pid 459] memfd_create("syzkaller", 0) = 3 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 459] munmap(0x7f04d786f000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 459] close(3) = 0 [pid 459] close(4) = 0 [pid 459] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 459] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 459] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 459] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 459] ioctl(4, LOOP_CLR_FD) = 0 [pid 459] close(4) = 0 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 459] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 459] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 459] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 459] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 459] exit_group(0) = ? [pid 459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 32.151462][ T459] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.165418][ T459] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.178114][ T459] EXT4-fs (loop0): 1 orphan inode deleted [ 32.183782][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 462 ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x55556f386660, 24) = 0 [pid 462] chdir("./54") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 executing program [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 462] write(1, "executing program\n", 18) = 18 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 462] munmap(0x7f04d786f000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 462] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 462] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 462] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_CLR_FD) = 0 [pid 462] close(4) = 0 [pid 462] chdir("./file0") = 0 [pid 462] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 462] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 462] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 462] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 462] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 462] exit_group(0) = ? [pid 462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 32.323938][ T462] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.338087][ T462] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.351315][ T462] EXT4-fs (loop0): 1 orphan inode deleted [ 32.356958][ T462] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x55556f386660, 24) = 0 [pid 465] chdir("./55") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 465] write(1, "executing program\n", 18) = 18 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 465] munmap(0x7f04d786f000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 465] close(3) = 0 [pid 465] close(4) = 0 [pid 465] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 465] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 465] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4) = 0 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 465] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 465] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 465] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 465] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 465] exit_group(0) = ? [pid 465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 32.462430][ T465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.476721][ T465] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.491313][ T465] EXT4-fs (loop0): 1 orphan inode deleted [ 32.496841][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x55556f386660, 24) = 0 [pid 468] chdir("./56") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 468] write(1, "executing program\n", 18executing program ) = 18 [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 468] munmap(0x7f04d786f000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 468] close(3) = 0 [pid 468] close(4) = 0 [pid 468] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 468] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 468] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 468] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_CLR_FD) = 0 [pid 468] close(4) = 0 [pid 468] chdir("./file0") = 0 [pid 468] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 468] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 468] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 468] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 468] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 468] exit_group(0) = ? [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 32.567334][ T468] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.581304][ T468] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.594222][ T468] EXT4-fs (loop0): 1 orphan inode deleted [ 32.599945][ T468] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 472 ./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x55556f386660, 24) = 0 [pid 472] chdir("./57") = 0 [pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 472] setpgid(0, 0) = 0 [pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 472] write(3, "1000", 4) = 4 [pid 472] close(3) = 0 [pid 472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 472] write(1, "executing program\n", 18) = 18 [pid 472] memfd_create("syzkaller", 0) = 3 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 472] munmap(0x7f04d786f000, 138412032) = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 472] close(3) = 0 [pid 472] close(4) = 0 [pid 472] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 472] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 472] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 472] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 472] ioctl(4, LOOP_CLR_FD) = 0 [pid 472] close(4) = 0 [pid 472] chdir("./file0") = 0 [pid 472] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 472] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 472] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 472] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 472] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 472] exit_group(0) = ? [pid 472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=472, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 32.752192][ T472] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.766529][ T472] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.779256][ T472] EXT4-fs (loop0): 1 orphan inode deleted [ 32.784816][ T472] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55556f386650) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55556f386660, 24) = 0 [pid 475] chdir("./58") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] memfd_create("syzkaller", 0) = 3 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 475] munmap(0x7f04d786f000, 138412032) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 475] close(3) = 0 [pid 475] close(4) = 0 [pid 475] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 475] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 475] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 475] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 475] ioctl(4, LOOP_CLR_FD) = 0 [pid 475] close(4) = 0 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 475] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 475] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 475] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 475] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 475] exit_group(0) = ? [pid 475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=475, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 32.895021][ T475] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 32.909147][ T475] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 32.922152][ T475] EXT4-fs (loop0): 1 orphan inode deleted [ 32.927697][ T475] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 478 ./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x55556f386660, 24) = 0 [pid 478] chdir("./59") = 0 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] setpgid(0, 0) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 478] write(3, "1000", 4) = 4 [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] write(1, "executing program\n", 18) = 18 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 478] munmap(0x7f04d786f000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 478] close(3) = 0 [pid 478] close(4) = 0 [pid 478] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 478] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 478] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4) = 0 [pid 478] chdir("./file0") = 0 [pid 478] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 478] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 478] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 478] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 478] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 478] exit_group(0) = ? [pid 478] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 33.052570][ T478] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.066781][ T478] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.079650][ T478] EXT4-fs (loop0): 1 orphan inode deleted [ 33.085189][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x55556f386660, 24) = 0 [pid 481] chdir("./60") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] write(1, "executing program\n", 18) = 18 [pid 481] memfd_create("syzkaller", 0) = 3 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 481] munmap(0x7f04d786f000, 138412032) = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 481] close(3) = 0 [pid 481] close(4) = 0 [pid 481] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 481] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 481] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 481] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 481] ioctl(4, LOOP_CLR_FD) = 0 [pid 481] close(4) = 0 [pid 481] chdir("./file0") = 0 [pid 481] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 481] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 481] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 481] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 481] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 481] exit_group(0) = ? [pid 481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=481, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 33.216852][ T481] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.231392][ T481] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.244624][ T481] EXT4-fs (loop0): 1 orphan inode deleted [ 33.250283][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 484 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x55556f386660, 24) = 0 [pid 484] chdir("./61") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3) = 0 [pid 484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] write(1, "executing program\n", 18) = 18 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 484] munmap(0x7f04d786f000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 484] close(3) = 0 [pid 484] close(4) = 0 [pid 484] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 484] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 484] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 484] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_CLR_FD) = 0 [pid 484] close(4) = 0 [pid 484] chdir("./file0") = 0 [pid 484] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 484] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 484] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 484] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 484] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 484] exit_group(0) = ? [pid 484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 33.312121][ T484] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.326234][ T484] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.339816][ T484] EXT4-fs (loop0): 1 orphan inode deleted [ 33.345530][ T484] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55556f386660, 24) = 0 [pid 487] chdir("./62") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18) = 18 [pid 487] memfd_create("syzkaller", 0) = 3 [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 487] munmap(0x7f04d786f000, 138412032) = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 487] close(3) = 0 [pid 487] close(4) = 0 [pid 487] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 487] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 487] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 487] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 487] ioctl(4, LOOP_CLR_FD) = 0 [pid 487] close(4) = 0 [pid 487] chdir("./file0") = 0 [pid 487] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 487] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 487] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 487] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 487] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 487] exit_group(0) = ? [pid 487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x55556f386660, 24) = 0 [pid 490] chdir("./63") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 490] write(1, "executing program\n", 18executing program ) = 18 [pid 490] memfd_create("syzkaller", 0) = 3 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 490] munmap(0x7f04d786f000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 490] close(3) = 0 [ 33.515350][ T487] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.529582][ T487] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.542235][ T487] EXT4-fs (loop0): 1 orphan inode deleted [ 33.547767][ T487] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 490] close(4) = 0 [pid 490] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 490] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 490] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 490] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_CLR_FD) = 0 [pid 490] close(4) = 0 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 490] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 490] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 490] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 490] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 490] exit_group(0) = ? [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 33.633771][ T490] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.647800][ T490] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.660769][ T490] EXT4-fs (loop0): 1 orphan inode deleted [ 33.666297][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x55556f386660, 24) = 0 [pid 494] chdir("./64") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 494] write(1, "executing program\n", 18executing program ) = 18 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 494] munmap(0x7f04d786f000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 494] close(3) = 0 [pid 494] close(4) = 0 [pid 494] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 494] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 494] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 494] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_CLR_FD) = 0 [pid 494] close(4) = 0 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 494] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 494] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 494] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 494] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 494] exit_group(0) = ? [pid 494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556f3876f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 33.814122][ T494] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor165: inode #1: comm syz-executor165: iget: illegal inode # [ 33.828146][ T494] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor165: error while reading EA inode 1 err=-117 [ 33.840911][ T494] EXT4-fs (loop0): 1 orphan inode deleted [ 33.846465][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556f38f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556f38f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x55556f3876f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f386650) = 497 ./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x55556f386660, 24) = 0 [pid 497] chdir("./65") = 0 [pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 497] setpgid(0, 0) = 0 [pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 497] write(3, "1000", 4) = 4 [pid 497] close(3) = 0 [pid 497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 497] write(1, "executing program\n", 18executing program ) = 18 [pid 497] memfd_create("syzkaller", 0) = 3 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f04d786f000 [pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 497] munmap(0x7f04d786f000, 138412032) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 497] close(3) = 0 [pid 497] close(4) = 0 [pid 497] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 497] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_DIRSYNC|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 497] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 497] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_CLR_FD) = 0 [pid 497] close(4) = 0 [pid 497] chdir("./file0") = 0 [pid 497] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 497] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 497] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 497] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 497] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 497] exit_group(0) = ? [pid 497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=497, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---