./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1251227489 <...> Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts. execve("./syz-executor1251227489", ["./syz-executor1251227489"], 0x7ffc6702a340 /* 10 vars */) = 0 brk(NULL) = 0x555555d87000 brk(0x555555d87d00) = 0x555555d87d00 arch_prctl(ARCH_SET_FS, 0x555555d87380) = 0 set_tid_address(0x555555d87650) = 294 set_robust_list(0x555555d87660, 24) = 0 rseq(0x555555d87ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1251227489", 4096) = 28 getrandom("\xf6\x70\x77\x3c\xa7\x59\xc6\xd6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555d87d00 brk(0x555555da8d00) = 0x555555da8d00 brk(0x555555da9000) = 0x555555da9000 mprotect(0x7fa3a6daf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 300 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555555d87660, 24) = 0 [pid 296] mkdir("./syzkaller.AP7eKQ", 0700) = 0 [pid 296] chmod("./syzkaller.AP7eKQ", 0777) = 0 [pid 296] chdir("./syzkaller.AP7eKQ") = 0 [pid 296] mkdir("./0", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555555d87660, 24) = 0 [pid 295] mkdir("./syzkaller.QoM3eT", 0700 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] <... mkdir resumed>) = 0 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] chmod("./syzkaller.QoM3eT", 0777) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 301 [pid 295] chdir("./syzkaller.QoM3eT") = 0 [pid 295] mkdir("./0", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 302 ./strace-static-x86_64: Process 301 attached ./strace-static-x86_64: Process 302 attached [pid 301] set_robust_list(0x555555d87660, 24 [pid 302] set_robust_list(0x555555d87660, 24) = 0 [pid 301] <... set_robust_list resumed>) = 0 [pid 302] chdir("./0" [pid 301] chdir("./0" [pid 302] <... chdir resumed>) = 0 [pid 301] <... chdir resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] <... prctl resumed>) = 0 [pid 301] <... prctl resumed>) = 0 [pid 302] setpgid(0, 0 [pid 301] setpgid(0, 0) = 0 [pid 302] <... setpgid resumed>) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3 [pid 302] write(3, "1000", 4 [pid 301] <... close resumed>) = 0 [pid 302] <... write resumed>) = 4 [pid 302] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] memfd_create("syzkaller", 0) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] <... write resumed>) = 262144 [pid 302] <... write resumed>) = 262144 [pid 301] munmap(0x7fa39e8fb000, 138412032 [pid 302] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 301] <... munmap resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.664725][ T30] audit: type=1400 audit(1703750917.965:66): avc: denied { execmem } for pid=294 comm="syz-executor125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.682784][ T30] audit: type=1400 audit(1703750917.975:67): avc: denied { read write } for pid=296 comm="syz-executor125" name="loop1" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.686253][ T301] loop1: detected capacity change from 0 to 512 [pid 301] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 297 attached [pid 302] ioctl(4, LOOP_SET_FD, 3 [pid 300] set_robust_list(0x555555d87660, 24 [pid 299] set_robust_list(0x555555d87660, 24 [pid 298] set_robust_list(0x555555d87660, 24 [pid 297] set_robust_list(0x555555d87660, 24 [pid 301] <... ioctl resumed>) = 0 [pid 301] close(3) = 0 [pid 301] mkdir("./file0", 0777) = 0 [pid 301] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 302] <... ioctl resumed>) = 0 [pid 302] close(3) = 0 [pid 302] mkdir("./file0", 0777) = 0 [ 22.704800][ T30] audit: type=1400 audit(1703750917.975:68): avc: denied { open } for pid=296 comm="syz-executor125" path="/dev/loop1" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.710085][ T302] loop0: detected capacity change from 0 to 512 [ 22.733653][ T30] audit: type=1400 audit(1703750917.975:69): avc: denied { ioctl } for pid=296 comm="syz-executor125" path="/dev/loop1" dev="devtmpfs" ino=113 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 302] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 300] mkdir("./syzkaller.8ql6LN", 0700 [pid 299] mkdir("./syzkaller.amJMgD", 0700 [pid 298] mkdir("./syzkaller.IOE6Y0", 0700 [pid 297] mkdir("./syzkaller.dkBKGk", 0700 [pid 300] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 299] chmod("./syzkaller.amJMgD", 0777 [pid 298] chmod("./syzkaller.IOE6Y0", 0777 [pid 297] chmod("./syzkaller.dkBKGk", 0777 [pid 300] chmod("./syzkaller.8ql6LN", 0777 [pid 299] <... chmod resumed>) = 0 [pid 300] <... chmod resumed>) = 0 [pid 299] chdir("./syzkaller.amJMgD" [pid 298] <... chmod resumed>) = 0 [pid 297] <... chmod resumed>) = 0 [pid 300] chdir("./syzkaller.8ql6LN" [pid 299] <... chdir resumed>) = 0 [pid 298] chdir("./syzkaller.IOE6Y0" [pid 297] chdir("./syzkaller.dkBKGk" [pid 300] <... chdir resumed>) = 0 [pid 299] mkdir("./0", 0777 [pid 298] <... chdir resumed>) = 0 [pid 297] <... chdir resumed>) = 0 [pid 300] mkdir("./0", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 297] mkdir("./0", 0777 [pid 300] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] mkdir("./0", 0777 [pid 297] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 298] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] ioctl(3, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 298] <... openat resumed>) = 3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 299] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 300] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... close resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 305 [pid 298] <... close resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 307 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 306 [ 22.765286][ T301] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 22.767569][ T30] audit: type=1400 audit(1703750918.045:70): avc: denied { mounton } for pid=301 comm="syz-executor125" path="/root/syzkaller.AP7eKQ/0/file0" dev="sda1" ino=1933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.773162][ T302] EXT4-fs (loop0): Ignoring removed mblk_io_submit option ./strace-static-x86_64: Process 307 attached ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555555d87660, 24) = 0 [pid 307] set_robust_list(0x555555d87660, 24 [pid 306] set_robust_list(0x555555d87660, 24 [pid 305] set_robust_list(0x555555d87660, 24 [pid 307] <... set_robust_list resumed>) = 0 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 307] chdir("./0") = 0 [pid 306] chdir("./0" [pid 305] chdir("./0" [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] chdir("./0") = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 307] <... prctl resumed>) = 0 [pid 306] <... chdir resumed>) = 0 [pid 305] <... chdir resumed>) = 0 [pid 307] setpgid(0, 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] <... setpgid resumed>) = 0 [pid 306] <... prctl resumed>) = 0 [pid 305] <... prctl resumed>) = 0 [pid 306] setpgid(0, 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... setpgid resumed>) = 0 [pid 305] setpgid(0, 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] <... openat resumed>) = 3 [pid 306] <... openat resumed>) = 3 [pid 305] <... setpgid resumed>) = 0 [pid 307] write(3, "1000", 4 [pid 306] write(3, "1000", 4 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] <... write resumed>) = 4 [pid 306] <... write resumed>) = 4 [pid 307] close(3 [pid 306] close(3 [pid 305] <... openat resumed>) = 3 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... close resumed>) = 0 [pid 307] <... close resumed>) = 0 [pid 305] write(3, "1000", 4 [pid 307] symlink("/dev/binderfs", "./binderfs" [pid 306] symlink("/dev/binderfs", "./binderfs" [pid 305] <... write resumed>) = 4 [pid 307] <... symlink resumed>) = 0 [pid 307] memfd_create("syzkaller", 0 [pid 306] <... symlink resumed>) = 0 [pid 305] close(3 [pid 307] <... memfd_create resumed>) = 3 [pid 306] memfd_create("syzkaller", 0 [pid 305] <... close resumed>) = 0 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 306] <... memfd_create resumed>) = 3 [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 307] <... mmap resumed>) = 0x7fa39e8fb000 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 305] <... symlink resumed>) = 0 [pid 306] <... mmap resumed>) = 0x7fa39e8fb000 [pid 308] <... openat resumed>) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 308] close(3) = 0 [pid 305] <... mmap resumed>) = 0x7fa39e8fb000 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] <... write resumed>) = 262144 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 307] munmap(0x7fa39e8fb000, 138412032 [pid 306] munmap(0x7fa39e8fb000, 138412032 [pid 305] <... write resumed>) = 262144 [pid 307] <... munmap resumed>) = 0 [pid 306] <... munmap resumed>) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 307] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 305] munmap(0x7fa39e8fb000, 138412032 [pid 306] <... openat resumed>) = 4 [pid 307] <... openat resumed>) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3 [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 305] <... munmap resumed>) = 0 [pid 308] <... write resumed>) = 262144 [pid 308] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 307] <... ioctl resumed>) = 0 [ 22.804344][ T301] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.816353][ T302] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.848118][ T307] loop5: detected capacity change from 0 to 512 [ 22.852392][ T308] loop3: detected capacity change from 0 to 512 [pid 308] <... ioctl resumed>) = 0 [pid 307] close(3 [pid 306] <... ioctl resumed>) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 307] <... close resumed>) = 0 [pid 306] close(3 [pid 305] <... openat resumed>) = 4 [pid 307] mkdir("./file0", 0777 [pid 306] <... close resumed>) = 0 [pid 305] ioctl(4, LOOP_SET_FD, 3 [pid 307] <... mkdir resumed>) = 0 [pid 306] mkdir("./file0", 0777 [pid 307] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 306] <... mkdir resumed>) = 0 [pid 308] close(3 [pid 305] <... ioctl resumed>) = 0 [pid 308] <... close resumed>) = 0 [pid 308] mkdir("./file0", 0777) = 0 [pid 308] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 305] close(3) = 0 [pid 305] mkdir("./file0", 0777) = 0 [ 22.854311][ T306] loop2: detected capacity change from 0 to 512 [ 22.861984][ T302] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 22.868452][ T305] loop4: detected capacity change from 0 to 512 [ 22.874467][ T302] System zones: 1-12 [ 22.881890][ T307] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 22.889723][ T301] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 22.891820][ T302] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 305] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [ 22.898670][ T308] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 22.911751][ T307] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.919506][ T305] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 22.930690][ T306] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 22.938019][ T301] System zones: [ 22.944215][ T305] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.944276][ T301] 1-12 [ 22.960024][ T301] [ 22.964252][ T306] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.964252][ T308] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 22.965615][ T307] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 22.977816][ T305] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 22.988228][ T307] System zones: [ 22.997172][ T305] System zones: [ 23.003999][ T302] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.007667][ T305] 1-12 [ 23.010192][ T306] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 23.010240][ T306] System zones: [ 23.022650][ T305] [ 23.024532][ T301] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.032292][ T307] 1-12 [ 23.037859][ T306] 1-12 [ 23.050900][ T307] [ 23.053504][ T302] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.056351][ T307] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.057864][ T305] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.096299][ T308] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 23.098488][ T306] [ 23.104607][ T307] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.106436][ T301] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.118149][ T308] System zones: [ 23.129836][ T302] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 23.133268][ T302] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.146991][ T307] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.158304][ T308] 1-12 [ 23.170616][ T302] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.171662][ T306] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.173169][ T308] [ 23.186850][ T305] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.199493][ T302] EXT4-fs (loop0): 1 orphan inode deleted [ 23.212852][ T302] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 23.218676][ T305] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.241771][ T301] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 306] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 302] <... mount resumed>) = 0 [pid 302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 302] chdir("./file0") = 0 [pid 302] ioctl(4, LOOP_CLR_FD) = 0 [pid 302] close(4) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 302] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 23.254737][ T307] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.274047][ T308] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.278443][ T30] audit: type=1400 audit(1703750918.575:71): avc: denied { mount } for pid=302 comm="syz-executor125" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 295] unlink("./0/binderfs") = 0 [ 23.313306][ T301] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.321847][ T307] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.325980][ T306] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.349751][ T305] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.350239][ T30] audit: type=1400 audit(1703750918.625:72): avc: denied { unmount } for pid=295 comm="syz-executor125" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.361952][ T301] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.381927][ T307] EXT4-fs (loop5): 1 orphan inode deleted [ 23.394408][ T305] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [ 23.399662][ T308] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.411935][ T306] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.435341][ T301] EXT4-fs (loop1): 1 orphan inode deleted [ 23.436994][ T307] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 307] <... mount resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 307] chdir("./file0" [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 307] <... chdir resumed>) = 0 [pid 295] close(3 [pid 307] ioctl(4, LOOP_CLR_FD [pid 295] <... close resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 307] close(4) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 318 [pid 307] <... openat resumed>) = 4 [pid 307] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 307] exit_group(0) = ? [pid 307] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 300] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./0/binderfs") = 0 [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 318 attached [pid 301] <... mount resumed>) = 0 [ 23.441776][ T301] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 23.473505][ T306] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.500951][ T308] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 318] set_robust_list(0x555555d87660, 24 [ 23.503403][ T305] EXT4-fs (loop4): 1 orphan inode deleted [ 23.515016][ T308] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.520171][ T305] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 23.532306][ T308] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 318] <... set_robust_list resumed>) = 0 [pid 305] <... mount resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 318] chdir("./1" [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 23.567251][ T306] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.567795][ T308] EXT4-fs (loop3): 1 orphan inode deleted [ 23.583880][ T306] EXT4-fs (loop2): 1 orphan inode deleted [ 23.589185][ T308] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 301] chdir("./file0" [pid 318] <... chdir resumed>) = 0 [pid 306] <... mount resumed>) = 0 [pid 305] <... openat resumed>) = 3 [pid 301] <... chdir resumed>) = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 305] chdir("./file0" [pid 301] ioctl(4, LOOP_CLR_FD [pid 318] <... prctl resumed>) = 0 [pid 306] <... openat resumed>) = 3 [pid 305] <... chdir resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 318] setpgid(0, 0 [pid 306] chdir("./file0" [pid 305] ioctl(4, LOOP_CLR_FD [pid 301] close(4 [pid 318] <... setpgid resumed>) = 0 [pid 306] <... chdir resumed>) = 0 [pid 305] <... ioctl resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 308] <... mount resumed>) = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file0") = 0 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 308] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 308] exit_group(0) = ? [pid 308] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 305] close(4 [pid 301] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 306] ioctl(4, LOOP_CLR_FD [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 306] <... ioctl resumed>) = 0 [pid 301] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 306] close(4 [pid 305] <... openat resumed>) = 4 [pid 301] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 298] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 318] <... openat resumed>) = 3 [pid 306] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 305] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 306] <... openat resumed>) = 4 [pid 301] exit_group(0 [pid 298] <... openat resumed>) = 3 [pid 305] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 306] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 305] exit_group(0 [pid 301] <... exit_group resumed>) = ? [pid 298] newfstatat(3, "", [pid 306] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 305] <... exit_group resumed>) = ? [pid 318] write(3, "1000", 4 [pid 301] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 306] exit_group(0 [pid 298] getdents64(3, [pid 305] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 318] <... write resumed>) = 4 [pid 296] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 306] <... exit_group resumed>) = ? [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 318] close(3 [pid 298] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 306] +++ exited with 0 +++ [pid 299] <... restart_syscall resumed>) = 0 [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 318] <... close resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 318] symlink("/dev/binderfs", "./binderfs" [pid 296] <... openat resumed>) = 3 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 318] <... symlink resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 296] newfstatat(3, "", [pid 299] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", [pid 318] memfd_create("syzkaller", 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(3, "", [pid 296] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 318] <... memfd_create resumed>) = 3 [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] unlink("./0/binderfs" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 299] getdents64(3, [pid 297] newfstatat(3, "", [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", [pid 298] <... unlink resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./0/binderfs" [pid 318] <... mmap resumed>) = 0x7fa39e8fb000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", [pid 299] unlink("./0/binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 299] <... unlink resumed>) = 0 [pid 297] unlink("./0/binderfs" [pid 318] <... write resumed>) = 262144 [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 318] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 318] <... openat resumed>) = 4 [ 23.614414][ T306] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./0/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] newfstatat(AT_FDCWD, "./0/file0", [pid 296] close(4) = 0 [pid 296] rmdir("./0/file0" [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./0" [pid 300] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... openat resumed>) = 4 [pid 300] newfstatat(4, "", [pid 298] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... rmdir resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] mkdir("./1", 0777 [pid 300] getdents64(4, [pid 298] <... openat resumed>) = 4 [pid 296] <... mkdir resumed>) = 0 [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] newfstatat(4, "", [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 3 [pid 300] close(4 [pid 298] getdents64(4, [pid 300] <... close resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 300] rmdir("./0/file0" [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(4, [pid 300] getdents64(3, [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 300] close(3 [pid 298] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] rmdir("./0/file0" [pid 300] rmdir("./0" [pid 298] <... rmdir resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 320 [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] mkdir("./1", 0777 [pid 298] close(3) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] rmdir("./0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] mkdir("./1", 0777 [pid 300] <... openat resumed>) = 3 [pid 298] <... mkdir resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] close(3) = 0 [pid 298] <... openat resumed>) = 3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] ioctl(3, LOOP_CLR_FD [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 321 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 322 [pid 318] close(3) = 0 [pid 318] mkdir("./file0", 0777./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555555d87660, 24) = 0 [pid 320] chdir("./1" [pid 318] <... mkdir resumed>) = 0 [pid 320] <... chdir resumed>) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 320] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 322 attached ./strace-static-x86_64: Process 321 attached [pid 322] set_robust_list(0x555555d87660, 24 [pid 321] set_robust_list(0x555555d87660, 24 [pid 322] <... set_robust_list resumed>) = 0 [pid 321] <... set_robust_list resumed>) = 0 [pid 322] chdir("./1" [pid 321] chdir("./1" [pid 297] <... umount2 resumed>) = 0 [pid 322] <... chdir resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 321] <... chdir resumed>) = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 23.668868][ T318] loop0: detected capacity change from 0 to 512 [ 23.702055][ T318] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 23.712397][ T320] loop1: detected capacity change from 0 to 512 [pid 299] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 322] <... prctl resumed>) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./0/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./0") = 0 [pid 299] mkdir("./1", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 323 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x555555d87660, 24) = 0 [pid 323] chdir("./1") = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 [pid 323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 323] memfd_create("syzkaller", 0) = 3 [pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 320] <... ioctl resumed>) = 0 [pid 320] close(3) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 323] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 323] ioctl(4, LOOP_SET_FD, 3 [pid 322] setpgid(0, 0 [pid 321] <... prctl resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./0/file0", [pid 320] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 322] <... setpgid resumed>) = 0 [pid 321] setpgid(0, 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] <... setpgid resumed>) = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 322] <... openat resumed>) = 3 [pid 321] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 322] write(3, "1000", 4 [pid 297] <... openat resumed>) = 4 [pid 322] <... write resumed>) = 4 [pid 321] write(3, "1000", 4 [pid 322] close(3 [pid 321] <... write resumed>) = 4 [pid 297] newfstatat(4, "", [pid 323] <... ioctl resumed>) = 0 [pid 322] <... close resumed>) = 0 [pid 321] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 323] close(3 [pid 322] symlink("/dev/binderfs", "./binderfs" [pid 321] <... close resumed>) = 0 [ 23.723551][ T318] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.734157][ T323] loop4: detected capacity change from 0 to 512 [ 23.746495][ T320] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [pid 297] getdents64(4, [pid 322] <... symlink resumed>) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs" [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 322] memfd_create("syzkaller", 0 [pid 321] <... symlink resumed>) = 0 [pid 297] getdents64(4, [pid 321] memfd_create("syzkaller", 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 323] <... close resumed>) = 0 [pid 322] <... memfd_create resumed>) = 3 [pid 321] <... memfd_create resumed>) = 3 [pid 297] close(4 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... close resumed>) = 0 [pid 323] mkdir("./file0", 0777 [pid 297] rmdir("./0/file0" [pid 322] <... mmap resumed>) = 0x7fa39e8fb000 [pid 321] <... mmap resumed>) = 0x7fa39e8fb000 [pid 297] <... rmdir resumed>) = 0 [pid 323] <... mkdir resumed>) = 0 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 297] getdents64(3, [pid 323] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 322] <... write resumed>) = 262144 [pid 321] <... write resumed>) = 262144 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./0" [pid 322] munmap(0x7fa39e8fb000, 138412032 [pid 321] munmap(0x7fa39e8fb000, 138412032 [pid 297] <... rmdir resumed>) = 0 [ 23.769108][ T318] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 23.787934][ T320] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.801010][ T318] System zones: 1-12 [ 23.807690][ T318] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 297] mkdir("./1", 0777 [pid 322] <... munmap resumed>) = 0 [pid 321] <... munmap resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 321] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 322] <... openat resumed>) = 4 [pid 321] <... openat resumed>) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3 [pid 321] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... openat resumed>) = 3 [ 23.808618][ T323] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 23.828963][ T318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.829528][ T320] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 23.844293][ T321] loop5: detected capacity change from 0 to 512 [ 23.849024][ T322] loop3: detected capacity change from 0 to 512 [ 23.854818][ T318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 322] <... ioctl resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 322] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 322] <... close resumed>) = 0 [pid 297] close(3 [pid 322] mkdir("./file0", 0777 [pid 297] <... close resumed>) = 0 [pid 322] <... mkdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 322] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 329 [pid 321] <... ioctl resumed>) = 0 [pid 321] close(3) = 0 [pid 321] mkdir("./file0", 0777) = 0 [pid 321] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"..../strace-static-x86_64: Process 329 attached [ 23.861009][ T320] System zones: 1-12 [ 23.880725][ T322] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 23.889893][ T320] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.890387][ T323] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.903277][ T321] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 329] set_robust_list(0x555555d87660, 24) = 0 [pid 329] chdir("./1") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 329] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 23.917673][ T323] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 23.929351][ T318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.929979][ T323] System zones: [ 23.941339][ T322] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.942125][ T323] 1-12 [ 23.952853][ T329] loop2: detected capacity change from 0 to 512 [ 23.957217][ T323] [pid 329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 329] close(3) = 0 [ 23.959508][ T320] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 23.965971][ T323] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 23.967613][ T318] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 23.992677][ T322] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 24.004913][ T321] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 329] mkdir("./file0", 0777) = 0 [ 24.012464][ T320] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.027245][ T322] System zones: 1-12 [ 24.037146][ T323] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.042280][ T318] EXT4-fs (loop0): 1 orphan inode deleted [ 24.052773][ T329] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 24.059009][ T323] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.065144][ T322] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 24.078750][ T323] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.090554][ T320] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.102653][ T318] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.116442][ T323] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.138037][ T329] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 24.162069][ T321] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 329] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 318] <... mount resumed>) = 0 [pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 318] chdir("./file0") = 0 [pid 318] ioctl(4, LOOP_CLR_FD) = 0 [pid 318] close(4) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 318] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 318] exit_group(0) = ? [pid 318] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 295] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./1/binderfs") = 0 [ 24.170153][ T320] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.185108][ T321] System zones: 1-12 [ 24.185636][ T322] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.201051][ T323] EXT4-fs (loop4): 1 orphan inode deleted [ 24.201277][ T321] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 295] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... mount resumed>) = 0 [pid 323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 323] chdir("./file0") = 0 [pid 323] ioctl(4, LOOP_CLR_FD) = 0 [pid 323] close(4) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 323] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 323] exit_group(0) = ? [pid 323] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [ 24.206749][ T323] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.221437][ T329] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 24.255304][ T329] System zones: 1-12 [ 24.255637][ T320] EXT4-fs (loop1): 1 orphan inode deleted [pid 299] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./1/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./1") = 0 [pid 295] mkdir("./2", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 335 ./strace-static-x86_64: Process 335 attached [pid 299] newfstatat(3, "", [pid 320] <... mount resumed>) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 24.264657][ T322] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.277293][ T329] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 24.277758][ T320] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.314013][ T321] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 320] chdir("./file0") = 0 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 320] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 320] exit_group(0) = ? [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./1/binderfs") = 0 [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 320] +++ exited with 0 +++ [pid 335] set_robust_list(0x555555d87660, 24) = 0 [pid 335] chdir("./2") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 335] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 335] close(3 [pid 296] <... restart_syscall resumed>) = 0 [pid 335] <... close resumed>) = 0 [pid 335] mkdir("./file0", 0777) = 0 [ 24.326082][ T322] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.342118][ T321] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.353347][ T335] loop0: detected capacity change from 0 to 512 [ 24.354996][ T322] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.373909][ T329] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.376878][ T321] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.385906][ T335] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 24.397856][ T322] EXT4-fs (loop3): 1 orphan inode deleted [ 24.404691][ T321] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 322] <... mount resumed>) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./file0") = 0 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 322] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 322] exit_group(0) = ? [ 24.410499][ T322] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.422589][ T329] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.458755][ T335] ================================================================================ [ 24.459073][ T321] EXT4-fs (loop5): 1 orphan inode deleted [pid 296] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 322] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 298] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./1/binderfs") = 0 [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 321] <... mount resumed>) = 0 [ 24.473366][ T321] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.491814][ T335] UBSAN: shift-out-of-bounds in fs/ext4/super.c:2493:15 [ 24.497361][ T329] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 24.505300][ T335] shift exponent 1566810319 is too large for 32-bit type 'int' [ 24.515980][ T329] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 24.523685][ T335] CPU: 1 PID: 335 Comm: syz-executor125 Not tainted 5.15.141-syzkaller-00899-g28e3f5851a99 #0 [ 24.535880][ T329] EXT4-fs (loop2): 1 orphan inode deleted [ 24.545450][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 24.545463][ T335] Call Trace: [ 24.545473][ T335] [ 24.545480][ T335] dump_stack_lvl+0x151/0x1b7 [ 24.551017][ T329] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 24.560915][ T335] ? io_uring_drop_tctx_refs+0x190/0x190 [ 24.560951][ T335] ? slab_free_freelist_hook+0xbd/0x190 [ 24.560972][ T335] dump_stack+0x15/0x17 [ 24.560990][ T335] __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 [ 24.615935][ T335] parse_options+0x2c9d/0x2d20 [ 24.620528][ T335] ? ext4_superblock_csum_verify+0x420/0x420 [ 24.626342][ T335] ? ext4_chksum+0x14f/0x220 [ 24.630767][ T335] ? make_kgid+0x1f2/0x6f0 [ 24.635020][ T335] ? ext4_has_metadata_csum+0x14b/0x1f0 [ 24.640402][ T335] ext4_fill_super+0x2084/0x96e0 [ 24.645177][ T335] ? ptr_to_hashval+0x60/0x60 [ 24.649688][ T335] ? ext4_mount+0x40/0x40 [ 24.653851][ T335] ? vscnprintf+0x80/0x80 [ 24.658017][ T335] ? set_blocksize+0x1f0/0x380 [ 24.662618][ T335] ? sb_set_blocksize+0xa8/0xf0 [ 24.667393][ T335] mount_bdev+0x282/0x3b0 [ 24.671556][ T335] ? ext4_mount+0x40/0x40 [ 24.675726][ T335] ext4_mount+0x34/0x40 [ 24.679716][ T335] legacy_get_tree+0xf1/0x190 [ 24.684231][ T335] ? ext4_errno_to_code+0x140/0x140 [ 24.689266][ T335] vfs_get_tree+0x88/0x290 [ 24.693516][ T335] do_new_mount+0x28b/0xad0 [ 24.697867][ T335] ? do_move_mount_old+0x160/0x160 [ 24.702807][ T335] ? security_capable+0x87/0xb0 [ 24.707492][ T335] ? ns_capable+0x89/0xe0 [ 24.711657][ T335] path_mount+0x671/0x1070 [ 24.715913][ T335] __se_sys_mount+0x2c4/0x3b0 [ 24.720425][ T335] ? __x64_sys_mount+0xd0/0xd0 [ 24.725025][ T335] ? __kasan_check_read+0x11/0x20 [ 24.729887][ T335] __x64_sys_mount+0xbf/0xd0 [ 24.734309][ T335] do_syscall_64+0x3d/0xb0 [ 24.738564][ T335] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.744292][ T335] RIP: 0033:0x7fa3a6d3b81a [ 24.748543][ T335] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.767987][ T335] RSP: 002b:00007ffd449a1568 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [pid 296] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 321] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 321] chdir("./file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 321] <... chdir resumed>) = 0 [pid 296] getdents64(3, [pid 321] ioctl(4, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 321] <... ioctl resumed>) = 0 [pid 296] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 321] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 321] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./1/binderfs", [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 321] <... openat resumed>) = 4 [pid 296] unlink("./1/binderfs" [pid 321] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 296] <... unlink resumed>) = 0 [pid 321] <... pwrite64 resumed>) = 4096 [pid 296] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 321] exit_group(0) = ? [pid 321] +++ exited with 0 +++ [pid 329] <... mount resumed>) = 0 [pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 329] chdir("./file0") = 0 [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 329] close(4) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 329] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 329] exit_group(0) = ? [pid 329] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 297] <... restart_syscall resumed>) = 0 [pid 297] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./1/binderfs") = 0 [pid 297] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./1/binderfs") = 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [ 24.776230][ T335] RAX: ffffffffffffffda RBX: 00007ffd449a1580 RCX: 00007fa3a6d3b81a [ 24.784039][ T335] RDX: 0000000020000180 RSI: 00000000200000c0 RDI: 00007ffd449a1580 [ 24.791855][ T335] RBP: 0000000000000004 R08: 00007ffd449a15c0 R09: 00007ffd449a15c0 [ 24.799663][ T335] R10: 0000000000800714 R11: 0000000000000202 R12: 0000000000800714 [ 24.807473][ T335] R13: 00007ffd449a15c0 R14: 0000000000000003 R15: 0000000000040000 [ 24.815289][ T335] [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./1/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./1") = 0 [pid 299] mkdir("./2", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 336 ./strace-static-x86_64: Process 336 attached [pid 300] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 336] set_robust_list(0x555555d87660, 24 [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] <... set_robust_list resumed>) = 0 [pid 335] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] chdir("./2" [pid 335] ioctl(4, LOOP_CLR_FD [pid 298] newfstatat(AT_FDCWD, "./1/file0", [pid 297] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] <... chdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] <... prctl resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] setpgid(0, 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] <... setpgid resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] newfstatat(AT_FDCWD, "./1/file0", [pid 296] newfstatat(AT_FDCWD, "./1/file0", [pid 298] newfstatat(4, "", [pid 336] <... openat resumed>) = 3 [pid 335] <... ioctl resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./1/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 336] write(3, "1000", 4 [pid 335] close(4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] getdents64(4, [pid 297] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] <... write resumed>) = 4 [pid 335] <... close resumed>) = 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] close(3 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(4, [pid 297] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 336] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 336] symlink("/dev/binderfs", "./binderfs" [pid 300] <... openat resumed>) = 4 [pid 298] close(4 [pid 297] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 300] newfstatat(4, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 336] <... symlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... close resumed>) = 0 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 336] memfd_create("syzkaller", 0 [pid 300] getdents64(4, [pid 298] rmdir("./1/file0" [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 336] <... memfd_create resumed>) = 3 [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] getdents64(4, [pid 298] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 336] <... mmap resumed>) = 0x7fa39e8fb000 [pid 300] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 297] close(4 [pid 296] close(4 [pid 300] close(4 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 297] rmdir("./1/file0" [pid 296] rmdir("./1/file0" [pid 300] rmdir("./1/file0" [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 300] getdents64(3, [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 296] close(3 [pid 300] close(3 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 336] <... write resumed>) = 262144 [pid 300] <... close resumed>) = 0 [ 24.823210][ T335] ================================================================================ [ 24.832708][ T335] EXT4-fs (loop0): Encoding requested by superblock is unknown [pid 298] close(3 [pid 297] rmdir("./1" [pid 296] rmdir("./1" [pid 336] munmap(0x7fa39e8fb000, 138412032 [pid 300] rmdir("./1" [pid 298] <... close resumed>) = 0 [pid 336] <... munmap resumed>) = 0 [pid 298] rmdir("./1" [pid 297] <... rmdir resumed>) = 0 [pid 336] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 336] <... openat resumed>) = 4 [pid 300] <... rmdir resumed>) = 0 [pid 298] mkdir("./2", 0777 [pid 297] mkdir("./2", 0777 [pid 296] mkdir("./2", 0777 [pid 336] ioctl(4, LOOP_SET_FD, 3 [pid 300] mkdir("./2", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 297] close(3 [pid 296] close(3 [pid 336] <... ioctl resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... close resumed>) = 0 [pid 336] close(3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 336] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 336] mkdir("./file0", 0777 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 336] <... mkdir resumed>) = 0 [pid 298] close(3 [pid 336] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] <... close resumed>) = 0 ./strace-static-x86_64: Process 338 attached ./strace-static-x86_64: Process 337 attached [pid 335] <... openat resumed>) = 3 [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 338 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 337 [pid 338] set_robust_list(0x555555d87660, 24 [pid 337] set_robust_list(0x555555d87660, 24 [pid 335] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 339 [pid 335] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 340 [pid 335] exit_group(0) = ? [pid 337] <... set_robust_list resumed>) = 0 [pid 338] <... set_robust_list resumed>) = 0 [pid 335] +++ exited with 0 +++ [pid 338] chdir("./2" [pid 337] chdir("./2" [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 338] <... chdir resumed>) = 0 [pid 337] <... chdir resumed>) = 0 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... restart_syscall resumed>) = 0 [pid 338] <... prctl resumed>) = 0 [pid 337] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 339 attached [pid 338] setpgid(0, 0 [pid 337] setpgid(0, 0 [pid 338] <... setpgid resumed>) = 0 [pid 337] <... setpgid resumed>) = 0 [pid 295] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 339] set_robust_list(0x555555d87660, 24) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] chdir("./2" [pid 338] <... openat resumed>) = 3 [pid 337] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 339] <... chdir resumed>) = 0 [pid 338] write(3, "1000", 4 [pid 337] write(3, "1000", 4./strace-static-x86_64: Process 340 attached [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 338] <... write resumed>) = 4 [pid 337] <... write resumed>) = 4 [pid 295] <... openat resumed>) = 3 [pid 340] set_robust_list(0x555555d87660, 24 [pid 338] close(3 [pid 337] close(3 [pid 295] newfstatat(3, "", [pid 340] <... set_robust_list resumed>) = 0 [pid 338] <... close resumed>) = 0 [pid 337] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 339] <... prctl resumed>) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] getdents64(3, [pid 339] write(3, "1000", 4 [pid 338] symlink("/dev/binderfs", "./binderfs" [pid 337] symlink("/dev/binderfs", "./binderfs" [pid 339] <... write resumed>) = 4 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 337] <... symlink resumed>) = 0 [pid 295] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 337] memfd_create("syzkaller", 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 337] <... memfd_create resumed>) = 3 [pid 295] newfstatat(AT_FDCWD, "./2/binderfs", [pid 339] close(3 [pid 338] <... symlink resumed>) = 0 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 339] <... close resumed>) = 0 [pid 338] memfd_create("syzkaller", 0 [pid 337] <... mmap resumed>) = 0x7fa39e8fb000 [pid 295] unlink("./2/binderfs" [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] <... unlink resumed>) = 0 [pid 339] memfd_create("syzkaller", 0 [pid 338] <... memfd_create resumed>) = 3 [pid 295] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 339] <... memfd_create resumed>) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 340] chdir("./2" [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 338] <... mmap resumed>) = 0x7fa39e8fb000 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 295] newfstatat(AT_FDCWD, "./2/file0", [pid 339] <... mmap resumed>) = 0x7fa39e8fb000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 340] <... chdir resumed>) = 0 [pid 339] <... write resumed>) = 262144 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 337] <... write resumed>) = 262144 [pid 295] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 339] munmap(0x7fa39e8fb000, 138412032 [pid 337] munmap(0x7fa39e8fb000, 138412032 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] <... munmap resumed>) = 0 [pid 337] <... munmap resumed>) = 0 [pid 295] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 339] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 337] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... openat resumed>) = 4 [pid 338] <... write resumed>) = 262144 [pid 295] newfstatat(4, "", [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 338] munmap(0x7fa39e8fb000, 138412032 [pid 337] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 340] <... prctl resumed>) = 0 [pid 339] <... openat resumed>) = 4 [pid 338] <... munmap resumed>) = 0 [pid 337] ioctl(4, LOOP_SET_FD, 3 [pid 295] getdents64(4, [pid 340] setpgid(0, 0 [pid 339] ioctl(4, LOOP_SET_FD, 3 [pid 338] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 340] <... setpgid resumed>) = 0 [pid 339] <... ioctl resumed>) = 0 [ 24.869905][ T336] loop4: detected capacity change from 0 to 512 [ 24.879927][ T336] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 24.904849][ T337] loop2: detected capacity change from 0 to 512 [ 24.905416][ T339] loop1: detected capacity change from 0 to 512 [pid 338] <... openat resumed>) = 4 [pid 337] <... ioctl resumed>) = 0 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 339] close(3) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] ioctl(4, LOOP_SET_FD, 3 [pid 337] close(3 [pid 295] getdents64(4, [pid 340] <... openat resumed>) = 3 [pid 337] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 337] mkdir("./file0", 0777 [pid 295] close(4 [pid 337] <... mkdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 337] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] rmdir("./2/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./2") = 0 [pid 295] mkdir("./3", 0777 [pid 340] write(3, "1000", 4 [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 340] <... write resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 340] close(3 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 342 ./strace-static-x86_64: Process 342 attached [pid 340] <... close resumed>) = 0 [pid 338] <... ioctl resumed>) = 0 [ 24.917430][ T336] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 24.924384][ T339] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 24.930628][ T338] loop5: detected capacity change from 0 to 512 [ 24.942945][ T337] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 24.950250][ T336] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 24.952122][ T339] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 342] set_robust_list(0x555555d87660, 24 [pid 340] symlink("/dev/binderfs", "./binderfs" [pid 338] close(3 [pid 342] <... set_robust_list resumed>) = 0 [pid 340] <... symlink resumed>) = 0 [pid 338] <... close resumed>) = 0 [pid 342] chdir("./3" [pid 340] memfd_create("syzkaller", 0 [pid 338] mkdir("./file0", 0777 [pid 342] <... chdir resumed>) = 0 [pid 340] <... memfd_create resumed>) = 3 [pid 338] <... mkdir resumed>) = 0 [ 24.958283][ T336] System zones: [ 24.969986][ T337] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 24.970307][ T336] 1-12 [ 24.974591][ T339] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 24.985201][ T336] [ 24.986759][ T336] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 24.988354][ T339] System zones: [ 24.997953][ T339] 1-12 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 338] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 342] <... prctl resumed>) = 0 [pid 340] <... mmap resumed>) = 0x7fa39e8fb000 [pid 342] setpgid(0, 0 [ 25.011695][ T336] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.014348][ T337] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.016665][ T339] [ 25.028522][ T337] System zones: [ 25.037341][ T339] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.038162][ T336] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.041543][ T337] 1-12 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 342] <... setpgid resumed>) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] memfd_create("syzkaller", 0) = 3 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 342] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_SET_FD, 3 [pid 340] <... write resumed>) = 262144 [pid 340] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 342] <... ioctl resumed>) = 0 [pid 342] close(3) = 0 [pid 342] mkdir("./file0", 0777) = 0 [pid 342] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 340] <... ioctl resumed>) = 0 [pid 340] close(3) = 0 [pid 340] mkdir("./file0", 0777) = 0 [ 25.067163][ T337] [ 25.070882][ T338] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 25.078613][ T337] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.080905][ T342] loop0: detected capacity change from 0 to 512 [ 25.091559][ T336] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.099991][ T340] loop3: detected capacity change from 0 to 512 [ 25.109775][ T339] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.122009][ T342] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.127376][ T339] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.134239][ T340] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 25.146852][ T339] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.154054][ T338] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.177523][ T336] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.178632][ T342] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.190551][ T339] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.202261][ T340] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.214762][ T337] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.227629][ T336] EXT4-fs (loop4): 1 orphan inode deleted [ 25.238797][ T338] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.244559][ T339] EXT4-fs (loop1): 1 orphan inode deleted [ 25.251322][ T338] System zones: 1-12 [ 25.258218][ T336] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.260734][ T342] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.284793][ T339] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 340] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 339] <... mount resumed>) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 336] <... mount resumed>) = 0 [pid 339] <... openat resumed>) = 3 [pid 336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 339] chdir("./file0" [pid 336] <... openat resumed>) = 3 [pid 339] <... chdir resumed>) = 0 [pid 336] chdir("./file0" [pid 339] ioctl(4, LOOP_CLR_FD [pid 336] <... chdir resumed>) = 0 [pid 339] <... ioctl resumed>) = 0 [pid 336] ioctl(4, LOOP_CLR_FD [pid 339] close(4 [pid 336] <... ioctl resumed>) = 0 [pid 339] <... close resumed>) = 0 [pid 336] close(4 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 336] <... close resumed>) = 0 [pid 339] <... openat resumed>) = 4 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 339] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 336] <... openat resumed>) = 4 [pid 339] <... pwrite64 resumed>) = 4096 [pid 336] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 339] exit_group(0 [pid 336] <... pwrite64 resumed>) = 4096 [pid 339] <... exit_group resumed>) = ? [pid 336] exit_group(0 [pid 339] +++ exited with 0 +++ [pid 336] <... exit_group resumed>) = ? [pid 336] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [ 25.292744][ T338] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.315529][ T342] System zones: 1-12 [ 25.331946][ T337] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.344956][ T342] EXT4-fs error (device loop0): ext4_validate_inode_bitmap:106: comm syz-executor125: Corrupt inode bitmap - block_group = 0, inode_bitmap = 2561248185 [ 25.345040][ T340] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 299] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./2/binderfs" [pid 296] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./2/binderfs") = 0 [ 25.367965][ T342] EXT4-fs (loop0): mounted filesystem without journal. Opts: í4¥Ä£2¦¯…ÖòBIHð¬Ãq©¹; dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.394307][ T337] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.394529][ T338] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 296] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 342] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./2/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./2") = 0 [pid 299] mkdir("./3", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./2/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./2") = 0 [pid 296] mkdir("./3", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 342] <... openat resumed>) = 3 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 349 [pid 342] chdir("./file0") = 0 [pid 342] ioctl(4, LOOP_CLR_FD) = 0 [ 25.419072][ T340] System zones: 1-12 [ 25.423871][ T340] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.432773][ T338] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.437718][ T337] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 342] close(4) = 0 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555555d87660, 24) = 0 [pid 349] chdir("./3") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 342] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 342] exit_group(0) = ? [pid 342] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 295] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./3/binderfs") = 0 [pid 295] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 349] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 349] <... ioctl resumed>) = 0 [pid 349] close(3) = 0 [pid 349] mkdir("./file0", 0777) = 0 [pid 349] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 350 [ 25.464168][ T340] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.476158][ T337] EXT4-fs (loop2): 1 orphan inode deleted [ 25.481866][ T340] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.488203][ T338] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.499997][ T349] loop1: detected capacity change from 0 to 512 ./strace-static-x86_64: Process 350 attached [pid 337] <... mount resumed>) = 0 [ 25.511917][ T337] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.519070][ T340] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.538974][ T349] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 25.548522][ T338] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 350] set_robust_list(0x555555d87660, 24 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 350] <... set_robust_list resumed>) = 0 [pid 337] <... openat resumed>) = 3 [pid 350] chdir("./3" [pid 337] chdir("./file0" [pid 350] <... chdir resumed>) = 0 [pid 337] <... chdir resumed>) = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 337] ioctl(4, LOOP_CLR_FD [pid 350] <... prctl resumed>) = 0 [pid 337] <... ioctl resumed>) = 0 [pid 350] setpgid(0, 0 [pid 337] close(4 [pid 350] <... setpgid resumed>) = 0 [pid 337] <... close resumed>) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 350] <... openat resumed>) = 3 [pid 337] <... openat resumed>) = 4 [pid 350] write(3, "1000", 4 [pid 337] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 350] <... write resumed>) = 4 [pid 337] <... pwrite64 resumed>) = 4096 [pid 350] close(3 [pid 337] exit_group(0 [pid 350] <... close resumed>) = 0 [pid 337] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 350] symlink("/dev/binderfs", "./binderfs" [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./2/binderfs") = 0 [pid 297] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 350] <... symlink resumed>) = 0 [pid 350] memfd_create("syzkaller", 0) = 3 [ 25.559070][ T340] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.579941][ T349] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.586445][ T338] EXT4-fs (loop5): 1 orphan inode deleted [ 25.601573][ T349] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.602445][ T340] EXT4-fs (loop3): 1 orphan inode deleted [ 25.609850][ T349] System zones: 1-12 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 338] <... mount resumed>) = 0 [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("./file0") = 0 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 340] <... mount resumed>) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 340] chdir("./file0") = 0 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 [pid 340] close(4) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 350] <... write resumed>) = 262144 [pid 350] munmap(0x7fa39e8fb000, 138412032) = 0 [ 25.619259][ T338] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.621824][ T340] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 350] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... umount2 resumed>) = 0 [pid 338] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = 0 [pid 295] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 338] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 338] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 295] newfstatat(AT_FDCWD, "./3/file0", [pid 338] exit_group(0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 338] <... exit_group resumed>) = ? [pid 295] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 350] <... ioctl resumed>) = 0 [pid 340] <... openat resumed>) = 4 [pid 338] +++ exited with 0 +++ [pid 297] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 340] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 340] exit_group(0) = ? [pid 340] +++ exited with 0 +++ [pid 350] close(3) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] <... openat resumed>) = 4 [pid 300] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(4, "", [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... restart_syscall resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(4, [pid 300] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] newfstatat(3, "", [pid 297] <... openat resumed>) = 4 [pid 295] getdents64(4, [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(4, "", [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] close(4 [pid 300] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] getdents64(4, [pid 295] <... close resumed>) = 0 [pid 300] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 3 [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] rmdir("./3/file0" [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(3, "", [pid 297] getdents64(4, [pid 295] <... rmdir resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./2/binderfs", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] getdents64(3, [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] getdents64(3, [pid 297] close(4 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] unlink("./2/binderfs" [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] <... close resumed>) = 0 [pid 295] close(3 [pid 300] <... unlink resumed>) = 0 [pid 298] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./2/file0" [pid 295] <... close resumed>) = 0 [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... rmdir resumed>) = 0 [pid 295] rmdir("./3" [pid 298] newfstatat(AT_FDCWD, "./2/binderfs", [pid 297] getdents64(3, [pid 295] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] unlink("./2/binderfs" [pid 297] close(3 [pid 295] mkdir("./4", 0777 [pid 298] <... unlink resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 25.645974][ T349] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.671751][ T350] loop4: detected capacity change from 0 to 512 [ 25.695782][ T349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.710333][ T350] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [pid 297] rmdir("./2") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] mkdir("./3", 0777 [pid 295] <... openat resumed>) = 3 [pid 297] <... mkdir resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... openat resumed>) = 3 [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 353 [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 354 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555555d87660, 24) = 0 [pid 353] chdir("./4") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [ 25.719687][ T350] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.720759][ T349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.745642][ T350] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.746515][ T349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.753713][ T350] System zones: 1-12 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./2/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./2") = 0 [pid 300] mkdir("./3", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 355 [pid 353] <... openat resumed>) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 353] memfd_create("syzkaller", 0) = 3 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 353] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 354 attached ./strace-static-x86_64: Process 355 attached ) = 4 [pid 355] set_robust_list(0x555555d87660, 24 [pid 354] set_robust_list(0x555555d87660, 24 [pid 353] ioctl(4, LOOP_SET_FD, 3 [pid 355] <... set_robust_list resumed>) = 0 [pid 354] <... set_robust_list resumed>) = 0 [pid 355] chdir("./3") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] memfd_create("syzkaller", 0) = 3 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 354] chdir("./3" [pid 353] <... ioctl resumed>) = 0 [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 355] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_SET_FD, 3 [pid 354] <... chdir resumed>) = 0 [ 25.773017][ T350] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 25.796035][ T353] loop0: detected capacity change from 0 to 512 [ 25.802357][ T350] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.807719][ T355] loop5: detected capacity change from 0 to 512 [pid 353] close(3 [pid 355] <... ioctl resumed>) = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 353] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 355] close(3) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 354] <... prctl resumed>) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 354] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_SET_FD, 3 [pid 353] mkdir("./file0", 0777 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 354] <... ioctl resumed>) = 0 [pid 354] close(3) = 0 [pid 354] mkdir("./file0", 0777) = 0 [ 25.814752][ T350] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.821248][ T349] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 25.840054][ T350] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 25.855116][ T354] loop2: detected capacity change from 0 to 512 [ 25.857496][ T355] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 354] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 353] <... mkdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 353] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] newfstatat(AT_FDCWD, "./2/file0", [pid 349] <... mount resumed>) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./file0") = 0 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 349] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 349] exit_group(0) = ? [pid 349] +++ exited with 0 +++ [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./2/file0") = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./2") = 0 [pid 298] mkdir("./3", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 25.866697][ T349] EXT4-fs (loop1): 1 orphan inode deleted [ 25.870843][ T354] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 25.876292][ T349] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.882866][ T350] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x555555d87660, 24) = 0 [pid 356] chdir("./3") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 356] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 356] <... openat resumed>) = 4 [pid 356] ioctl(4, LOOP_SET_FD, 3 [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 356] <... ioctl resumed>) = 0 [pid 356] close(3) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 353] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 353] ioctl(4, LOOP_CLR_FD [pid 296] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./3/binderfs") = 0 [ 25.925640][ T353] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 25.925761][ T356] loop3: detected capacity change from 0 to 512 [ 25.932339][ T355] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.943639][ T356] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 25.957041][ T354] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.957066][ T350] EXT4-fs (loop4): 1 orphan inode deleted [pid 296] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 353] <... ioctl resumed>) = 0 [pid 350] <... mount resumed>) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 350] chdir("./file0") = 0 [pid 350] ioctl(4, LOOP_CLR_FD) = 0 [pid 350] close(4) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 350] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 350] exit_group(0) = ? [ 25.974376][ T354] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 25.974816][ T350] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 25.982220][ T356] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.005880][ T354] System zones: 1-12 [pid 353] close(4 [pid 350] +++ exited with 0 +++ [pid 353] <... close resumed>) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 3 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 353] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [ 26.023408][ T355] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.031916][ T354] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.046045][ T356] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.046777][ T355] System zones: [ 26.053942][ T356] System zones: [ 26.057404][ T356] 1-12 [ 26.061076][ T355] 1-12 [pid 299] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 353] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 353] exit_group(0 [pid 299] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./3/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./3") = 0 [pid 296] mkdir("./4", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 360 [pid 353] <... exit_group resumed>) = ? [pid 353] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./3/binderfs") = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 360 attached [ 26.065834][ T354] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.067065][ T355] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.077986][ T356] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.091078][ T354] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 360] set_robust_list(0x555555d87660, 24) = 0 [pid 295] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] chdir("./4" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... chdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... openat resumed>) = 3 [pid 360] <... prctl resumed>) = 0 [pid 295] newfstatat(3, "", [pid 360] setpgid(0, 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] <... setpgid resumed>) = 0 [pid 295] getdents64(3, [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 360] <... openat resumed>) = 3 [pid 295] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] write(3, "1000", 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... write resumed>) = 4 [pid 295] newfstatat(AT_FDCWD, "./4/binderfs", [pid 360] close(3 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... close resumed>) = 0 [pid 295] unlink("./4/binderfs" [pid 360] symlink("/dev/binderfs", "./binderfs" [pid 295] <... unlink resumed>) = 0 [pid 360] <... symlink resumed>) = 0 [ 26.117270][ T356] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.134675][ T354] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.135676][ T355] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.147130][ T356] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 295] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] memfd_create("syzkaller", 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... memfd_create resumed>) = 3 [pid 295] newfstatat(AT_FDCWD, "./4/file0", [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... mmap resumed>) = 0x7fa39e8fb000 [pid 295] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... write resumed>) = 262144 [pid 295] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 360] munmap(0x7fa39e8fb000, 138412032 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 360] <... munmap resumed>) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] close(4 [pid 360] <... openat resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 360] ioctl(4, LOOP_SET_FD, 3 [pid 295] rmdir("./4/file0" [pid 360] <... ioctl resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./4") = 0 [pid 295] mkdir("./5", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 362 [pid 360] close(3) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"..../strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555555d87660, 24) = 0 [pid 362] chdir("./5") = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] memfd_create("syzkaller", 0) = 3 [ 26.160435][ T354] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.183539][ T356] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.191786][ T360] loop1: detected capacity change from 0 to 512 [ 26.209513][ T355] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 362] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 362] close(3) = 0 [pid 362] mkdir("./file0", 0777) = 0 [ 26.210743][ T360] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 26.229601][ T355] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.234245][ T362] loop0: detected capacity change from 0 to 512 [ 26.241777][ T356] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.250344][ T354] EXT4-fs (loop2): 1 orphan inode deleted [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 354] <... mount resumed>) = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("./file0") = 0 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 354] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 354] exit_group(0) = ? [pid 354] +++ exited with 0 +++ [ 26.260954][ T355] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.266037][ T362] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 26.279585][ T356] EXT4-fs (loop3): 1 orphan inode deleted [ 26.285982][ T354] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 26.294421][ T355] EXT4-fs (loop5): 1 orphan inode deleted [ 26.319970][ T360] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.328318][ T356] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 355] <... mount resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./3/file0", [pid 356] <... mount resumed>) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("./file0") = 0 [pid 356] ioctl(4, LOOP_CLR_FD) = 0 [pid 356] close(4) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 356] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 356] exit_group(0) = ? [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] getdents64(4, [pid 297] <... openat resumed>) = 3 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] newfstatat(3, "", [pid 355] <... openat resumed>) = 3 [pid 299] getdents64(4, [pid 355] chdir("./file0" [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 355] <... chdir resumed>) = 0 [pid 299] close(4 [pid 297] getdents64(3, [pid 299] <... close resumed>) = 0 [pid 355] ioctl(4, LOOP_CLR_FD [pid 299] rmdir("./3/file0" [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 355] <... ioctl resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 355] close(4 [pid 299] getdents64(3, [pid 297] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 356] +++ exited with 0 +++ [pid 355] <... close resumed>) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 355] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 355] exit_group(0) = ? [pid 299] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 297] newfstatat(AT_FDCWD, "./3/binderfs", [pid 299] <... close resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] rmdir("./3" [pid 298] <... restart_syscall resumed>) = 0 [pid 297] unlink("./3/binderfs" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 299] mkdir("./4", 0777 [pid 297] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 362] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 355] +++ exited with 0 +++ [pid 299] <... mkdir resumed>) = 0 [pid 298] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] newfstatat(3, "", [pid 299] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 364 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./3/binderfs") = 0 [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555555d87660, 24) = 0 [pid 364] chdir("./4") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 364] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3 [pid 362] ioctl(4, LOOP_CLR_FD [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [ 26.334458][ T355] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 26.355830][ T362] EXT4-fs (loop0): Encoding requested by superblock is unknown [ 26.384185][ T360] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.403140][ T360] System zones: 1-12 [ 26.409556][ T360] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 300] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./3/binderfs" [pid 364] <... ioctl resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 364] close(3) = 0 [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 364] mkdir("./file0", 0777) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 364] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./3/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./3") = 0 [pid 300] mkdir("./4", 0777) = 0 [ 26.423590][ T360] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.436373][ T360] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.438045][ T364] loop4: detected capacity change from 0 to 512 [ 26.458264][ T364] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 26.458540][ T360] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./3/file0") = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./3") = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] mkdir("./4", 0777 [pid 300] <... openat resumed>) = 3 [pid 297] <... mkdir resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 365 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x555555d87660, 24) = 0 [pid 366] chdir("./4") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 366] munmap(0x7fa39e8fb000, 138412032) = 0 [ 26.477107][ T364] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.477582][ T360] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.501624][ T360] EXT4-fs (loop1): 1 orphan inode deleted [pid 366] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 365 attached [pid 360] <... mount resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 365] set_robust_list(0x555555d87660, 24 [pid 298] newfstatat(AT_FDCWD, "./3/file0", [pid 365] <... set_robust_list resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 365] chdir("./4" [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 365] <... chdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 365] <... prctl resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 365] setpgid(0, 0 [pid 298] newfstatat(4, "", [pid 365] <... setpgid resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] getdents64(4, [pid 365] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 365] write(3, "1000", 4 [pid 298] getdents64(4, [pid 365] <... write resumed>) = 4 [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 365] close(3 [pid 298] close(4 [pid 365] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs" [pid 298] rmdir("./3/file0" [pid 365] <... symlink resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 365] memfd_create("syzkaller", 0 [pid 298] getdents64(3, [pid 365] <... memfd_create resumed>) = 3 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] close(3 [pid 365] <... mmap resumed>) = 0x7fa39e8fb000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 298] <... close resumed>) = 0 [pid 365] <... write resumed>) = 262144 [pid 298] rmdir("./3") = 0 [pid 298] mkdir("./4", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 365] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 365] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 365] ioctl(4, LOOP_SET_FD, 3 [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 368 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 366] <... ioctl resumed>) = 0 [pid 366] close(3) = 0 [pid 360] <... openat resumed>) = 3 [pid 360] chdir("./file0") = 0 [pid 366] mkdir("./file0", 0777 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 366] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 368 attached [pid 366] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 360] <... openat resumed>) = 4 [pid 360] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./4/binderfs") = 0 [pid 296] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 362] <... ioctl resumed>) = 0 [pid 362] close(4 [pid 368] set_robust_list(0x555555d87660, 24) = 0 [pid 368] chdir("./4") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 365] <... ioctl resumed>) = 0 [pid 365] close(3) = 0 [pid 365] mkdir("./file0", 0777 [pid 368] <... openat resumed>) = 3 [pid 365] <... mkdir resumed>) = 0 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] memfd_create("syzkaller", 0 [pid 362] <... close resumed>) = 0 [pid 368] <... memfd_create resumed>) = 3 [pid 365] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 362] <... openat resumed>) = 3 [pid 368] <... mmap resumed>) = 0x7fa39e8fb000 [pid 362] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 362] exit_group(0) = ? [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 362] +++ exited with 0 +++ [ 26.509375][ T360] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 26.524361][ T366] loop2: detected capacity change from 0 to 512 [ 26.540214][ T364] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.543247][ T365] loop5: detected capacity change from 0 to 512 [ 26.548234][ T364] System zones: 1-12 [ 26.560829][ T364] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 295] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./5/binderfs") = 0 [pid 295] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 368] <... write resumed>) = 262144 [pid 295] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 368] munmap(0x7fa39e8fb000, 138412032 [pid 295] <... openat resumed>) = 4 [pid 368] <... munmap resumed>) = 0 [pid 295] newfstatat(4, "", [pid 368] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 368] <... openat resumed>) = 4 [pid 295] getdents64(4, [pid 368] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 368] <... ioctl resumed>) = 0 [pid 368] close(3) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 26.585443][ T365] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 26.585634][ T366] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 26.597216][ T368] loop3: detected capacity change from 0 to 512 [ 26.605971][ T365] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.608931][ T364] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 368] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 296] <... umount2 resumed>) = 0 [pid 295] getdents64(4, [pid 296] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] close(4 [pid 296] newfstatat(AT_FDCWD, "./4/file0", [pid 295] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] rmdir("./5/file0" [pid 296] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(3, [pid 296] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... openat resumed>) = 4 [pid 295] close(3 [pid 296] newfstatat(4, "", [pid 295] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] rmdir("./5" [pid 296] getdents64(4, [pid 295] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] mkdir("./6", 0777 [pid 296] getdents64(4, [pid 295] <... mkdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] close(4 [pid 295] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] rmdir("./4/file0" [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] close(3) = 0 [pid 296] rmdir("./4") = 0 [pid 296] mkdir("./5", 0777 [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 371 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 372 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x555555d87660, 24) = 0 ./strace-static-x86_64: Process 372 attached [pid 371] chdir("./6") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [ 26.620900][ T368] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 26.637124][ T366] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.646210][ T365] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.649514][ T364] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.669727][ T364] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 372] set_robust_list(0x555555d87660, 24) = 0 [pid 372] chdir("./5" [pid 371] <... openat resumed>) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [ 26.689473][ T365] System zones: 1-12 [ 26.692706][ T366] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.693913][ T365] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.714214][ T368] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.726325][ T364] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 371] memfd_create("syzkaller", 0 [pid 372] <... chdir resumed>) = 0 [pid 371] <... memfd_create resumed>) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 26.726833][ T366] System zones: [ 26.739158][ T368] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 26.742560][ T368] System zones: [ 26.750288][ T366] 1-12 [ 26.757026][ T368] 1-12 [ 26.757146][ T366] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.764447][ T371] loop0: detected capacity change from 0 to 512 [ 26.772897][ T364] EXT4-fs (loop4): 1 orphan inode deleted [pid 372] <... prctl resumed>) = 0 [pid 372] setpgid(0, 0 [pid 371] <... write resumed>) = 262144 [pid 372] <... setpgid resumed>) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 371] munmap(0x7fa39e8fb000, 138412032 [pid 372] <... openat resumed>) = 3 [pid 372] write(3, "1000", 4 [pid 371] <... munmap resumed>) = 0 [pid 372] <... write resumed>) = 4 [pid 372] close(3 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 372] <... close resumed>) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs" [pid 371] <... openat resumed>) = 4 [pid 372] <... symlink resumed>) = 0 [pid 372] memfd_create("syzkaller", 0 [pid 371] ioctl(4, LOOP_SET_FD, 3 [pid 372] <... memfd_create resumed>) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 371] <... ioctl resumed>) = 0 [pid 372] <... mmap resumed>) = 0x7fa39e8fb000 [pid 371] close(3 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 371] <... close resumed>) = 0 [pid 372] <... write resumed>) = 262144 [pid 371] mkdir("./file0", 0777 [pid 372] munmap(0x7fa39e8fb000, 138412032 [pid 371] <... mkdir resumed>) = 0 [pid 372] <... munmap resumed>) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 372] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] mkdir("./file0", 0777) = 0 [ 26.778593][ T368] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 26.784089][ T365] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.802923][ T372] loop1: detected capacity change from 0 to 512 [ 26.814935][ T371] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [pid 372] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 364] <... mount resumed>) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file0") = 0 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 364] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 364] exit_group(0) = ? [pid 364] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./4/binderfs") = 0 [ 26.815061][ T364] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 26.824199][ T366] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.857403][ T372] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 26.864360][ T365] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.877439][ T371] EXT4-fs (loop0): Encoding requested by superblock is unknown [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 371] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 26.880848][ T366] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.885200][ T368] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.898539][ T366] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.910016][ T365] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.921292][ T366] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.933051][ T372] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.957346][ T368] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.970257][ T368] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 26.982486][ T366] EXT4-fs (loop2): 1 orphan inode deleted [ 26.982695][ T365] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 26.988109][ T366] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.002154][ T365] EXT4-fs (loop5): 1 orphan inode deleted [pid 371] ioctl(4, LOOP_CLR_FD [pid 366] <... mount resumed>) = 0 [pid 366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 371] <... ioctl resumed>) = 0 [pid 366] <... openat resumed>) = 3 [pid 365] <... mount resumed>) = 0 [pid 371] close(4 [pid 366] chdir("./file0" [pid 371] <... close resumed>) = 0 [pid 366] <... chdir resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 366] ioctl(4, LOOP_CLR_FD [pid 371] <... openat resumed>) = 3 [pid 366] <... ioctl resumed>) = 0 [pid 371] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 366] close(4 [pid 371] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 366] <... close resumed>) = 0 [pid 371] exit_group(0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 371] <... exit_group resumed>) = ? [pid 366] <... openat resumed>) = 4 [pid 371] +++ exited with 0 +++ [pid 366] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ [pid 295] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 295] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] newfstatat(AT_FDCWD, "./6/binderfs", [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 295] unlink("./6/binderfs" [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] <... unlink resumed>) = 0 [pid 297] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./4/binderfs", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./6/file0", [pid 297] unlink("./4/binderfs" [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... unlink resumed>) = 0 [pid 295] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./6/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./6") = 0 [pid 295] mkdir("./7", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 375 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 365] chdir("./file0") = 0 [pid 365] ioctl(4, LOOP_CLR_FD) = 0 [pid 365] close(4) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 365] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 365] exit_group(0) = ? [pid 365] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 300] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 300] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./4/binderfs") = 0 [ 27.024159][ T368] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.030283][ T365] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.066971][ T368] EXT4-fs (loop3): 1 orphan inode deleted [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555555d87660, 24) = 0 [pid 375] chdir("./7") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] memfd_create("syzkaller", 0) = 3 [pid 299] newfstatat(AT_FDCWD, "./4/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./4/file0", [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 4 [pid 299] getdents64(4, [pid 297] newfstatat(4, "", [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 375] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] close(4 [pid 297] getdents64(4, [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./4/file0" [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] close(4 [pid 375] <... ioctl resumed>) = 0 [pid 375] close(3) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 368] <... mount resumed>) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 27.072531][ T368] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.084124][ T372] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.108882][ T372] System zones: 1-12 [ 27.119916][ T372] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 27.123559][ T375] loop0: detected capacity change from 0 to 512 [pid 368] chdir("./file0") = 0 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 368] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./4") = 0 [pid 299] mkdir("./5", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555555d87660, 24) = 0 [pid 377] chdir("./5") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] memfd_create("syzkaller", 0) = 3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./4/file0" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 297] <... rmdir resumed>) = 0 [pid 377] <... write resumed>) = 262144 [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./4/file0", [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(3 [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] rmdir("./4" [pid 300] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 297] <... rmdir resumed>) = 0 [pid 298] newfstatat(3, "", [pid 300] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] mkdir("./5", 0777 [pid 377] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 377] ioctl(4, LOOP_SET_FD, 3 [pid 300] newfstatat(4, "", [pid 298] getdents64(3, [pid 297] <... mkdir resumed>) = 0 [pid 377] <... ioctl resumed>) = 0 [pid 377] close(3) = 0 [pid 377] mkdir("./file0", 0777) = 0 [ 27.140104][ T372] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.153266][ T375] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.164271][ T375] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.165765][ T377] loop4: detected capacity change from 0 to 512 [pid 377] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] getdents64(4, [pid 298] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(4, [pid 298] newfstatat(AT_FDCWD, "./4/binderfs", [pid 297] ioctl(3, LOOP_CLR_FD [pid 300] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 27.177456][ T372] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.184276][ T375] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4095657390)! [ 27.205988][ T375] EXT4-fs (loop0): group descriptors corrupted! [ 27.212369][ T377] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 27.221288][ T372] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 300] close(4) = 0 [pid 298] unlink("./4/binderfs" [pid 297] close(3 [pid 300] rmdir("./4/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./4") = 0 [pid 300] mkdir("./5", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555555d87660, 24) = 0 [pid 379] chdir("./5") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 379] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... unlink resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 375] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 27.233276][ T377] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.234073][ T372] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.258857][ T377] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.259236][ T372] EXT4-fs (loop1): 1 orphan inode deleted [ 27.267281][ T377] System zones: 1-12 [ 27.273894][ T379] loop5: detected capacity change from 0 to 512 [pid 375] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 380 attached [pid 379] <... ioctl resumed>) = 0 [pid 372] <... mount resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 380 [pid 379] close(3) = 0 [pid 379] mkdir("./file0", 0777) = 0 [pid 379] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file0") = 0 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 380] set_robust_list(0x555555d87660, 24) = 0 [pid 380] chdir("./5") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] memfd_create("syzkaller", 0) = 3 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 380] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 27.277309][ T372] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.282489][ T377] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 27.327929][ T379] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 380] ioctl(4, LOOP_SET_FD, 3 [pid 375] <... ioctl resumed>) = 0 [pid 372] <... openat resumed>) = 4 [pid 380] <... ioctl resumed>) = 0 [pid 380] close(3) = 0 [pid 380] mkdir("./file0", 0777) = 0 [ 27.331648][ T377] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.336912][ T380] loop2: detected capacity change from 0 to 512 [ 27.347647][ T377] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.353035][ T379] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.373317][ T377] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 380] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 375] close(4 [pid 372] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 375] <... close resumed>) = 0 [pid 372] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 298] <... umount2 resumed>) = 0 [pid 372] exit_group(0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 372] <... exit_group resumed>) = ? [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... openat resumed>) = 3 [pid 372] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 375] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 298] newfstatat(AT_FDCWD, "./4/file0", [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [ 27.380041][ T379] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.389581][ T377] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.397632][ T380] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 27.417482][ T380] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.421837][ T379] System zones: 1-12 [ 27.430504][ T377] EXT4-fs (loop4): 1 orphan inode deleted [pid 377] <... mount resumed>) = 0 [pid 375] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 27.433961][ T379] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 27.439707][ T377] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.452011][ T380] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 375] exit_group(0 [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 375] +++ exited with 0 +++ [pid 298] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 298] newfstatat(4, "", [pid 296] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 298] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(3, [pid 298] getdents64(4, [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./5/binderfs", [pid 298] rmdir("./4/file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] unlink("./5/binderfs" [pid 298] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 295] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./4" [pid 295] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... rmdir resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 298] mkdir("./5", 0777 [pid 295] newfstatat(3, "", [pid 298] <... mkdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] getdents64(3, [pid 298] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] close(3 [pid 295] newfstatat(AT_FDCWD, "./7/binderfs", [pid 298] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] unlink("./7/binderfs" [pid 377] <... openat resumed>) = 3 [pid 295] <... unlink resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 383 [pid 295] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./7/file0") = 0 [pid 377] chdir("./file0" [pid 295] getdents64(3, [pid 377] <... chdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 383 attached [pid 377] ioctl(4, LOOP_CLR_FD [pid 295] close(3 [pid 377] <... ioctl resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 377] close(4 [pid 295] rmdir("./7" [pid 377] <... close resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 295] mkdir("./8", 0777 [pid 377] <... openat resumed>) = 4 [pid 295] <... mkdir resumed>) = 0 [pid 377] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 377] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 295] <... openat resumed>) = 3 [pid 383] set_robust_list(0x555555d87660, 24 [pid 377] exit_group(0 [pid 383] <... set_robust_list resumed>) = 0 [pid 383] chdir("./5") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 383] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 27.483640][ T379] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.496380][ T379] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.509041][ T380] System zones: 1-12 [ 27.513373][ T379] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.524686][ T380] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 383] ioctl(4, LOOP_SET_FD, 3 [pid 377] <... exit_group resumed>) = ? [pid 295] ioctl(3, LOOP_CLR_FD [pid 383] <... ioctl resumed>) = 0 [pid 383] close(3) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 377] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 299] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./5/binderfs") = 0 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x555555d87660, 24) = 0 [pid 384] chdir("./8") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] <... umount2 resumed>) = 0 [pid 384] memfd_create("syzkaller", 0) = 3 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 27.529963][ T383] loop3: detected capacity change from 0 to 512 [ 27.538896][ T379] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.565380][ T379] EXT4-fs (loop5): 1 orphan inode deleted [ 27.570692][ T383] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 27.571148][ T380] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... write resumed>) = 262144 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 379] <... mount resumed>) = 0 [pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 379] chdir("./file0") = 0 [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 379] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 379] exit_group(0) = ? [pid 379] +++ exited with 0 +++ [pid 384] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.589816][ T383] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.590740][ T379] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.603064][ T380] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.630417][ T384] loop0: detected capacity change from 0 to 512 [pid 384] ioctl(4, LOOP_SET_FD, 3 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 296] newfstatat(AT_FDCWD, "./5/file0", [pid 384] <... ioctl resumed>) = 0 [pid 384] close(3) = 0 [pid 384] mkdir("./file0", 0777) = 0 [pid 384] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./5/binderfs") = 0 [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./5/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./5") = 0 [pid 296] mkdir("./6", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 386 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, ./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x555555d87660, 24) = 0 [pid 386] chdir("./6") = 0 [pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 386] setpgid(0, 0) = 0 [pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 386] write(3, "1000", 4) = 4 [pid 386] close(3) = 0 [pid 386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] memfd_create("syzkaller", 0) = 3 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 386] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 386] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 386] <... ioctl resumed>) = 0 [pid 386] close(3) = 0 [ 27.642185][ T380] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.653873][ T383] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.665000][ T383] System zones: 1-12 [ 27.674598][ T383] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 27.682183][ T386] loop1: detected capacity change from 0 to 512 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./5/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./5") = 0 [pid 299] mkdir("./6", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 27.688491][ T380] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.696049][ T384] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.706590][ T386] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 27.720964][ T384] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 387 attached [pid 300] <... umount2 resumed>) = 0 [pid 387] set_robust_list(0x555555d87660, 24 [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 387 [ 27.733447][ T383] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.743418][ T384] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.746234][ T380] EXT4-fs (loop2): 1 orphan inode deleted [ 27.753262][ T386] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 27.758974][ T380] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 387] <... set_robust_list resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 387] chdir("./6" [pid 300] newfstatat(AT_FDCWD, "./5/file0", [pid 380] <... mount resumed>) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 380] chdir("./file0") = 0 [pid 380] ioctl(4, LOOP_CLR_FD) = 0 [pid 380] close(4) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 380] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ [pid 387] <... chdir resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 387] <... prctl resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 27.770751][ T384] System zones: [ 27.794259][ T383] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.794589][ T386] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 27.801311][ T384] 1-12 [ 27.818691][ T383] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.824650][ T386] System zones: 1-12 [ 27.833681][ T384] [pid 387] setpgid(0, 0 [pid 300] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 387] <... setpgid resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 297] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 27.838181][ T386] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 27.839638][ T384] EXT4-fs (loop0): too many log groups per flexible block group [ 27.859803][ T383] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.860087][ T386] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.872899][ T384] EXT4-fs (loop0): failed to initialize mballoc (-12) [pid 387] <... openat resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 387] write(3, "1000", 4 [pid 300] getdents64(4, [pid 297] <... openat resumed>) = 3 [pid 387] <... write resumed>) = 4 [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [ 27.884929][ T386] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 27.891264][ T383] EXT4-fs (loop3): 1 orphan inode deleted [ 27.903575][ T386] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 27.910017][ T384] EXT4-fs (loop0): mount failed [ 27.920944][ T386] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 297] newfstatat(3, "", [pid 387] close(3 [pid 300] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 387] <... close resumed>) = 0 [pid 300] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs" [pid 300] close(4 [pid 387] <... symlink resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 387] memfd_create("syzkaller", 0 [pid 300] rmdir("./5/file0" [pid 387] <... memfd_create resumed>) = 3 [pid 300] <... rmdir resumed>) = 0 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] getdents64(3, [pid 387] <... mmap resumed>) = 0x7fa39e8fb000 [pid 300] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 300] close(3 [pid 297] getdents64(3, [pid 300] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] rmdir("./5" [pid 297] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] mkdir("./6", 0777 [pid 297] newfstatat(AT_FDCWD, "./5/binderfs", [pid 300] <... mkdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] unlink("./5/binderfs" [pid 300] <... openat resumed>) = 3 [pid 297] <... unlink resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 387] <... write resumed>) = 262144 [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 390 [pid 387] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 27.926277][ T383] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 27.938097][ T386] EXT4-fs (loop1): 1 orphan inode deleted [ 27.967341][ T386] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 387] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 390 attached [pid 386] <... mount resumed>) = 0 [pid 383] <... mount resumed>) = 0 [pid 384] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 386] chdir("./file0" [pid 384] ioctl(4, LOOP_CLR_FD [pid 386] <... chdir resumed>) = 0 [pid 386] ioctl(4, LOOP_CLR_FD) = 0 [pid 386] close(4 [pid 390] set_robust_list(0x555555d87660, 24 [pid 387] <... ioctl resumed>) = 0 [pid 386] <... close resumed>) = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 387] close(3) = 0 [pid 383] <... openat resumed>) = 3 [pid 387] mkdir("./file0", 0777) = 0 [pid 390] <... set_robust_list resumed>) = 0 [pid 390] chdir("./6" [pid 383] chdir("./file0") = 0 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [pid 383] close(4) = 0 [pid 390] <... chdir resumed>) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 390] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 390] close(3) = 0 [pid 390] mkdir("./file0", 0777) = 0 [ 27.973904][ T387] loop4: detected capacity change from 0 to 512 [ 28.006206][ T387] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 28.016004][ T390] loop5: detected capacity change from 0 to 512 [ 28.023442][ T387] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.023567][ T390] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 390] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 386] <... openat resumed>) = 4 [pid 384] <... ioctl resumed>) = 0 [pid 383] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = 0 [pid 386] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 384] close(4 [pid 383] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 297] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 386] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 384] <... close resumed>) = 0 [pid 383] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 386] exit_group(0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 383] exit_group(0 [pid 297] newfstatat(AT_FDCWD, "./5/file0", [pid 386] <... exit_group resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 384] <... openat resumed>) = 3 [pid 383] <... exit_group resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 384] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 383] +++ exited with 0 +++ [pid 297] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 384] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] exit_group(0 [pid 297] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 384] <... exit_group resumed>) = ? [pid 297] <... openat resumed>) = 4 [pid 384] +++ exited with 0 +++ [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./5/file0") = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./5") = 0 [pid 297] mkdir("./6", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 393 [ 28.042318][ T387] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.042397][ T390] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.050116][ T387] System zones: 1-12 [ 28.074829][ T390] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.083409][ T390] System zones: 1-12 [pid 298] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 295] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x555555d87660, 24) = 0 [pid 393] chdir("./6") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] memfd_create("syzkaller", 0) = 3 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 393] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 393] close(3) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./5/binderfs") = 0 [pid 298] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./6/binderfs") = 0 [pid 296] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 28.087578][ T387] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 28.093609][ T393] loop2: detected capacity change from 0 to 512 [ 28.100699][ T390] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 28.112372][ T393] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 28.128039][ T387] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 295] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./8/binderfs") = 0 [pid 295] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./8/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./8") = 0 [pid 295] mkdir("./9", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 396 [ 28.128832][ T393] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.153538][ T390] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.153939][ T387] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.166694][ T393] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x555555d87660, 24) = 0 [pid 396] chdir("./9") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] memfd_create("syzkaller", 0) = 3 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 396] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.187028][ T387] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.190339][ T393] System zones: 1-12 [ 28.204533][ T390] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.213531][ T393] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 28.227851][ T396] loop0: detected capacity change from 0 to 512 [pid 396] ioctl(4, LOOP_SET_FD, 3 [pid 298] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./6/file0", [pid 396] <... ioctl resumed>) = 0 [pid 396] close(3) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./5/file0", [ 28.230728][ T387] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.236158][ T390] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.249200][ T387] EXT4-fs (loop4): 1 orphan inode deleted [ 28.266536][ T390] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.267213][ T393] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 296] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 28.279608][ T396] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 28.291371][ T390] EXT4-fs (loop5): 1 orphan inode deleted [ 28.298323][ T387] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 298] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 4 [pid 298] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(4, "", [pid 298] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] newfstatat(4, "", [pid 296] getdents64(4, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 296] close(4 [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 298] close(4 [pid 296] rmdir("./6/file0" [pid 298] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] rmdir("./5/file0" [pid 296] getdents64(3, [pid 298] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 296] close(3 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 298] close(3 [pid 296] rmdir("./6" [pid 298] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] rmdir("./5" [pid 296] mkdir("./7", 0777 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 298] mkdir("./6", 0777 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... mkdir resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] close(3 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 298] close(3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 397 ./strace-static-x86_64: Process 397 attached [pid 387] <... mount resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 398 [pid 397] set_robust_list(0x555555d87660, 24 [pid 387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 397] <... set_robust_list resumed>) = 0 [pid 387] <... openat resumed>) = 3 [pid 397] chdir("./7" [pid 387] chdir("./file0"./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x555555d87660, 24) = 0 [pid 398] chdir("./6") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs" [pid 397] <... chdir resumed>) = 0 [pid 387] <... chdir resumed>) = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] ioctl(4, LOOP_CLR_FD [pid 398] <... symlink resumed>) = 0 [pid 398] memfd_create("syzkaller", 0) = 3 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 397] setpgid(0, 0 [pid 387] <... ioctl resumed>) = 0 [pid 397] <... setpgid resumed>) = 0 [pid 387] close(4 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 387] <... close resumed>) = 0 [ 28.303662][ T390] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 28.327151][ T396] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.364647][ T396] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.372645][ T393] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.372797][ T396] System zones: 1-12 [pid 397] <... openat resumed>) = 3 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 398] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3 [pid 397] write(3, "1000", 4 [pid 387] <... openat resumed>) = 4 [pid 397] <... write resumed>) = 4 [pid 387] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 398] <... ioctl resumed>) = 0 [pid 398] close(3) = 0 [pid 398] mkdir("./file0", 0777) = 0 [pid 398] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 390] <... mount resumed>) = 0 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 390] chdir("./file0") = 0 [pid 390] ioctl(4, LOOP_CLR_FD) = 0 [pid 390] close(4) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 390] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 390] exit_group(0) = ? [pid 397] close(3 [pid 387] <... pwrite64 resumed>) = 4096 [pid 397] <... close resumed>) = 0 [pid 387] exit_group(0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] <... exit_group resumed>) = ? [pid 397] memfd_create("syzkaller", 0 [pid 387] +++ exited with 0 +++ [pid 397] <... memfd_create resumed>) = 3 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 397] <... mmap resumed>) = 0x7fa39e8fb000 [pid 299] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./6/binderfs") = 0 [pid 299] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 397] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 390] +++ exited with 0 +++ [pid 397] <... openat resumed>) = 4 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [ 28.390537][ T396] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 28.398139][ T398] loop3: detected capacity change from 0 to 512 [ 28.410289][ T396] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.422658][ T393] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.434797][ T398] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] <... restart_syscall resumed>) = 0 [pid 300] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./6/binderfs") = 0 [pid 300] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 397] close(3) = 0 [pid 397] mkdir("./file0", 0777) = 0 [pid 397] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] <... umount2 resumed>) = 0 [ 28.456953][ T398] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.457049][ T397] loop1: detected capacity change from 0 to 512 [ 28.469274][ T396] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.477876][ T393] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.489983][ T397] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [pid 299] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 28.507433][ T396] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 28.521192][ T393] EXT4-fs (loop2): 1 orphan inode deleted [ 28.521629][ T397] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 299] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 393] <... mount resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./6/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./6") = 0 [pid 299] mkdir("./7", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 401 [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 393] chdir("./file0") = 0 [pid 393] ioctl(4, LOOP_CLR_FD) = 0 [pid 393] close(4) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 393] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 393] exit_group(0) = ? [pid 393] +++ exited with 0 +++ ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x555555d87660, 24) = 0 [pid 401] chdir("./7") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 401] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... umount2 resumed>) = 0 [pid 401] <... ioctl resumed>) = 0 [pid 401] close(3) = 0 [pid 401] mkdir("./file0", 0777) = 0 [ 28.527434][ T393] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 28.539512][ T396] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor125: Invalid inode table block 2158967614 in block_group 0 [ 28.576547][ T398] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.584304][ T398] System zones: 1-12 [ 28.588393][ T396] EXT4-fs error (device loop0): ext4_evict_inode:294: comm syz-executor125: couldn't truncate inode 15 (err -117) [ 28.597463][ T401] loop4: detected capacity change from 0 to 512 [pid 401] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 300] newfstatat(AT_FDCWD, "./6/file0", [pid 297] <... restart_syscall resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 28.606608][ T398] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 28.609713][ T401] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 28.627199][ T397] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.627390][ T398] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.634943][ T397] System zones: 1-12 [ 28.635759][ T396] EXT4-fs (loop0): 1 orphan inode deleted [pid 297] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 396] <... mount resumed>) = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 396] chdir("./file0") = 0 [pid 396] ioctl(4, LOOP_CLR_FD) = 0 [pid 396] close(4) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 396] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 396] exit_group(0) = ? [pid 396] +++ exited with 0 +++ [ 28.650105][ T398] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.651024][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: í4¥Ä£2¦¯…ÖòBIHð¬Ãq©¹; dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 28.656920][ T397] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 300] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 3 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 300] getdents64(4, [pid 297] newfstatat(3, "", [pid 295] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./6/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [ 28.672541][ T401] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.707804][ T398] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 28.720804][ T397] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.732583][ T398] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 300] rmdir("./6") = 0 [pid 300] mkdir("./7", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 404 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./6/binderfs") = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 404 attached [pid 297] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] set_robust_list(0x555555d87660, 24 [pid 295] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 404] <... set_robust_list resumed>) = 0 [pid 295] <... openat resumed>) = 3 [ 28.745422][ T401] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 28.764002][ T397] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.768626][ T401] System zones: 1-12 [ 28.777596][ T398] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.781363][ T401] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 404] chdir("./7" [pid 295] newfstatat(3, "", [pid 404] <... chdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] getdents64(3, [pid 398] <... mount resumed>) = 0 [pid 404] <... prctl resumed>) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 398] chdir("./file0") = 0 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4 [pid 404] setpgid(0, 0) = 0 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] <... openat resumed>) = 3 [pid 404] write(3, "1000", 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 404] <... write resumed>) = 4 [pid 295] newfstatat(AT_FDCWD, "./9/binderfs", [pid 404] close(3) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs" [pid 295] unlink("./9/binderfs" [pid 398] <... close resumed>) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 404] <... symlink resumed>) = 0 [pid 398] <... openat resumed>) = 4 [pid 398] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 398] exit_group(0) = ? [pid 398] +++ exited with 0 +++ [ 28.797444][ T397] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.806596][ T398] EXT4-fs (loop3): 1 orphan inode deleted [ 28.823482][ T398] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 404] memfd_create("syzkaller", 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 295] <... unlink resumed>) = 0 [pid 404] <... memfd_create resumed>) = 3 [pid 295] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 404] <... mmap resumed>) = 0x7fa39e8fb000 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 298] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./6/binderfs", [pid 404] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./6/binderfs" [pid 404] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 404] <... ioctl resumed>) = 0 [pid 404] close(3) = 0 [pid 404] mkdir("./file0", 0777) = 0 [ 28.852502][ T397] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.873110][ T404] loop5: detected capacity change from 0 to 512 [ 28.875324][ T401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.881478][ T397] EXT4-fs (loop1): 1 orphan inode deleted [ 28.891981][ T401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 404] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 297] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./6/file0") = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./6") = 0 [pid 297] mkdir("./7", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 405 ./strace-static-x86_64: Process 405 attached [pid 298] newfstatat(AT_FDCWD, "./6/file0", [pid 295] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 397] <... mount resumed>) = 0 [pid 397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("./file0") = 0 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 397] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 397] exit_group(0) = ? [pid 397] +++ exited with 0 +++ [pid 405] set_robust_list(0x555555d87660, 24) = 0 [pid 405] chdir("./7") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] memfd_create("syzkaller", 0) = 3 [ 28.897020][ T404] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 28.912026][ T401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 28.927090][ T397] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 405] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 405] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 295] newfstatat(AT_FDCWD, "./9/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... openat resumed>) = 4 [pid 296] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] getdents64(4, [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 4 [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] newfstatat(3, "", [pid 295] newfstatat(4, "", [pid 298] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 295] getdents64(4, [pid 298] close(4 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] <... close resumed>) = 0 [pid 296] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 298] rmdir("./6/file0" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 405] <... ioctl resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] close(4 [pid 298] getdents64(3, [pid 296] newfstatat(AT_FDCWD, "./7/binderfs", [pid 295] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] rmdir("./9/file0" [pid 298] <... close resumed>) = 0 [pid 296] unlink("./7/binderfs" [pid 405] close(3 [pid 295] <... rmdir resumed>) = 0 [pid 298] rmdir("./6" [pid 296] <... unlink resumed>) = 0 [pid 295] getdents64(3, [pid 405] <... close resumed>) = 0 [pid 405] mkdir("./file0", 0777 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./7", 0777 [pid 296] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 295] close(3 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 295] rmdir("./9" [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] <... rmdir resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 295] mkdir("./10", 0777 [pid 298] <... close resumed>) = 0 [pid 405] <... mkdir resumed>) = 0 [pid 405] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] <... mkdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x555555d87660, 24) = 0 [pid 406] chdir("./7") = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 406] setpgid(0, 0) = 0 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 406] write(3, "1000", 4) = 4 [pid 406] close(3) = 0 [pid 406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 406] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 406 [pid 295] ioctl(3, LOOP_CLR_FD [pid 406] <... ioctl resumed>) = 0 [pid 406] close(3) = 0 [pid 406] mkdir("./file0", 0777) = 0 [ 28.944153][ T401] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 28.963219][ T405] loop2: detected capacity change from 0 to 512 [ 28.978170][ T405] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 28.979863][ T404] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 28.994472][ T406] loop3: detected capacity change from 0 to 512 [ 29.001820][ T401] EXT4-fs (loop4): 1 orphan inode deleted [pid 406] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 408 [pid 401] <... mount resumed>) = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("./file0") = 0 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 401] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 401] exit_group(0) = ? [pid 401] +++ exited with 0 +++ ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x555555d87660, 24) = 0 [pid 408] chdir("./10") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 299] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", [pid 408] <... openat resumed>) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./7/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./7") = 0 [pid 296] mkdir("./8", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 409 [ 29.009587][ T406] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 29.015326][ T404] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.017142][ T401] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 29.024276][ T404] System zones: [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 408] <... write resumed>) = 262144 [pid 408] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3 [pid 299] getdents64(3, [pid 408] <... ioctl resumed>) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"..../strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555555d87660, 24) = 0 [pid 409] chdir("./8") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 409] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 409] <... ioctl resumed>) = 0 [pid 409] close(3) = 0 [pid 409] mkdir("./file0", 0777) = 0 [ 29.054570][ T406] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.064456][ T404] 1-12 [ 29.071318][ T405] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.077148][ T408] loop0: detected capacity change from 0 to 512 [ 29.085126][ T404] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.099758][ T409] loop1: detected capacity change from 0 to 512 [pid 409] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] unlink("./7/binderfs") = 0 [ 29.110018][ T408] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 29.117123][ T409] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 29.118361][ T406] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.133391][ T406] System zones: 1-12 [ 29.133535][ T404] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.137953][ T409] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.149637][ T405] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.168713][ T408] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.169046][ T406] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.185731][ T404] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.207628][ T409] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.210910][ T405] System zones: 1-12 [ 29.216116][ T404] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.219775][ T409] System zones: 1-12 [ 29.231193][ T405] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.248384][ T406] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.248795][ T408] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.268241][ T404] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.269149][ T408] System zones: 1-12 [ 29.285236][ T406] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.296284][ T415] loop4: detected capacity change from 0 to 512 [pid 299] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 299] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./7/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./7") = 0 [pid 299] mkdir("./8", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555555d87660, 24) = 0 [pid 415] chdir("./8") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 415] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] mkdir("./file0", 0777) = 0 [ 29.297983][ T409] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.309750][ T404] EXT4-fs (loop5): 1 orphan inode deleted [ 29.318276][ T405] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.322754][ T408] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.339675][ T406] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.347436][ T415] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 29.359678][ T405] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.366583][ T404] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 415] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 404] <... mount resumed>) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("./file0") = 0 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 404] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 404] exit_group(0) = ? [pid 404] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 300] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./7/binderfs") = 0 [ 29.402553][ T415] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.402626][ T406] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.427086][ T408] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor125: Invalid inode table block 2158967614 in block_group 0 [ 29.427123][ T415] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.436252][ T406] EXT4-fs (loop3): 1 orphan inode deleted [pid 300] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 406] <... mount resumed>) = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file0") = 0 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 406] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 406] exit_group(0) = ? [pid 406] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 298] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 29.448711][ T406] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 29.478762][ T405] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.480593][ T408] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5820: Corrupt filesystem [pid 298] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./7/binderfs") = 0 [pid 298] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./7/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./7") = 0 [pid 300] mkdir("./8", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 417 [ 29.500984][ T408] EXT4-fs error (device loop0): ext4_evict_inode:283: inode #15: comm syz-executor125: mark_inode_dirty error [ 29.504114][ T409] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.512834][ T415] System zones: 1-12 [ 29.528274][ T409] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.528553][ T409] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x555555d87660, 24) = 0 [pid 417] chdir("./8") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 29.552801][ T415] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.566060][ T408] EXT4-fs warning (device loop0): ext4_evict_inode:286: couldn't mark inode dirty (err -117) [ 29.566413][ T409] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.576427][ T405] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.599545][ T408] EXT4-fs (loop0): 1 orphan inode deleted [ 29.601590][ T409] EXT4-fs (loop1): 1 orphan inode deleted [pid 417] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 29.606648][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: í4¥Ä£2¦¯…ÖòBIHð¬Ãq©¹; dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 417] ioctl(4, LOOP_SET_FD, 3 [pid 298] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 417] <... ioctl resumed>) = 0 [pid 417] close(3) = 0 [pid 417] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./7/file0", [pid 417] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 417] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 408] <... mount resumed>) = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 408] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 408] exit_group(0) = ? [pid 298] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 409] <... mount resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] getdents64(4, [pid 409] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 409] chdir("./file0" [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 409] <... chdir resumed>) = 0 [pid 298] close(4 [pid 409] ioctl(4, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 409] <... ioctl resumed>) = 0 [pid 298] rmdir("./7/file0" [pid 409] close(4 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 409] <... close resumed>) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 409] <... openat resumed>) = 4 [pid 298] close(3 [pid 409] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 298] <... close resumed>) = 0 [pid 409] <... pwrite64 resumed>) = 4096 [pid 298] rmdir("./7" [pid 408] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./10/binderfs") = 0 [ 29.639151][ T409] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 29.643368][ T417] loop5: detected capacity change from 0 to 512 [ 29.663874][ T405] EXT4-fs (loop2): 1 orphan inode deleted [ 29.675557][ T415] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.687914][ T417] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 295] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 409] exit_group(0 [pid 298] <... rmdir resumed>) = 0 [pid 405] <... mount resumed>) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 405] chdir("./file0") = 0 [pid 405] ioctl(4, LOOP_CLR_FD) = 0 [pid 405] close(4) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 405] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 405] exit_group(0) = ? [pid 409] <... exit_group resumed>) = ? [pid 298] mkdir("./8", 0777 [pid 405] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 409] +++ exited with 0 +++ [pid 298] <... mkdir resumed>) = 0 [ 29.700410][ T405] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 29.712629][ T417] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.725391][ T415] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... restart_syscall resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 297] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(3, "", [pid 296] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] getdents64(3, [pid 297] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./7/binderfs", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./8/binderfs", [pid 297] unlink("./7/binderfs" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./8/binderfs" [pid 297] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 29.753240][ T415] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.765520][ T415] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.772064][ T417] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.778832][ T415] EXT4-fs (loop4): 1 orphan inode deleted [ 29.786411][ T417] System zones: [pid 295] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 415] <... mount resumed>) = 0 [pid 298] close(3 [pid 295] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./10/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./10") = 0 [pid 295] mkdir("./11", 0777 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... close resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 419 [pid 295] <... openat resumed>) = 3 [pid 415] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 415] chdir("./file0") = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 415] ioctl(4, LOOP_CLR_FD [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 415] <... ioctl resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 420 [pid 415] close(4./strace-static-x86_64: Process 420 attached ) = 0 [pid 420] set_robust_list(0x555555d87660, 24) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK./strace-static-x86_64: Process 419 attached [pid 420] chdir("./11" [pid 415] <... openat resumed>) = 4 [pid 415] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 415] exit_group(0) = ? [pid 415] +++ exited with 0 +++ [pid 419] set_robust_list(0x555555d87660, 24) = 0 [pid 419] chdir("./8" [pid 420] <... chdir resumed>) = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 419] <... chdir resumed>) = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 420] <... openat resumed>) = 3 [pid 419] <... openat resumed>) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 419] write(3, "1000", 4 [pid 420] symlink("/dev/binderfs", "./binderfs" [pid 419] <... write resumed>) = 4 [pid 420] <... symlink resumed>) = 0 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] memfd_create("syzkaller", 0 [pid 419] memfd_create("syzkaller", 0 [pid 420] <... memfd_create resumed>) = 3 [pid 419] <... memfd_create resumed>) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 419] <... write resumed>) = 262144 [pid 419] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_SET_FD, 3 [pid 299] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./8/binderfs") = 0 [pid 299] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] <... ioctl resumed>) = 0 [pid 419] close(3) = 0 [pid 419] mkdir("./file0", 0777 [pid 420] <... write resumed>) = 262144 [pid 420] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_SET_FD, 3 [pid 419] <... mkdir resumed>) = 0 [ 29.791606][ T415] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 29.819472][ T417] 1-12 [ 29.830926][ T417] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.849485][ T419] loop3: detected capacity change from 0 to 512 [pid 419] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 420] <... ioctl resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./8/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./8") = 0 [pid 296] mkdir("./9", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 421 ./strace-static-x86_64: Process 421 attached [pid 420] close(3 [pid 421] set_robust_list(0x555555d87660, 24 [pid 420] <... close resumed>) = 0 [pid 421] <... set_robust_list resumed>) = 0 [pid 420] mkdir("./file0", 0777 [pid 421] chdir("./9" [pid 420] <... mkdir resumed>) = 0 [pid 421] <... chdir resumed>) = 0 [pid 420] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./7/file0", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(AT_FDCWD, "./8/file0", [pid 297] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 4 [pid 299] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(4, "", [pid 299] <... openat resumed>) = 4 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(4, "", [pid 297] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [ 29.857954][ T420] loop0: detected capacity change from 0 to 512 [ 29.859560][ T419] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 29.864128][ T417] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.882943][ T419] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.895013][ T420] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [pid 299] getdents64(4, [pid 297] close(4 [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 299] close(4 [pid 297] rmdir("./7/file0" [pid 421] <... write resumed>) = 262144 [pid 299] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 299] rmdir("./8/file0" [pid 297] getdents64(3, [pid 299] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] getdents64(3, [pid 297] close(3 [pid 299] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 299] close(3 [pid 297] rmdir("./7" [pid 421] munmap(0x7fa39e8fb000, 138412032 [pid 299] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 421] <... munmap resumed>) = 0 [pid 299] rmdir("./8" [pid 297] mkdir("./8", 0777 [pid 421] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... rmdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 421] <... openat resumed>) = 4 [pid 299] mkdir("./9", 0777 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 421] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 29.896425][ T417] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.915911][ T419] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 29.924037][ T419] System zones: 1-12 [ 29.924118][ T420] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 29.928550][ T419] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 29.941337][ T421] loop1: detected capacity change from 0 to 512 [pid 297] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 423 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 424 ./strace-static-x86_64: Process 424 attached ./strace-static-x86_64: Process 423 attached [pid 421] <... ioctl resumed>) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 424] set_robust_list(0x555555d87660, 24) = 0 [pid 424] chdir("./9") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 424] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 423] set_robust_list(0x555555d87660, 24) = 0 [pid 423] chdir("./8") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 423] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 424] <... openat resumed>) = 4 [pid 423] <... openat resumed>) = 4 [pid 424] ioctl(4, LOOP_SET_FD, 3 [pid 423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 423] close(3) = 0 [pid 423] mkdir("./file0", 0777) = 0 [ 29.959848][ T419] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.972357][ T419] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 29.985666][ T417] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 29.990350][ T423] loop2: detected capacity change from 0 to 512 [ 29.998121][ T421] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [pid 423] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 424] <... ioctl resumed>) = 0 [pid 424] close(3) = 0 [pid 424] mkdir("./file0", 0777) = 0 [ 30.003957][ T424] loop4: detected capacity change from 0 to 512 [ 30.015520][ T419] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.017400][ T423] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 30.028586][ T420] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 30.035538][ T421] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.043071][ T420] System zones: 1-12 [ 30.056642][ T424] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 30.059551][ T417] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.065794][ T420] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 30.079004][ T419] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 424] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 417] <... mount resumed>) = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("./file0") = 0 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [ 30.090944][ T423] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.115328][ T424] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.127324][ T417] EXT4-fs (loop5): 1 orphan inode deleted [ 30.127657][ T419] EXT4-fs (loop3): 1 orphan inode deleted [ 30.132889][ T417] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 417] close(4) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 417] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 417] exit_group(0) = ? [pid 417] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=417, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 300] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./8/binderfs") = 0 [pid 300] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] <... mount resumed>) = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./file0") = 0 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [ 30.139006][ T420] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.175721][ T419] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 30.175885][ T421] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 419] close(4) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 419] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 419] exit_group(0) = ? [pid 419] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./8/binderfs") = 0 [ 30.210336][ T424] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 30.212798][ T421] System zones: [ 30.220206][ T420] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.236737][ T423] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 30.241310][ T420] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.244609][ T423] System zones: 1-12 [ 30.257722][ T421] 1-12 [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 30.262050][ T424] System zones: 1-12 [ 30.264048][ T423] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 30.268316][ T420] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor125: Invalid inode table block 2158967614 in block_group 0 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./8/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./8") = 0 [pid 300] mkdir("./9", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 430 ./strace-static-x86_64: Process 430 attached [ 30.283049][ T30] audit: type=1400 audit(1703750925.585:73): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 30.294284][ T424] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 30.330578][ T30] audit: type=1400 audit(1703750925.585:74): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 30.352774][ T421] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 430] set_robust_list(0x555555d87660, 24 [pid 298] <... umount2 resumed>) = 0 [pid 430] <... set_robust_list resumed>) = 0 [pid 430] chdir("./9") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 430] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] mkdir("./file0", 0777) = 0 [ 30.353868][ T420] EXT4-fs error (device loop0): ext4_evict_inode:294: comm syz-executor125: couldn't truncate inode 15 (err -117) [ 30.368300][ T424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.379149][ T423] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.394938][ T430] loop5: detected capacity change from 0 to 512 [pid 430] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./8/file0") = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./8") = 0 [pid 298] mkdir("./9", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 431 [ 30.402011][ T424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.421996][ T430] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 30.423376][ T420] EXT4-fs (loop0): 1 orphan inode deleted [ 30.429178][ T421] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 420] <... mount resumed>) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 420] chdir("./file0") = 0 [pid 420] ioctl(4, LOOP_CLR_FD) = 0 [pid 420] close(4) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 420] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 420] exit_group(0) = ? ./strace-static-x86_64: Process 431 attached [pid 420] +++ exited with 0 +++ [ 30.434801][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: í4¥Ä£2¦¯…ÖòBIHð¬Ãq©¹; dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 30.446512][ T423] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.484958][ T430] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.497054][ T421] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 431] set_robust_list(0x555555d87660, 24 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 431] <... set_robust_list resumed>) = 0 [ 30.500422][ T424] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.510269][ T421] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.522975][ T424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.535897][ T430] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 30.547605][ T423] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 431] chdir("./9") = 0 [ 30.554866][ T430] System zones: 1-12 [ 30.567330][ T421] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.570592][ T424] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.583234][ T423] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./11/binderfs") = 0 [ 30.595131][ T421] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.607436][ T423] EXT4-fs (loop2): 1 orphan inode deleted [ 30.619705][ T430] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 30.625266][ T424] EXT4-fs (loop4): 1 orphan inode deleted [ 30.640857][ T423] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 295] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] <... prctl resumed>) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 423] <... mount resumed>) = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("./file0") = 0 [pid 423] ioctl(4, LOOP_CLR_FD [pid 431] <... openat resumed>) = 3 [pid 431] write(3, "1000", 4 [pid 423] <... ioctl resumed>) = 0 [pid 423] close(4) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 424] <... mount resumed>) = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file0") = 0 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 431] <... write resumed>) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 431] memfd_create("syzkaller", 0) = 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 431] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 30.643849][ T424] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 30.692819][ T430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.692937][ T421] EXT4-fs (loop1): 1 orphan inode deleted [pid 431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] <... mount resumed>) = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 431] close(3) = 0 [pid 431] mkdir("./file0", 0777) = 0 [ 30.714443][ T431] loop3: detected capacity change from 0 to 512 [ 30.715310][ T430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.734015][ T421] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 431] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 424] <... openat resumed>) = 4 [pid 423] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = 0 [pid 424] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 423] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 424] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 423] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 424] exit_group(0 [pid 423] exit_group(0 [pid 424] <... exit_group resumed>) = ? [pid 423] <... exit_group resumed>) = ? [pid 295] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 424] +++ exited with 0 +++ [pid 423] +++ exited with 0 +++ [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=21} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 295] newfstatat(AT_FDCWD, "./11/file0", [pid 421] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 421] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 295] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 421] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 299] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] exit_group(0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 421] <... exit_group resumed>) = ? [pid 299] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 4 [pid 421] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 295] newfstatat(4, "", [pid 299] newfstatat(3, "", [pid 297] newfstatat(3, "", [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 299] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] newfstatat(AT_FDCWD, "./9/binderfs", [pid 297] newfstatat(AT_FDCWD, "./8/binderfs", [pid 296] <... openat resumed>) = 3 [pid 295] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(3, "", [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] unlink("./9/binderfs" [pid 297] unlink("./8/binderfs" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] close(4 [pid 299] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 299] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] rmdir("./11/file0" [pid 296] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(3, [pid 296] newfstatat(AT_FDCWD, "./9/binderfs", [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] close(3 [pid 296] unlink("./9/binderfs" [pid 295] <... close resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 295] rmdir("./11" [pid 296] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./12", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x555555d87660, 24) = 0 [pid 433] chdir("./12") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [ 30.742494][ T430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.766238][ T431] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 30.774568][ T430] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.791591][ T431] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.805223][ T430] EXT4-fs (loop5): 1 orphan inode deleted [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 430] <... mount resumed>) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 433] <... write resumed>) = 262144 [pid 430] <... openat resumed>) = 3 [pid 430] chdir("./file0") = 0 [pid 430] ioctl(4, LOOP_CLR_FD [pid 433] munmap(0x7fa39e8fb000, 138412032 [pid 430] <... ioctl resumed>) = 0 [pid 433] <... munmap resumed>) = 0 [pid 430] close(4 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 430] <... close resumed>) = 0 [pid 433] <... openat resumed>) = 4 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 433] ioctl(4, LOOP_SET_FD, 3 [pid 430] <... openat resumed>) = 4 [ 30.811762][ T430] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 30.838141][ T431] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 30.847243][ T431] System zones: 1-12 [ 30.852035][ T433] loop0: detected capacity change from 0 to 512 [pid 430] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ [pid 433] <... ioctl resumed>) = 0 [pid 433] close(3) = 0 [pid 433] mkdir("./file0", 0777) = 0 [pid 433] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 299] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./9/file0", [pid 297] newfstatat(AT_FDCWD, "./8/file0", [pid 296] newfstatat(AT_FDCWD, "./9/file0", [pid 300] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... openat resumed>) = 3 [pid 299] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(3, "", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] getdents64(3, [pid 299] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 300] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 300] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 300] newfstatat(AT_FDCWD, "./9/binderfs", [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 300] unlink("./9/binderfs" [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] close(4 [pid 297] close(4 [pid 296] close(4 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 300] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./9/file0" [pid 297] rmdir("./8/file0" [pid 296] rmdir("./9/file0" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 433] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 299] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] close(3 [pid 296] close(3 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 299] rmdir("./9" [pid 297] rmdir("./8" [pid 296] rmdir("./9" [pid 433] ioctl(4, LOOP_CLR_FD [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 299] mkdir("./10", 0777 [pid 297] mkdir("./9", 0777 [pid 296] mkdir("./10", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 297] close(3 [pid 296] close(3 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 435 [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 436 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 437 ./strace-static-x86_64: Process 435 attached ./strace-static-x86_64: Process 437 attached ./strace-static-x86_64: Process 436 attached [pid 435] set_robust_list(0x555555d87660, 24 [pid 436] set_robust_list(0x555555d87660, 24 [pid 435] <... set_robust_list resumed>) = 0 [pid 436] <... set_robust_list resumed>) = 0 [pid 435] chdir("./10" [pid 436] chdir("./9" [pid 435] <... chdir resumed>) = 0 [pid 436] <... chdir resumed>) = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 435] <... prctl resumed>) = 0 [pid 436] <... prctl resumed>) = 0 [pid 436] setpgid(0, 0 [pid 435] setpgid(0, 0 [pid 436] <... setpgid resumed>) = 0 [pid 435] <... setpgid resumed>) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 437] set_robust_list(0x555555d87660, 24 [pid 436] write(3, "1000", 4 [pid 437] <... set_robust_list resumed>) = 0 [pid 436] <... write resumed>) = 4 [pid 437] chdir("./10" [pid 436] close(3 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 437] <... chdir resumed>) = 0 [pid 436] <... close resumed>) = 0 [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 436] symlink("/dev/binderfs", "./binderfs" [pid 435] <... openat resumed>) = 3 [pid 437] <... prctl resumed>) = 0 [pid 436] <... symlink resumed>) = 0 [pid 435] write(3, "1000", 4 [pid 437] setpgid(0, 0 [pid 436] memfd_create("syzkaller", 0 [pid 437] <... setpgid resumed>) = 0 [pid 436] <... memfd_create resumed>) = 3 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 435] <... write resumed>) = 4 [pid 437] <... openat resumed>) = 3 [pid 436] <... mmap resumed>) = 0x7fa39e8fb000 [pid 437] write(3, "1000", 4 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 435] close(3 [pid 437] <... write resumed>) = 4 [pid 436] <... write resumed>) = 262144 [pid 435] <... close resumed>) = 0 [pid 437] close(3 [pid 436] munmap(0x7fa39e8fb000, 138412032 [pid 437] <... close resumed>) = 0 [pid 436] <... munmap resumed>) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs" [pid 437] symlink("/dev/binderfs", "./binderfs" [pid 436] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 437] <... symlink resumed>) = 0 [pid 436] <... openat resumed>) = 4 [pid 435] <... symlink resumed>) = 0 [pid 437] memfd_create("syzkaller", 0 [pid 436] ioctl(4, LOOP_SET_FD, 3 [pid 437] <... memfd_create resumed>) = 3 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [ 30.856422][ T431] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 30.872034][ T433] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 30.895446][ T431] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 435] munmap(0x7fa39e8fb000, 138412032 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 435] <... munmap resumed>) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3 [pid 437] <... mmap resumed>) = 0x7fa39e8fb000 [pid 433] <... ioctl resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 436] <... ioctl resumed>) = 0 [pid 435] <... ioctl resumed>) = 0 [pid 433] close(4 [pid 300] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] close(3 [pid 435] close(3 [pid 433] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 436] <... close resumed>) = 0 [pid 435] <... close resumed>) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 300] newfstatat(AT_FDCWD, "./9/file0", [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 436] mkdir("./file0", 0777 [pid 435] mkdir("./file0", 0777 [pid 433] <... openat resumed>) = 3 [pid 436] <... mkdir resumed>) = 0 [pid 435] <... mkdir resumed>) = 0 [pid 433] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 436] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 435] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 433] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 433] exit_group(0) = ? [pid 433] +++ exited with 0 +++ [pid 437] <... write resumed>) = 262144 [pid 437] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 30.914600][ T436] loop2: detected capacity change from 0 to 512 [ 30.920903][ T431] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.922764][ T435] loop4: detected capacity change from 0 to 512 [ 30.947145][ T431] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 30.957022][ T437] loop1: detected capacity change from 0 to 512 [pid 437] ioctl(4, LOOP_SET_FD, 3 [pid 300] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 437] <... ioctl resumed>) = 0 [pid 437] close(3) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 30.959524][ T431] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 30.965667][ T436] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 30.977852][ T435] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 30.987661][ T431] EXT4-fs (loop3): 1 orphan inode deleted [ 30.991830][ T437] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [pid 300] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 431] <... mount resumed>) = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 431] chdir("./file0") = 0 [pid 431] ioctl(4, LOOP_CLR_FD) = 0 [pid 431] close(4) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 431] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 431] exit_group(0) = ? [pid 431] +++ exited with 0 +++ [pid 300] <... openat resumed>) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./9/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./9") = 0 [pid 300] mkdir("./10", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 438 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 295] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] <... restart_syscall resumed>) = 0 [pid 295] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./12/binderfs", [pid 298] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] unlink("./12/binderfs" [pid 298] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] <... unlink resumed>) = 0 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(AT_FDCWD, "./12/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./9/binderfs", [pid 295] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] unlink("./9/binderfs" [pid 295] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... unlink resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./12/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./12") = 0 [pid 295] mkdir("./13", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555555d87660, 24) = 0 [pid 439] chdir("./13") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] memfd_create("syzkaller", 0) = 3 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 439] munmap(0x7fa39e8fb000, 138412032) = 0 [ 30.997711][ T431] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 31.004344][ T436] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.045303][ T435] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x555555d87660, 24) = 0 [pid 438] chdir("./10") = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 438] setpgid(0, 0) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 438] memfd_create("syzkaller", 0) = 3 [pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 438] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 438] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 438] ioctl(4, LOOP_SET_FD, 3 [pid 439] <... ioctl resumed>) = 0 [pid 439] close(3) = 0 [pid 439] mkdir("./file0", 0777) = 0 [ 31.063461][ T437] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.071769][ T439] loop0: detected capacity change from 0 to 512 [ 31.083605][ T438] loop5: detected capacity change from 0 to 512 [ 31.089968][ T439] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.091139][ T435] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.097033][ T437] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.104670][ T435] System zones: 1-12 [pid 439] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 438] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 438] close(3 [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 438] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 438] mkdir("./file0", 0777 [pid 298] newfstatat(AT_FDCWD, "./9/file0", [pid 438] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 438] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./9/file0") = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./9") = 0 [pid 298] mkdir("./10", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 443 [ 31.113149][ T436] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.124864][ T439] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.126565][ T438] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 31.137360][ T437] System zones: 1-12 [ 31.146514][ T435] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.148822][ T436] System zones: 1-12 ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x555555d87660, 24) = 0 [pid 443] chdir("./10") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 443] memfd_create("syzkaller", 0) = 3 [pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 443] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 443] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 443] close(3) = 0 [pid 443] mkdir("./file0", 0777) = 0 [ 31.161270][ T437] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.172200][ T443] loop3: detected capacity change from 0 to 512 [ 31.177953][ T436] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.187218][ T443] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 31.203751][ T439] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.203861][ T436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.211557][ T439] System zones: 1-12 [ 31.223613][ T438] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.228351][ T435] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.250778][ T439] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.263605][ T436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.264487][ T437] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.288415][ T436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.295250][ T435] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.313569][ T443] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.325379][ T435] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.327258][ T436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.337487][ T437] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.350063][ T438] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.362559][ T435] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.370268][ T443] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.382491][ T439] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.390231][ T436] EXT4-fs (loop2): 1 orphan inode deleted [ 31.402205][ T437] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.407623][ T438] System zones: [ 31.419542][ T443] System zones: [ 31.419893][ T436] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 31.422997][ T443] 1-12 [ 31.426507][ T439] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.450077][ T443] [pid 443] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 436] <... mount resumed>) = 0 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("./file0") = 0 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 436] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 436] exit_group(0) = ? [pid 436] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [ 31.452583][ T435] EXT4-fs (loop4): 1 orphan inode deleted [ 31.465667][ T438] 1-12 [ 31.472566][ T443] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.488311][ T438] [ 31.491185][ T435] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./9/binderfs") = 0 [pid 297] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 435] <... mount resumed>) = 0 [ 31.491801][ T438] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.522278][ T437] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.540255][ T439] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 31.541473][ T437] EXT4-fs (loop1): 1 orphan inode deleted [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./file0") = 0 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [ 31.559296][ T439] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor125: Invalid inode table block 2158967614 in block_group 0 [ 31.572982][ T438] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.573503][ T437] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 31.585404][ T443] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 435] close(4) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 435] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 435] exit_group(0) = ? [pid 435] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 31.608398][ T439] EXT4-fs error (device loop0): ext4_evict_inode:294: comm syz-executor125: couldn't truncate inode 15 (err -117) [ 31.632216][ T439] EXT4-fs (loop0): 1 orphan inode deleted [ 31.636811][ T438] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 439] <... mount resumed>) = 0 [pid 437] <... mount resumed>) = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 299] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 437] chdir("./file0" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 437] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 437] ioctl(4, LOOP_CLR_FD [pid 299] <... openat resumed>) = 3 [pid 437] <... ioctl resumed>) = 0 [pid 299] newfstatat(3, "", [pid 437] close(4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 437] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 437] <... openat resumed>) = 4 [pid 299] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 437] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 437] <... pwrite64 resumed>) = 4096 [pid 299] newfstatat(AT_FDCWD, "./10/binderfs", [pid 437] exit_group(0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 437] <... exit_group resumed>) = ? [pid 299] unlink("./10/binderfs" [pid 437] +++ exited with 0 +++ [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 439] chdir("./file0") = 0 [pid 439] ioctl(4, LOOP_CLR_FD) = 0 [pid 439] close(4) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 439] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 439] exit_group(0 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./10/binderfs") = 0 [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 439] <... exit_group resumed>) = ? [pid 439] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 31.637943][ T439] EXT4-fs (loop0): mounted filesystem without journal. Opts: í4¥Ä£2¦¯…ÖòBIHð¬Ãq©¹; dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 31.651660][ T438] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 31.684445][ T443] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.699106][ T438] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 295] newfstatat(AT_FDCWD, "./13/binderfs", [pid 297] <... umount2 resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./9/file0") = 0 [pid 295] unlink("./13/binderfs" [pid 297] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./9") = 0 [pid 297] mkdir("./10", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 448 ./strace-static-x86_64: Process 448 attached [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 448] set_robust_list(0x555555d87660, 24) = 0 [pid 448] chdir("./10") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] memfd_create("syzkaller", 0) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [ 31.714153][ T443] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.726399][ T438] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.739217][ T443] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.751548][ T438] EXT4-fs (loop5): 1 orphan inode deleted [pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 448] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_SET_FD, 3 [pid 296] <... umount2 resumed>) = 0 [pid 448] <... ioctl resumed>) = 0 [pid 438] <... mount resumed>) = 0 [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 438] <... openat resumed>) = 3 [pid 296] newfstatat(AT_FDCWD, "./10/file0", [pid 438] chdir("./file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 438] <... chdir resumed>) = 0 [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 438] ioctl(4, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 438] <... ioctl resumed>) = 0 [pid 296] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 438] close(4 [pid 296] <... openat resumed>) = 4 [pid 438] <... close resumed>) = 0 [pid 296] newfstatat(4, "", [pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./10/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./10") = 0 [pid 296] mkdir("./11", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 449 [pid 448] close(3) = 0 [pid 448] mkdir("./file0", 0777) = 0 [ 31.757629][ T438] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 31.759586][ T448] loop2: detected capacity change from 0 to 512 [ 31.787987][ T443] EXT4-fs (loop3): 1 orphan inode deleted [ 31.793616][ T443] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [pid 448] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"..../strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x555555d87660, 24) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./10/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./10") = 0 [pid 299] mkdir("./11", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 443] <... mount resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 449] chdir("./11" [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x555555d87660, 24) = 0 [pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 449] <... chdir resumed>) = 0 [pid 443] <... openat resumed>) = 3 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 443] chdir("./file0" [pid 451] chdir("./11") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 449] <... prctl resumed>) = 0 [pid 443] <... chdir resumed>) = 0 [pid 449] setpgid(0, 0 [pid 443] ioctl(4, LOOP_CLR_FD [pid 449] <... setpgid resumed>) = 0 [pid 443] <... ioctl resumed>) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 443] close(4 [pid 449] <... openat resumed>) = 3 [pid 443] <... close resumed>) = 0 [pid 449] write(3, "1000", 4 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 449] <... write resumed>) = 4 [pid 449] close(3 [pid 451] symlink("/dev/binderfs", "./binderfs" [pid 449] <... close resumed>) = 0 [pid 451] <... symlink resumed>) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 449] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3 [pid 443] <... openat resumed>) = 4 [pid 438] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = 0 [pid 443] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 438] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 295] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 451] memfd_create("syzkaller", 0) = 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 443] exit_group(0 [pid 295] newfstatat(AT_FDCWD, "./13/file0", [pid 438] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 443] <... exit_group resumed>) = ? [pid 438] exit_group(0 [pid 295] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 443] +++ exited with 0 +++ [pid 438] <... exit_group resumed>) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=443, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 438] +++ exited with 0 +++ [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] <... openat resumed>) = 4 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 298] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... restart_syscall resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./10/binderfs" [pid 300] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... unlink resumed>) = 0 [pid 295] newfstatat(4, "", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./10/binderfs") = 0 [pid 300] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 451] <... write resumed>) = 262144 [pid 451] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 451] <... openat resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./13/file0") = 0 [pid 451] ioctl(4, LOOP_SET_FD, 3 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 449] <... ioctl resumed>) = 0 [pid 449] close(3 [pid 295] <... close resumed>) = 0 [ 31.816211][ T448] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 31.824574][ T448] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.837672][ T448] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 31.845946][ T448] System zones: 1-12 [ 31.851333][ T448] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 31.858355][ T449] loop1: detected capacity change from 0 to 512 [pid 295] rmdir("./13" [pid 449] <... close resumed>) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 451] <... ioctl resumed>) = 0 [pid 451] close(3) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./14", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555555d87660, 24) = 0 [pid 452] chdir("./14") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 452] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [ 31.882485][ T448] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.885263][ T451] loop4: detected capacity change from 0 to 512 [ 31.897439][ T448] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.913699][ T449] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 31.920849][ T451] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./10/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./10") = 0 [pid 300] mkdir("./11", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 453 [ 31.922341][ T452] loop0: detected capacity change from 0 to 512 [ 31.929014][ T448] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 31.938875][ T452] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.947621][ T448] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 31.965473][ T451] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x555555d87660, 24) = 0 [pid 453] chdir("./11") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] memfd_create("syzkaller", 0) = 3 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 453] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 453] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./10/file0") = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./10") = 0 [pid 298] mkdir("./11", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 455 [pid 453] <... ioctl resumed>) = 0 [pid 453] close(3) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"..../strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555555d87660, 24) = 0 [ 31.978108][ T452] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.978212][ T449] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.001834][ T453] loop5: detected capacity change from 0 to 512 [ 32.002916][ T448] EXT4-fs (loop2): 1 orphan inode deleted [pid 455] chdir("./11") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] memfd_create("syzkaller", 0) = 3 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 448] <... mount resumed>) = 0 [pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("./file0") = 0 [pid 448] ioctl(4, LOOP_CLR_FD) = 0 [pid 448] close(4) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 448] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 448] exit_group(0) = ? [pid 448] +++ exited with 0 +++ [pid 455] <... write resumed>) = 262144 [pid 455] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 32.013937][ T448] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 32.039110][ T453] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 32.039447][ T451] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.061846][ T449] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.062258][ T452] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor125: Invalid inode table block 2158967614 in block_group 0 [pid 455] ioctl(4, LOOP_SET_FD, 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [ 32.070377][ T455] loop3: detected capacity change from 0 to 512 [ 32.083920][ T451] System zones: 1-12 [ 32.089992][ T452] EXT4-fs (loop0): get root inode failed [ 32.093650][ T449] System zones: [ 32.098666][ T451] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 32.099487][ T451] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.102212][ T449] 1-12 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 455] <... ioctl resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [ 32.116009][ T452] EXT4-fs (loop0): mount failed [ 32.127283][ T449] [ 32.130377][ T451] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.135238][ T453] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.136963][ T449] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 455] close(3 [pid 452] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 455] <... close resumed>) = 0 [pid 452] ioctl(4, LOOP_CLR_FD [pid 455] mkdir("./file0", 0777 [pid 297] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 455] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 297] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./10/binderfs") = 0 [ 32.149172][ T451] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.174034][ T453] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.193147][ T451] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.193371][ T453] System zones: 1-12 [ 32.210856][ T449] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.212121][ T451] EXT4-fs (loop4): 1 orphan inode deleted [ 32.223489][ T453] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 32.228480][ T455] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 32.241490][ T451] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 32.271730][ T455] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 297] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 452] <... ioctl resumed>) = 0 [pid 451] <... mount resumed>) = 0 [pid 452] close(4 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 452] <... close resumed>) = 0 [pid 451] <... openat resumed>) = 3 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 451] chdir("./file0" [pid 452] <... openat resumed>) = 3 [pid 451] <... chdir resumed>) = 0 [pid 452] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 451] ioctl(4, LOOP_CLR_FD [pid 452] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 451] <... ioctl resumed>) = 0 [pid 452] exit_group(0 [pid 451] close(4 [pid 452] <... exit_group resumed>) = ? [pid 451] <... close resumed>) = 0 [pid 452] +++ exited with 0 +++ [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 451] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 451] exit_group(0) = ? [pid 451] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 295] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", [pid 299] newfstatat(3, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 299] getdents64(3, [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./14/binderfs", [pid 299] newfstatat(AT_FDCWD, "./11/binderfs", [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./14/binderfs" [pid 299] unlink("./11/binderfs" [pid 295] <... unlink resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 295] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./14/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./14") = 0 [pid 295] mkdir("./15", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x555555d87660, 24) = 0 [pid 461] chdir("./15") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 461] memfd_create("syzkaller", 0) = 3 [pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 461] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 461] close(3) = 0 [pid 461] mkdir("./file0", 0777) = 0 [ 32.272006][ T449] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.300096][ T453] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.314410][ T449] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 461] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./10/file0") = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./10") = 0 [pid 297] mkdir("./11", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./11/file0", [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 462 [ 32.327481][ T453] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.327500][ T461] loop0: detected capacity change from 0 to 512 [ 32.331805][ T461] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 32.340701][ T455] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.361097][ T455] System zones: 1-12 [ 32.361373][ T453] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x555555d87660, 24) = 0 [pid 462] chdir("./11") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 462] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] mkdir("./file0", 0777) = 0 [ 32.380479][ T449] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.393517][ T461] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.394216][ T455] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 32.413876][ T462] loop2: detected capacity change from 0 to 512 [pid 462] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 449] <... mount resumed>) = 0 [pid 299] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 449] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 449] chdir("./file0" [pid 299] <... openat resumed>) = 4 [pid 449] <... chdir resumed>) = 0 [pid 299] newfstatat(4, "", [pid 449] ioctl(4, LOOP_CLR_FD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 449] <... ioctl resumed>) = 0 [pid 299] getdents64(4, [pid 449] close(4 [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 449] <... close resumed>) = 0 [pid 299] getdents64(4, [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 449] <... openat resumed>) = 4 [pid 299] close(4 [pid 449] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 299] <... close resumed>) = 0 [pid 449] <... pwrite64 resumed>) = 4096 [pid 299] rmdir("./11/file0" [pid 449] exit_group(0 [pid 299] <... rmdir resumed>) = 0 [pid 449] <... exit_group resumed>) = ? [pid 299] getdents64(3, [pid 449] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./11") = 0 [pid 296] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] mkdir("./12", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] <... close resumed>) = 0 [pid 296] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./11/binderfs", [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 464 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./11/binderfs") = 0 [ 32.419165][ T453] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.436969][ T462] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 32.438070][ T449] EXT4-fs (loop1): 1 orphan inode deleted [ 32.449653][ T462] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.462399][ T461] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 296] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 464 attached [pid 453] <... mount resumed>) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 453] chdir("./file0") = 0 [pid 453] ioctl(4, LOOP_CLR_FD) = 0 [pid 453] close(4) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 453] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 453] exit_group(0) = ? [pid 464] set_robust_list(0x555555d87660, 24) = 0 [pid 464] chdir("./12") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] memfd_create("syzkaller", 0) = 3 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 464] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 464] close(3) = 0 [pid 464] mkdir("./file0", 0777) = 0 [ 32.471505][ T461] EXT4-fs error (device loop0): ext4_get_group_desc:277: comm syz-executor125: block_group >= groups_count - block_group = 65973350, groups_count = 1 [ 32.475754][ T453] EXT4-fs (loop5): 1 orphan inode deleted [ 32.494131][ T462] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.512277][ T464] loop4: detected capacity change from 0 to 512 [ 32.519826][ T461] EXT4-fs error (device loop0): __ext4_get_inode_loc_noinmem:4458: inode #2111147216: comm syz-executor125: unable to read itable block [pid 464] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 453] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 300] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./11/binderfs") = 0 [pid 300] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./11/file0") = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [ 32.520892][ T455] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.533930][ T464] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 32.545519][ T462] System zones: 1-12 [ 32.553144][ T455] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.560796][ T462] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 296] close(3) = 0 [pid 296] rmdir("./11") = 0 [pid 296] mkdir("./12", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 466 ./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x555555d87660, 24) = 0 [pid 466] chdir("./12") = 0 [pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 466] setpgid(0, 0) = 0 [pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 466] write(3, "1000", 4) = 4 [pid 466] close(3) = 0 [pid 466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 466] memfd_create("syzkaller", 0) = 3 [pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 461] <... mount resumed>) = -1 EIO (Input/output error) [pid 461] ioctl(4, LOOP_CLR_FD [pid 466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 466] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 466] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 32.568858][ T464] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.597940][ T455] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.610300][ T461] EXT4-fs (loop0): failed to initialize system zone (-5) [ 32.610464][ T455] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.617628][ T461] EXT4-fs (loop0): mount failed [pid 466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 466] close(3) = 0 [pid 466] mkdir("./file0", 0777) = 0 [pid 466] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 455] <... mount resumed>) = 0 [pid 455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 455] chdir("./file0") = 0 [pid 455] ioctl(4, LOOP_CLR_FD) = 0 [pid 455] close(4) = 0 [ 32.640356][ T466] loop1: detected capacity change from 0 to 512 [ 32.641152][ T462] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.651313][ T466] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 32.659073][ T464] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.666504][ T455] EXT4-fs (loop3): 1 orphan inode deleted [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 300] <... umount2 resumed>) = 0 [ 32.672989][ T462] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.683362][ T464] System zones: [ 32.691185][ T466] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.698509][ T464] 1-12 [ 32.707771][ T462] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.709576][ T464] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 461] <... ioctl resumed>) = 0 [pid 455] <... openat resumed>) = 4 [pid 300] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 32.735633][ T466] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.744271][ T464] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.745049][ T462] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.756313][ T464] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.768724][ T466] System zones: [pid 461] close(4 [pid 455] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 461] <... close resumed>) = 0 [pid 455] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 300] newfstatat(AT_FDCWD, "./11/file0", [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 455] exit_group(0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 461] <... openat resumed>) = 3 [pid 455] <... exit_group resumed>) = ? [pid 300] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 461] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 455] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 461] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 300] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 461] exit_group(0 [pid 300] <... openat resumed>) = 4 [pid 461] <... exit_group resumed>) = ? [pid 300] newfstatat(4, "", [pid 461] +++ exited with 0 +++ [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(4, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 300] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 300] getdents64(4, [pid 298] <... openat resumed>) = 3 [pid 295] <... restart_syscall resumed>) = 0 [pid 300] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] newfstatat(3, "", [pid 300] close(4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 295] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 462] <... mount resumed>) = 0 [pid 300] rmdir("./11/file0" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 300] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] newfstatat(AT_FDCWD, "./11/binderfs", [pid 295] newfstatat(AT_FDCWD, "./15/binderfs", [pid 300] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... close resumed>) = 0 [pid 298] unlink("./11/binderfs" [pid 295] unlink("./15/binderfs" [pid 300] rmdir("./11" [pid 298] <... unlink resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] mkdir("./12", 0777 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... mkdir resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./15/file0", [pid 462] <... openat resumed>) = 3 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 462] chdir("./file0" [pid 300] <... openat resumed>) = 3 [pid 295] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 462] <... chdir resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 462] ioctl(4, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 462] <... ioctl resumed>) = 0 [pid 300] close(3 [pid 295] <... openat resumed>) = 4 [pid 462] close(4 [pid 300] <... close resumed>) = 0 [pid 295] newfstatat(4, "", [pid 462] <... close resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 295] getdents64(4, [pid 462] <... openat resumed>) = 4 [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 469 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 462] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 295] getdents64(4, [pid 462] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 462] exit_group(0 [pid 295] close(4) = 0 [pid 295] rmdir("./15/file0") = 0 [pid 462] <... exit_group resumed>) = ? [pid 295] getdents64(3, [pid 462] +++ exited with 0 +++ [pid 295] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 469 attached [pid 464] <... mount resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [ 32.781948][ T464] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.798701][ T466] 1-12 [ 32.798817][ T462] EXT4-fs (loop2): 1 orphan inode deleted [ 32.798831][ T464] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.801583][ T466] [ 32.813526][ T464] EXT4-fs (loop4): 1 orphan inode deleted [ 32.820217][ T466] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 295] close(3) = 0 [pid 295] rmdir("./15") = 0 [pid 295] mkdir("./16", 0777) = 0 [pid 297] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] newfstatat(AT_FDCWD, "./11/binderfs", [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] close(3 [pid 464] <... openat resumed>) = 3 [pid 297] unlink("./11/binderfs" [pid 295] <... close resumed>) = 0 [pid 464] chdir("./file0" [pid 297] <... unlink resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 464] <... chdir resumed>) = 0 [pid 297] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 464] ioctl(4, LOOP_CLR_FD [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 470 [pid 464] <... ioctl resumed>) = 0 [pid 464] close(4) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 464] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 464] exit_group(0) = ? [pid 464] +++ exited with 0 +++ [pid 469] set_robust_list(0x555555d87660, 24 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 299] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./12/binderfs") = 0 [pid 299] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 469] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x555555d87660, 24) = 0 [pid 470] chdir("./16") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] memfd_create("syzkaller", 0) = 3 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 470] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 470] ioctl(4, LOOP_SET_FD, 3 [pid 469] chdir("./12") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 469] memfd_create("syzkaller", 0) = 3 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 298] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./11/file0", [pid 297] newfstatat(AT_FDCWD, "./11/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 297] close(4 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] rmdir("./11/file0" [pid 297] rmdir("./11/file0" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 297] getdents64(3, [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 297] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] rmdir("./11" [pid 297] rmdir("./11" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 298] mkdir("./12", 0777 [pid 297] mkdir("./12", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 472 [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 471 ./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x555555d87660, 24) = 0 [ 32.842042][ T466] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 32.861383][ T466] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.871655][ T470] loop0: detected capacity change from 0 to 512 [ 32.880527][ T466] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 472] chdir("./12") = 0 [pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 472] setpgid(0, 0) = 0 [pid 469] <... write resumed>) = 262144 [pid 469] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x555555d87660, 24 [pid 472] write(3, "1000", 4) = 4 [pid 471] <... set_robust_list resumed>) = 0 [pid 472] close(3 [pid 469] <... openat resumed>) = 4 [pid 469] ioctl(4, LOOP_SET_FD, 3 [pid 472] <... close resumed>) = 0 [pid 472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] chdir("./12") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 472] memfd_create("syzkaller", 0 [pid 470] <... ioctl resumed>) = 0 [pid 472] <... memfd_create resumed>) = 3 [pid 471] <... openat resumed>) = 3 [pid 470] close(3 [pid 469] <... ioctl resumed>) = 0 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 471] write(3, "1000", 4 [pid 469] close(3 [pid 472] <... mmap resumed>) = 0x7fa39e8fb000 [pid 471] <... write resumed>) = 4 [pid 469] <... close resumed>) = 0 [pid 472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 471] close(3 [pid 469] mkdir("./file0", 0777 [pid 472] <... write resumed>) = 262144 [pid 471] <... close resumed>) = 0 [pid 469] <... mkdir resumed>) = 0 [pid 472] munmap(0x7fa39e8fb000, 138412032 [pid 471] symlink("/dev/binderfs", "./binderfs" [pid 469] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 472] <... munmap resumed>) = 0 [pid 471] <... symlink resumed>) = 0 [pid 470] <... close resumed>) = 0 [pid 472] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 471] memfd_create("syzkaller", 0 [pid 472] <... openat resumed>) = 4 [pid 471] <... memfd_create resumed>) = 3 [ 32.900402][ T469] loop5: detected capacity change from 0 to 512 [ 32.913693][ T466] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 32.914802][ T472] loop3: detected capacity change from 0 to 512 [ 32.926992][ T466] EXT4-fs (loop1): 1 orphan inode deleted [ 32.933655][ T469] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 472] ioctl(4, LOOP_SET_FD, 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 472] <... ioctl resumed>) = 0 [pid 470] mkdir("./file0", 0777 [pid 299] <... umount2 resumed>) = 0 [pid 470] <... mkdir resumed>) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 471] <... mmap resumed>) = 0x7fa39e8fb000 [pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 471] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 32.945060][ T469] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.957269][ T466] EXT4-fs mount: 5 callbacks suppressed [ 32.957283][ T466] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 32.962955][ T470] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 32.992493][ T471] loop2: detected capacity change from 0 to 512 [pid 471] ioctl(4, LOOP_SET_FD, 3 [pid 472] close(3 [pid 299] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 471] <... ioctl resumed>) = 0 [pid 471] close(3) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 472] <... close resumed>) = 0 [pid 466] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 472] mkdir("./file0", 0777) = 0 [pid 472] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] newfstatat(AT_FDCWD, "./12/file0", [pid 466] <... openat resumed>) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 32.995210][ T469] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 32.999710][ T470] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.007380][ T469] System zones: 1-12 [ 33.022342][ T471] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 33.030018][ T469] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.032900][ T472] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [pid 466] chdir("./file0") = 0 [ 33.050177][ T471] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.051668][ T470] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.063074][ T469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.070192][ T472] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.081882][ T470] System zones: [pid 299] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 466] ioctl(4, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 466] <... ioctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 466] close(4 [pid 299] <... openat resumed>) = 4 [pid 466] <... close resumed>) = 0 [pid 299] newfstatat(4, "", [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 466] <... openat resumed>) = 4 [pid 299] getdents64(4, [pid 466] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 466] <... pwrite64 resumed>) = 4096 [pid 299] getdents64(4, [pid 466] exit_group(0 [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 466] <... exit_group resumed>) = ? [pid 299] close(4 [pid 466] +++ exited with 0 +++ [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./12/file0") = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=466, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 299] getdents64(3, [pid 296] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(3 [pid 296] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 299] rmdir("./12" [pid 296] newfstatat(3, "", [pid 299] <... rmdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] mkdir("./13", 0777 [pid 296] getdents64(3, [pid 299] <... mkdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(AT_FDCWD, "./12/binderfs", [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] close(3 [pid 296] unlink("./12/binderfs" [pid 299] <... close resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555555d87650) = 476 ./strace-static-x86_64: Process 476 attached [pid 296] <... umount2 resumed>) = 0 [pid 470] <... mount resumed>) = -1 ENOMEM (Cannot allocate memory) [ 33.093753][ T469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.101371][ T470] 1-12 [ 33.113573][ T470] EXT4-fs (loop0): too many log groups per flexible block group [ 33.116142][ T471] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.121817][ T470] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 33.136107][ T470] EXT4-fs (loop0): mount failed [ 33.141794][ T472] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [pid 470] ioctl(4, LOOP_CLR_FD [pid 476] set_robust_list(0x555555d87660, 24 [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 476] <... set_robust_list resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] chdir("./13" [pid 296] newfstatat(AT_FDCWD, "./12/file0", [pid 476] <... chdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 476] <... prctl resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] setpgid(0, 0 [pid 296] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 476] <... setpgid resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] newfstatat(4, "", [pid 476] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 476] write(3, "1000", 4 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 476] <... write resumed>) = 4 [pid 296] close(4 [pid 476] close(3 [pid 296] <... close resumed>) = 0 [pid 476] <... close resumed>) = 0 [pid 296] rmdir("./12/file0" [pid 476] symlink("/dev/binderfs", "./binderfs" [pid 296] <... rmdir resumed>) = 0 [pid 476] <... symlink resumed>) = 0 [pid 296] getdents64(3, [pid 476] memfd_create("syzkaller", 0 [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 476] <... memfd_create resumed>) = 3 [pid 296] close(3 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... close resumed>) = 0 [pid 476] <... mmap resumed>) = 0x7fa39e8fb000 [pid 296] rmdir("./12" [pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./13", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 478 [pid 476] <... write resumed>) = 262144 [ 33.142319][ T471] System zones: [ 33.151282][ T472] System zones: 1-12 [ 33.157066][ T471] 1-12 [ 33.160163][ T469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.176295][ T471] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [pid 476] munmap(0x7fa39e8fb000, 138412032./strace-static-x86_64: Process 478 attached ) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 478] set_robust_list(0x555555d87660, 24 [pid 476] <... openat resumed>) = 4 [pid 478] <... set_robust_list resumed>) = 0 [pid 476] ioctl(4, LOOP_SET_FD, 3 [pid 478] chdir("./13" [pid 476] <... ioctl resumed>) = 0 [pid 470] <... ioctl resumed>) = 0 [pid 478] <... chdir resumed>) = 0 [pid 470] close(4 [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 470] <... close resumed>) = 0 [pid 478] <... prctl resumed>) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 478] setpgid(0, 0 [pid 470] <... openat resumed>) = 3 [pid 478] <... setpgid resumed>) = 0 [pid 470] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 470] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 478] <... openat resumed>) = 3 [pid 470] exit_group(0 [pid 478] write(3, "1000", 4 [pid 470] <... exit_group resumed>) = ? [pid 478] <... write resumed>) = 4 [pid 470] +++ exited with 0 +++ [pid 478] close(3) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 478] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 478] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 478] <... openat resumed>) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 33.176948][ T472] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.202220][ T469] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.216587][ T476] loop4: detected capacity change from 0 to 512 [ 33.223269][ T472] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.237487][ T478] loop1: detected capacity change from 0 to 512 [ 33.238124][ T469] EXT4-fs (loop5): 1 orphan inode deleted [pid 295] getdents64(3, [pid 478] <... ioctl resumed>) = 0 [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 476] close(3) = 0 [pid 476] mkdir("./file0", 0777) = 0 [ 33.244094][ T471] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.249741][ T469] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 33.265347][ T472] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 476] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 478] close(3 [pid 469] <... mount resumed>) = 0 [pid 295] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 478] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 478] mkdir("./file0", 0777 [pid 295] newfstatat(AT_FDCWD, "./16/binderfs", [pid 478] <... mkdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 478] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 295] unlink("./16/binderfs") = 0 [pid 295] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./16/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./16") = 0 [pid 295] mkdir("./17", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [ 33.287360][ T476] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 33.304593][ T472] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.309176][ T478] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 33.318125][ T472] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.323760][ T471] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 469] <... openat resumed>) = 3 [pid 469] chdir("./file0") = 0 [pid 295] <... clone resumed>, child_tidptr=0x555555d87650) = 480 [pid 469] ioctl(4, LOOP_CLR_FD) = 0 [pid 469] close(4) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 469] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 469] exit_group(0) = ? [pid 469] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=469, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 300] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./12/binderfs") = 0 [ 33.336322][ T472] EXT4-fs (loop3): 1 orphan inode deleted [ 33.353848][ T471] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.354350][ T476] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.366916][ T471] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [pid 300] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555555d87660, 24) = 0 [pid 480] chdir("./17" [pid 472] <... mount resumed>) = 0 [pid 480] <... chdir resumed>) = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] memfd_create("syzkaller", 0) = 3 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 480] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 33.385132][ T472] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 33.395359][ T471] EXT4-fs (loop2): 1 orphan inode deleted [ 33.414228][ T478] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 480] ioctl(4, LOOP_SET_FD, 3 [pid 472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 471] <... mount resumed>) = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 472] <... openat resumed>) = 3 [pid 471] <... openat resumed>) = 3 [pid 471] chdir("./file0") = 0 [pid 472] chdir("./file0") = 0 [pid 472] ioctl(4, LOOP_CLR_FD) = 0 [pid 471] ioctl(4, LOOP_CLR_FD) = 0 [pid 472] close(4 [pid 471] close(4 [pid 472] <... close resumed>) = 0 [pid 471] <... close resumed>) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 471] <... openat resumed>) = 4 [pid 472] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 471] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 472] <... pwrite64 resumed>) = 4096 [pid 471] <... pwrite64 resumed>) = 4096 [pid 472] exit_group(0 [pid 471] exit_group(0 [pid 472] <... exit_group resumed>) = ? [pid 471] <... exit_group resumed>) = ? [pid 472] +++ exited with 0 +++ [pid 471] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=472, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... restart_syscall resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 298] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 297] newfstatat(3, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 297] getdents64(3, [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./12/binderfs", [pid 297] newfstatat(AT_FDCWD, "./12/binderfs", [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./12/binderfs" [pid 297] unlink("./12/binderfs" [pid 298] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 298] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] <... ioctl resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] <... close resumed>) = 0 [pid 480] mkdir("./file0", 0777 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] <... mkdir resumed>) = 0 [pid 480] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 300] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./12/file0") = 0 [ 33.431523][ T471] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 33.439053][ T480] loop0: detected capacity change from 0 to 512 [ 33.461535][ T478] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.470574][ T476] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.491098][ T478] System zones: 1-12 [ 33.496200][ T480] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [pid 480] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 480] ioctl(4, LOOP_CLR_FD [pid 300] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./12") = 0 [pid 300] mkdir("./13", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x555555d87660, 24) = 0 [pid 483] chdir("./13") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 298] <... umount2 resumed>) = 0 [pid 483] <... write resumed>) = 262144 [pid 483] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3 [pid 298] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 480] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] close(4) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 3 [pid 480] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 480] exit_group(0) = ? [pid 480] +++ exited with 0 +++ [ 33.496593][ T476] System zones: 1-12 [ 33.509823][ T476] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.527046][ T478] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.537802][ T483] loop5: detected capacity change from 0 to 512 [pid 298] newfstatat(AT_FDCWD, "./12/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 483] <... ioctl resumed>) = 0 [pid 483] close(3) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./12/file0", [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 483] mkdir("./file0", 0777) = 0 [ 33.546890][ T476] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.561381][ T476] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.567532][ T478] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.574331][ T483] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [pid 483] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 298] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 295] <... openat resumed>) = 3 [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(3, "", [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] getdents64(3, [pid 298] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] close(4 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 297] close(4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./12/file0" [pid 297] <... close resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./17/binderfs", [pid 298] <... rmdir resumed>) = 0 [pid 297] rmdir("./12/file0" [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] getdents64(3, [pid 297] <... rmdir resumed>) = 0 [pid 295] unlink("./17/binderfs" [pid 298] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 295] <... unlink resumed>) = 0 [pid 298] close(3 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 297] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./12" [pid 297] <... close resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./17/file0", [pid 298] <... rmdir resumed>) = 0 [pid 297] rmdir("./12" [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] mkdir("./13", 0777 [pid 297] <... rmdir resumed>) = 0 [pid 295] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... mkdir resumed>) = 0 [pid 297] mkdir("./13", 0777 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... openat resumed>) = 4 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 295] newfstatat(4, "", [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 297] close(3 [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555555d87650) = 484 [pid 295] close(4 [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 485 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./17/file0") = 0 [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./17") = 0 [pid 295] mkdir("./18", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 486 ./strace-static-x86_64: Process 485 attached [pid 485] set_robust_list(0x555555d87660, 24) = 0 [pid 485] chdir("./13") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 485] memfd_create("syzkaller", 0) = 3 [pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x555555d87660, 24) = 0 [pid 486] chdir("./18") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 484 attached ) = 3 [pid 486] write(3, "1000", 4 [pid 484] set_robust_list(0x555555d87660, 24 [pid 486] <... write resumed>) = 4 [pid 484] <... set_robust_list resumed>) = 0 [pid 486] close(3 [pid 484] chdir("./13" [pid 486] <... close resumed>) = 0 [pid 484] <... chdir resumed>) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs" [pid 485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 486] <... symlink resumed>) = 0 [pid 484] <... prctl resumed>) = 0 [pid 486] memfd_create("syzkaller", 0 [pid 484] setpgid(0, 0 [pid 486] <... memfd_create resumed>) = 3 [pid 484] <... setpgid resumed>) = 0 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 486] <... mmap resumed>) = 0x7fa39e8fb000 [pid 484] <... openat resumed>) = 3 [pid 485] <... write resumed>) = 262144 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3 [pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 484] <... close resumed>) = 0 [pid 484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 485] munmap(0x7fa39e8fb000, 138412032 [pid 486] <... write resumed>) = 262144 [pid 485] <... munmap resumed>) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 485] ioctl(4, LOOP_SET_FD, 3 [pid 486] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 33.586019][ T478] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.605425][ T483] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.614844][ T476] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.630227][ T476] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.638445][ T485] loop2: detected capacity change from 0 to 512 [pid 486] ioctl(4, LOOP_SET_FD, 3 [pid 484] <... write resumed>) = 262144 [pid 484] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 484] ioctl(4, LOOP_SET_FD, 3 [pid 476] <... mount resumed>) = 0 [pid 485] <... ioctl resumed>) = 0 [pid 485] close(3) = 0 [pid 485] mkdir("./file0", 0777) = 0 [ 33.643342][ T476] EXT4-fs (loop4): 1 orphan inode deleted [ 33.650125][ T486] loop0: detected capacity change from 0 to 512 [ 33.654652][ T476] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 33.661847][ T484] loop3: detected capacity change from 0 to 512 [ 33.685890][ T478] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 485] mount("/dev/loop2", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 486] <... ioctl resumed>) = 0 [pid 484] <... ioctl resumed>) = 0 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 486] close(3 [pid 484] close(3 [pid 476] <... openat resumed>) = 3 [pid 486] <... close resumed>) = 0 [pid 484] <... close resumed>) = 0 [pid 476] chdir("./file0" [pid 486] mkdir("./file0", 0777 [pid 484] mkdir("./file0", 0777 [pid 476] <... chdir resumed>) = 0 [pid 486] <... mkdir resumed>) = 0 [pid 484] <... mkdir resumed>) = 0 [pid 476] ioctl(4, LOOP_CLR_FD [pid 486] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 484] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 476] <... ioctl resumed>) = 0 [pid 476] close(4) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 476] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 476] exit_group(0) = ? [pid 476] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=476, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 299] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./13/binderfs") = 0 [ 33.692899][ T485] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 33.703409][ T478] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.709650][ T483] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.735527][ T478] EXT4-fs (loop1): 1 orphan inode deleted [ 33.736666][ T486] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 478] <... mount resumed>) = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("./file0") = 0 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./13/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./13") = 0 [pid 299] mkdir("./14", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = 0 [pid 299] close(3) = 0 [ 33.741893][ T478] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 33.748390][ T484] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 33.779077][ T486] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.791430][ T483] System zones: 1-12 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 488 [pid 478] <... close resumed>) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 478] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 478] exit_group(0) = ? [pid 478] +++ exited with 0 +++ [ 33.795383][ T485] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.810253][ T486] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4095657390)! [ 33.812850][ T483] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.821090][ T486] EXT4-fs (loop0): group descriptors corrupted! [ 33.839937][ T484] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE ./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x555555d87660, 24) = 0 [pid 488] chdir("./14") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 488] <... setpgid resumed>) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 488] <... openat resumed>) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] memfd_create("syzkaller", 0) = 3 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 488] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 488] close(3) = 0 [pid 488] mkdir("./file0", 0777) = 0 [pid 488] mount("/dev/loop4", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 296] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 33.853721][ T485] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.858058][ T488] loop4: detected capacity change from 0 to 512 [ 33.867760][ T485] System zones: 1-12 [ 33.872625][ T484] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.881885][ T483] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.885271][ T488] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [pid 296] unlink("./13/binderfs") = 0 [ 33.894437][ T485] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.901184][ T483] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.913883][ T484] System zones: 1-12 [ 33.930687][ T488] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 296] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 486] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 33.942675][ T484] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 33.943072][ T485] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.967410][ T483] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 33.969709][ T488] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 33.987290][ T483] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 33.987382][ T488] System zones: 1-12 [ 34.000100][ T484] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 34.004588][ T488] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 34.015868][ T485] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.042179][ T483] EXT4-fs (loop5): 1 orphan inode deleted [pid 486] ioctl(4, LOOP_CLR_FD) = 0 [pid 486] close(4) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 3 [pid 486] pwrite64(3, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 486] exit_group(0) = ? [pid 486] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [ 34.047846][ T484] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.052231][ T485] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 34.072341][ T484] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 296] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./13/file0", [pid 483] <... mount resumed>) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 483] chdir("./file0") = 0 [pid 483] ioctl(4, LOOP_CLR_FD) = 0 [pid 483] close(4) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 483] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 483] exit_group(0) = ? [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 34.078689][ T483] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 34.108399][ T488] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 34.115710][ T484] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.121026][ T485] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.133394][ T484] EXT4-fs (loop3): 1 orphan inode deleted [pid 295] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 483] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 300] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 300] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./13/binderfs") = 0 [pid 300] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] <... mount resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 484] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 4 [pid 295] newfstatat(3, "", [pid 484] chdir("./file0" [pid 296] newfstatat(4, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 484] <... chdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 484] ioctl(4, LOOP_CLR_FD [pid 296] getdents64(4, [pid 295] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [ 34.151165][ T488] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.151310][ T484] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 34.174427][ T485] EXT4-fs (loop2): 1 orphan inode deleted [ 34.187815][ T488] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [pid 484] <... ioctl resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 295] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] close(4 [pid 296] getdents64(4, [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 484] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 295] newfstatat(AT_FDCWD, "./18/binderfs", [pid 484] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK [pid 296] close(4 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 484] <... openat resumed>) = 4 [pid 296] <... close resumed>) = 0 [pid 295] unlink("./18/binderfs" [pid 484] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0 [pid 296] rmdir("./13/file0" [pid 295] <... unlink resumed>) = 0 [pid 484] <... pwrite64 resumed>) = -1 ENOSPC (No space left on device) [pid 296] <... rmdir resumed>) = 0 [pid 295] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] exit_group(0 [pid 296] getdents64(3, [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 484] <... exit_group resumed>) = ? [pid 296] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] newfstatat(AT_FDCWD, "./18/file0", [pid 484] +++ exited with 0 +++ [pid 296] close(3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 296] <... close resumed>) = 0 [pid 295] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./13" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] mkdir("./14", 0777 [pid 295] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 3 [pid 296] <... mkdir resumed>) = 0 [pid 298] newfstatat(3, "", [pid 295] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 296] <... openat resumed>) = 3 [pid 295] getdents64(4, [pid 298] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] getdents64(4, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 295] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] newfstatat(AT_FDCWD, "./13/binderfs", [pid 296] <... close resumed>) = 0 [pid 295] close(4 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... close resumed>) = 0 [pid 298] unlink("./13/binderfs" [pid 295] rmdir("./18/file0" [pid 298] <... unlink resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555555d87650) = 492 [pid 295] <... rmdir resumed>) = 0 [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./18") = 0 [pid 295] mkdir("./19", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 493 [pid 485] <... mount resumed>) = 0 [pid 485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 485] chdir("./file0") = 0 [pid 485] ioctl(4, LOOP_CLR_FD) = 0 [pid 485] close(4) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 485] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = -1 ENOSPC (No space left on device) [pid 485] exit_group(0) = ? [pid 485] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=485, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x555555d87660, 24) = 0 [pid 492] chdir("./14" [pid 297] <... restart_syscall resumed>) = 0 [pid 297] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./13/binderfs") = 0 [pid 297] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 492] <... chdir resumed>) = 0 [pid 492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 492] setpgid(0, 0) = 0 [pid 492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 492] write(3, "1000", 4) = 4 [pid 492] close(3) = 0 [pid 492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 492] memfd_create("syzkaller", 0) = 3 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 ./strace-static-x86_64: Process 493 attached [pid 492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 493] set_robust_list(0x555555d87660, 24) = 0 [pid 492] <... write resumed>) = 262144 [pid 492] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 492] ioctl(4, LOOP_SET_FD, 3 [pid 493] chdir("./19") = 0 [ 34.193545][ T485] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 34.229475][ T488] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.248688][ T488] EXT4-fs (loop4): 1 orphan inode deleted [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 492] <... ioctl resumed>) = 0 [pid 492] close(3) = 0 [pid 492] mkdir("./file0", 0777) = 0 [pid 492] mount("/dev/loop1", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 493] <... prctl resumed>) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] memfd_create("syzkaller", 0) = 3 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 493] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555555d90730 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./13/file0") = 0 [pid 300] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./13") = 0 [pid 300] mkdir("./14", 0777 [pid 493] <... ioctl resumed>) = 0 [pid 493] close(3) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 493] mkdir("./file0", 0777) = 0 [pid 493] mount("/dev/loop0", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 488] <... mount resumed>) = 0 [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 488] chdir("./file0") = 0 [pid 488] ioctl(4, LOOP_CLR_FD) = 0 [pid 488] close(4) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR|O_NONBLOCK) = 4 [pid 488] pwrite64(4, "\xe4\x62\x18\xc6\xa4\x62\xe6\x0e\xba\xac\x94\x8c\x94\xfb\x58\xbb\xe8\x51\x71\x10\xb5\x5c\x81\x2c\x73\xb4\xfc\x9b\xbf\x10\xb5\x41\xd4\x2c\x14\x41\xb8\xa7\x1e\xaf\x42\x92\x13\xd7\xf5\xf9\x1e\x89\xdf\x7b\xf6\x5b\x81\x51\x75\x07\xa8\x92\xb8\xdb\x08\x99\x48\x51\x56\x5b\xb7\x15\x23\xbd\xfa\x12\xa3\x0f\x80\xf8\xfb\x09\xd7\x98\x62\x31\x0a\x99\x1a\xe0\x9e\x79\xc2\x1a\x09\x14\xee\xa3\xed\xfc\x13\xaa\xf6\xc0"..., 4096, 0) = 4096 [pid 488] exit_group(0) = ? [pid 488] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 300] <... openat resumed>) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] <... restart_syscall resumed>) = 0 [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555555d87650) = 494 [ 34.251270][ T492] loop1: detected capacity change from 0 to 512 [ 34.254436][ T488] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=continue,usrjquota=,stripe=0x0000000000000007,nodiscard,,errors=continue. Quota mode: none. [ 34.275125][ T493] loop0: detected capacity change from 0 to 512 [ 34.285319][ T492] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [pid 299] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(3, "", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] newfstatat(AT_FDCWD, "./13/file0", [pid 299] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x555555d886f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(AT_FDCWD, "./14/binderfs", [pid 298] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(4, "", [pid 299] unlink("./14/binderfs" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] getdents64(4, [pid 299] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555555d90730 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./13/file0") = 0 [pid 298] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./13"./strace-static-x86_64: Process 494 attached ) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 494] set_robust_list(0x555555d87660, 24 [pid 298] mkdir("./14", 0777 [pid 297] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] <... set_robust_list resumed>) = 0 [pid 494] chdir("./14" [pid 298] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./13/file0", [pid 494] <... prctl resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 497 [pid 494] setpgid(0, 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 494] <... setpgid resumed>) = 0 [pid 297] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 494] write(3, "1000", 4 [pid 297] <... openat resumed>) = 4 [pid 494] <... write resumed>) = 4 [pid 297] newfstatat(4, "", [pid 494] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 494] <... close resumed>) = 0 [pid 297] getdents64(4, [pid 494] symlink("/dev/binderfs", "./binderfs" [pid 297] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 494] <... symlink resumed>) = 0 [pid 297] getdents64(4, [pid 494] memfd_create("syzkaller", 0 [pid 297] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 494] <... memfd_create resumed>) = 3 [pid 297] close(4 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... close resumed>) = 0 [pid 494] <... mmap resumed>) = 0x7fa39e8fb000 [pid 297] rmdir("./13/file0"./strace-static-x86_64: Process 497 attached [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 297] <... rmdir resumed>) = 0 [pid 497] set_robust_list(0x555555d87660, 24) = 0 [pid 497] chdir("./14" [pid 494] <... write resumed>) = 262144 [pid 297] getdents64(3, [pid 494] munmap(0x7fa39e8fb000, 138412032 [pid 297] <... getdents64 resumed>0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 494] <... munmap resumed>) = 0 [pid 297] close(3 [pid 494] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... close resumed>) = 0 [pid 494] <... openat resumed>) = 4 [pid 297] rmdir("./13" [pid 497] <... chdir resumed>) = 0 [ 34.297733][ T492] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.315424][ T493] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 34.319181][ T492] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a040e01c, mo2=0002] [ 34.332705][ T493] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.346266][ T492] System zones: 1-12 [pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 497] setpgid(0, 0) = 0 [pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 497] write(3, "1000", 4) = 4 [pid 497] close(3) = 0 [pid 497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 497] memfd_create("syzkaller", 0) = 3 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 494] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... rmdir resumed>) = 0 [pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 494] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 297] mkdir("./14", 0777 [pid 299] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", [pid 497] <... write resumed>) = 262144 [pid 494] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 297] <... mkdir resumed>) = 0 [pid 497] munmap(0x7fa39e8fb000, 138412032 [pid 494] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x555555d90730 /* 2 entries */, 32768) = 48 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 497] <... munmap resumed>) = 0 [pid 494] mkdir("./file0", 0777 [pid 299] getdents64(4, [pid 497] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 493] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] <... getdents64 resumed>0x555555d90730 /* 0 entries */, 32768) = 0 [pid 297] <... openat resumed>) = 3 [pid 497] <... openat resumed>) = 4 [pid 494] <... mkdir resumed>) = 0 [pid 493] ioctl(4, LOOP_CLR_FD [pid 299] close(4 [pid 297] ioctl(3, LOOP_CLR_FD [pid 497] ioctl(4, LOOP_SET_FD, 3 [pid 494] mount("/dev/loop5", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./14/file0") = 0 [pid 299] getdents64(3, 0x555555d886f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [ 34.358631][ T492] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor125: casefold flag without casefold feature [ 34.374005][ T493] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4095657390)! [ 34.374130][ T494] loop5: detected capacity change from 0 to 512 [ 34.390873][ T493] EXT4-fs (loop0): group descriptors corrupted! [pid 299] rmdir("./14") = 0 [pid 299] mkdir("./15", 0777) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 497] <... ioctl resumed>) = 0 [pid 497] close(3) = 0 [pid 497] mkdir("./file0", 0777) = 0 [pid 497] mount("/dev/loop3", "./file0", "ext4", MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "dioread_nolock,user_xattr,debug_want_extra_isize=0x000000000000005c,debug,mblk_io_submit,errors=cont"... [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 34.402117][ T492] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 34.405769][ T497] loop3: detected capacity change from 0 to 512 [ 34.414707][ T492] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.420449][ T494] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 34.438332][ T492] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor125: missing EA_INODE flag [ 34.440350][ T497] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [pid 297] close(3 [pid 299] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 297] <... clone resumed>, child_tidptr=0x555555d87650) = 498 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d87650) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x555555d87660, 24) = 0 [pid 499] chdir("./15") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 498 attached ) = 3 [pid 498] set_robust_list(0x555555d87660, 24) = 0 [pid 498] chdir("./14" [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 498] <... chdir resumed>) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 498] setpgid(0, 0) = 0 [pid 498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 498] write(3, "1000", 4 [pid 493] <... ioctl resumed>) = 0 [pid 499] memfd_create("syzkaller", 0) = 3 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa39e8fb000 [pid 493] close(4 [pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 499] munmap(0x7fa39e8fb000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 34.452141][ T492] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor125: error while reading EA inode 12 err=-117 [ 34.470997][ T494] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.484756][ T492] EXT4-fs (loop1): 1 orphan inode deleted [ 34.490673][ T497] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.496235][ T499] loop4: detected capacity change from 0 to 512