./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3358309707 <...> Warning: Permanently added '10.128.1.237' (ED25519) to the list of known hosts. execve("./syz-executor3358309707", ["./syz-executor3358309707"], 0x7fffd4bff820 /* 10 vars */) = 0 brk(NULL) = 0x555576f98000 brk(0x555576f98d00) = 0x555576f98d00 arch_prctl(ARCH_SET_FS, 0x555576f98380) = 0 set_tid_address(0x555576f98650) = 5829 set_robust_list(0x555576f98660, 24) = 0 rseq(0x555576f98ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3358309707", 4096) = 28 getrandom("\xde\x62\xa6\xe5\xec\x82\x58\x42", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555576f98d00 brk(0x555576fb9d00) = 0x555576fb9d00 brk(0x555576fba000) = 0x555576fba000 mprotect(0x7fce8c460000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.Pny2hL", 0700) = 0 chmod("./syzkaller.Pny2hL", 0777) = 0 chdir("./syzkaller.Pny2hL") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached , child_tidptr=0x555576f98650) = 5830 [pid 5830] set_robust_list(0x555576f98660, 24) = 0 [pid 5830] chdir("./0") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] write(1, "executing program\n", 18executing program ) = 18 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5830] munmap(0x7fce83e00000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 61.661577][ T5830] loop0: detected capacity change from 0 to 512 [pid 5830] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5830] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] chdir("./file0") = 0 [pid 5830] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5830] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5830] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5830] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5830] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5830] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 61.698786][ T5830] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [ 61.713590][ T5830] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 61.727967][ T5830] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555576f98650) = 5834 ./strace-static-x86_64: Process 5834 attached [ 61.832565][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [pid 5834] set_robust_list(0x555576f98660, 24) = 0 [pid 5834] chdir("./1") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] write(1, "executing program\n", 18executing program ) = 18 [pid 5834] memfd_create("syzkaller", 0) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5834] munmap(0x7fce83e00000, 138412032) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5834] close(3) = 0 [pid 5834] close(4) = 0 [pid 5834] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 61.932220][ T5834] loop0: detected capacity change from 0 to 512 [pid 5834] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5834] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 61.980494][ T5834] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [ 61.996328][ T5834] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 62.010724][ T5834] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5834] chdir("./file0") = 0 [pid 5834] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5834] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5834] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5834] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5834] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5834] exit_group(0) = ? [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 62.086711][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. openat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x555576f98650) = 5836 [pid 5836] set_robust_list(0x555576f98660, 24) = 0 [pid 5836] chdir("./2") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5836] write(1, "executing program\n", 18) = 18 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5836] munmap(0x7fce83e00000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 62.370668][ T5836] loop0: detected capacity change from 0 to 512 [pid 5836] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5836] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5836] chdir("./file0") = 0 [pid 5836] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5836] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5836] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [ 62.410651][ T5836] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [ 62.425578][ T5836] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 62.439772][ T5836] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5836] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5836] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x555576f98650) = 5838 [pid 5838] set_robust_list(0x555576f98660, 24) = 0 [pid 5838] chdir("./3") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 executing program [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5838] munmap(0x7fce83e00000, 138412032) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.535597][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] close(4) = 0 [pid 5838] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 62.589129][ T5838] loop0: detected capacity change from 0 to 512 [ 62.613591][ T5838] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [pid 5838] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5838] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] chdir("./file0") = 0 [pid 5838] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5838] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5838] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5838] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5838] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5838] exit_group(0) = ? [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 62.629157][ T5838] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 62.643472][ T5838] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x555576f98650) = 5841 [pid 5841] set_robust_list(0x555576f98660, 24) = 0 [pid 5841] chdir("./4") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [pid 5841] memfd_create("syzkaller", 0) = 3 [ 62.685409][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5841] munmap(0x7fce83e00000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 62.753528][ T5841] loop0: detected capacity change from 0 to 512 [ 62.780419][ T5841] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [pid 5841] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5841] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5841] chdir("./file0") = 0 [pid 5841] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5841] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5841] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5841] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5841] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5841] exit_group(0) = ? [pid 5841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 62.800520][ T5841] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 62.815544][ T5841] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 62.876619][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x555576f98660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555576f98650) = 5843 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5843] chdir("./5") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5843] munmap(0x7fce83e00000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 63.124430][ T5843] loop0: detected capacity change from 0 to 512 [pid 5843] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5843] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] chdir("./file0") = 0 [pid 5843] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5843] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5843] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5843] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5843] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 63.163054][ T5843] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [ 63.178497][ T5843] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 63.193708][ T5843] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 63.368809][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached [pid 5845] set_robust_list(0x555576f98660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555576f98650) = 5845 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5845] chdir("./6") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5845] write(1, "executing program\n", 18) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5845] munmap(0x7fce83e00000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 63.521144][ T5845] loop0: detected capacity change from 0 to 512 [ 63.556842][ T5845] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [pid 5845] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5845] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] chdir("./file0") = 0 [pid 5845] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5845] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5845] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5845] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 5845] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555576f996f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 63.571789][ T5845] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 63.585873][ T5845] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555576fa1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555576fa1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555576f996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 63.640220][ T5829] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached [pid 5847] set_robust_list(0x555576f98660, 24) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x555576f98650) = 5847 [pid 5847] chdir("./7") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] write(1, "executing program\n", 18executing program ) = 18 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce83e00000 [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5847] munmap(0x7fce83e00000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 63.729068][ T5847] loop0: detected capacity change from 0 to 512 [pid 5847] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 5847] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [ 63.775566][ T5847] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor335: corrupted in-inode xattr: bad e_name length [ 63.790458][ T5847] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor335: couldn't read orphan inode 15 (err -117) [ 63.804471][ T5847] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5847] chdir("./file0") = 0 [pid 5847] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5847] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 5847] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 5847] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 63.877664][ T5847] ================================================================== [ 63.885915][ T5847] BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 [ 63.893752][ T5847] Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847 [ 63.903004][ T5847] [ 63.905350][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 [ 63.916636][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 63.926877][ T5847] Call Trace: [ 63.930254][ T5847] [ 63.933228][ T5847] dump_stack_lvl+0x241/0x360 [ 63.938489][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.944145][ T5847] ? __pfx__printk+0x10/0x10 [ 63.948826][ T5847] ? _printk+0xd5/0x120 [ 63.953017][ T5847] ? __virt_addr_valid+0x183/0x530 [ 63.958388][ T5847] ? __virt_addr_valid+0x183/0x530 [ 63.963525][ T5847] print_report+0x169/0x550 [ 63.968131][ T5847] ? __virt_addr_valid+0x183/0x530 [ 63.973426][ T5847] ? __virt_addr_valid+0x183/0x530 [ 63.978631][ T5847] ? __virt_addr_valid+0x45f/0x530 [ 63.983845][ T5847] ? __phys_addr+0xba/0x170 [ 63.988483][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.993791][ T5847] kasan_report+0x143/0x180 [ 63.998319][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 64.003790][ T5847] kasan_check_range+0x282/0x290 [ 64.008757][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 64.014394][ T5847] __asan_memcpy+0x40/0x70 [ 64.018992][ T5847] ext4_insert_dentry+0x36a/0x6d0 [ 64.024066][ T5847] add_dirent_to_buf+0x3d9/0x750 [ 64.029213][ T5847] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 64.034959][ T5847] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 64.041124][ T5847] make_indexed_dir+0xf98/0x1600 [ 64.046063][ T5847] ? __pfx_make_indexed_dir+0x10/0x10 [ 64.051454][ T5847] ? add_dirent_to_buf+0x398/0x750 [ 64.056591][ T5847] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 64.062074][ T5847] ? __ext4_read_dirblock+0x527/0x890 [ 64.067467][ T5847] ext4_add_entry+0x222a/0x25d0 [ 64.072350][ T5847] ? __pfx_ext4_initxattrs+0x10/0x10 [ 64.077663][ T5847] ? __pfx_security_inode_init_security+0x10/0x10 [ 64.084172][ T5847] ? rcu_is_watching+0x15/0xb0 [ 64.089109][ T5847] ? __brelse+0x59/0xa0 [ 64.093367][ T5847] ? __ext4_new_inode+0x380f/0x4380 [ 64.098589][ T5847] ? __pfx_ext4_add_entry+0x10/0x10 [ 64.103985][ T5847] ext4_add_nondir+0x8d/0x290 [ 64.108760][ T5847] ? ext4_symlink+0x6ce/0xb50 [ 64.113523][ T5847] ext4_symlink+0x920/0xb50 [ 64.118218][ T5847] ? __pfx_ext4_symlink+0x10/0x10 [ 64.123263][ T5847] ? generic_permission+0x1e0/0x550 [ 64.128481][ T5847] ? bpf_lsm_inode_symlink+0x9/0x10 [ 64.133784][ T5847] ? security_inode_symlink+0xbe/0x330 [ 64.139421][ T5847] vfs_symlink+0x137/0x2e0 [ 64.143869][ T5847] do_symlinkat+0x222/0x3a0 [ 64.148414][ T5847] ? __pfx_do_symlinkat+0x10/0x10 [ 64.153454][ T5847] ? strncpy_from_user+0x13a/0x260 [ 64.158578][ T5847] ? getname_flags+0x1e3/0x540 [ 64.163342][ T5847] __x64_sys_symlink+0x7a/0x90 [ 64.168213][ T5847] do_syscall_64+0xf3/0x230 [ 64.172734][ T5847] ? clear_bhb_loop+0x35/0x90 [ 64.177410][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.183428][ T5847] RIP: 0033:0x7fce8c3ec229 [ 64.187886][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.207518][ T5847] RSP: 002b:00007ffec7eb3138 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 64.216032][ T5847] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fce8c3ec229 [ 64.224123][ T5847] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 64.232101][ T5847] RBP: 0000000000000000 R08: 00007ffec7eb3170 R09: 00007ffec7eb3170 [ 64.240943][ T5847] R10: 00007ffec7eb3170 R11: 0000000000000246 R12: 00007ffec7eb315c [ 64.249012][ T5847] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffec7eb3190 [ 64.257263][ T5847] [ 64.260284][ T5847] [ 64.262598][ T5847] The buggy address belongs to the physical page: [ 64.269028][ T5847] page: refcount:3 mapcount:0 mapping:ffff8880235841f8 index:0x3f pfn:0x74572 [ 64.277913][ T5847] memcg:ffff88801bed4000 [ 64.282140][ T5847] aops:def_blk_aops ino:700000 dentry name(?):"" [ 64.288468][ T5847] flags: 0xfff00000004114(referenced|dirty|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 64.298459][ T5847] raw: 00fff00000004114 0000000000000000 dead000000000122 ffff8880235841f8 [ 64.307132][ T5847] raw: 000000000000003f ffff888073c9c2b8 00000003ffffffff ffff88801bed4000 [ 64.315798][ T5847] page dumped because: kasan: bad access detected [ 64.322263][ T5847] page_owner tracks the page as allocated [ 64.328070][ T5847] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5847, tgid 5847 (syz-executor335), ts 63877497829, free_ts 55876680526 [ 64.348795][ T5847] post_alloc_hook+0x1f3/0x230 [ 64.353698][ T5847] get_page_from_freelist+0x363e/0x3790 [ 64.359514][ T5847] __alloc_pages_noprof+0x292/0x710 [ 64.365363][ T5847] alloc_pages_mpol_noprof+0x3e8/0x680 [ 64.370829][ T5847] folio_alloc_noprof+0x128/0x180 [ 64.375937][ T5847] filemap_alloc_folio_noprof+0xdf/0x500 [ 64.381645][ T5847] __filemap_get_folio+0x446/0xbd0 [ 64.386882][ T5847] bdev_getblk+0x1d8/0x550 [ 64.391310][ T5847] ext4_getblk+0x303/0x800 [ 64.395738][ T5847] ext4_bread+0x2e/0x180 [ 64.400295][ T5847] ext4_append+0x327/0x5c0 [ 64.404734][ T5847] make_indexed_dir+0x523/0x1600 [ 64.409694][ T5847] ext4_add_entry+0x222a/0x25d0 [ 64.414805][ T5847] ext4_add_nondir+0x8d/0x290 [ 64.419671][ T5847] ext4_symlink+0x920/0xb50 [ 64.424182][ T5847] vfs_symlink+0x137/0x2e0 [ 64.428614][ T5847] page last free pid 5821 tgid 5821 stack trace: [ 64.434967][ T5847] free_unref_folios+0xd83/0x1720 [ 64.440011][ T5847] folios_put_refs+0x76c/0x860 [ 64.444767][ T5847] free_pages_and_swap_cache+0x2ea/0x690 [ 64.450423][ T5847] tlb_flush_mmu+0x3a3/0x680 [ 64.455216][ T5847] tlb_finish_mmu+0xd4/0x200 [ 64.459917][ T5847] exit_mmap+0x496/0xc40 [ 64.464202][ T5847] __mmput+0x115/0x380 [ 64.468284][ T5847] exit_mm+0x220/0x310 [ 64.472360][ T5847] do_exit+0x9b2/0x28e0 [ 64.476512][ T5847] do_group_exit+0x207/0x2c0 [ 64.481190][ T5847] __x64_sys_exit_group+0x3f/0x40 [ 64.486204][ T5847] x64_sys_call+0x2634/0x2640 [ 64.490885][ T5847] do_syscall_64+0xf3/0x230 [ 64.495570][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.501540][ T5847] [ 64.503850][ T5847] Memory state around the buggy address: [ 64.509491][ T5847] ffff888074572f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.517562][ T5847] ffff888074572f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.525638][ T5847] >ffff888074573000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.533786][ T5847] ^ [ 64.537896][ T5847] ffff888074573080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.546051][ T5847] ffff888074573100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.554247][ T5847] ================================================================== [ 64.562850][ T5847] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 64.570067][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 [ 64.581185][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 64.591243][ T5847] Call Trace: [ 64.594540][ T5847] [ 64.597499][ T5847] dump_stack_lvl+0x241/0x360 [ 64.602200][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.607506][ T5847] ? __pfx__printk+0x10/0x10 [ 64.612105][ T5847] ? preempt_schedule+0xe1/0xf0 [ 64.616962][ T5847] ? vscnprintf+0x5d/0x90 [ 64.621326][ T5847] panic+0x349/0x880 [ 64.625244][ T5847] ? check_panic_on_warn+0x21/0xb0 [ 64.630382][ T5847] ? __pfx_panic+0x10/0x10 [ 64.634899][ T5847] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 64.640989][ T5847] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.647970][ T5847] ? print_report+0x502/0x550 [ 64.652676][ T5847] check_panic_on_warn+0x86/0xb0 [ 64.657974][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 64.663199][ T5847] end_report+0x77/0x160 [ 64.667571][ T5847] kasan_report+0x154/0x180 [ 64.672079][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 64.677321][ T5847] kasan_check_range+0x282/0x290 [ 64.682277][ T5847] ? ext4_insert_dentry+0x36a/0x6d0 [ 64.687647][ T5847] __asan_memcpy+0x40/0x70 [ 64.692080][ T5847] ext4_insert_dentry+0x36a/0x6d0 [ 64.697119][ T5847] add_dirent_to_buf+0x3d9/0x750 [ 64.702087][ T5847] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 64.707589][ T5847] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 64.713700][ T5847] make_indexed_dir+0xf98/0x1600 [ 64.718649][ T5847] ? __pfx_make_indexed_dir+0x10/0x10 [ 64.724038][ T5847] ? add_dirent_to_buf+0x398/0x750 [ 64.729150][ T5847] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 64.734720][ T5847] ? __ext4_read_dirblock+0x527/0x890 [ 64.740102][ T5847] ext4_add_entry+0x222a/0x25d0 [ 64.744959][ T5847] ? __pfx_ext4_initxattrs+0x10/0x10 [ 64.750238][ T5847] ? __pfx_security_inode_init_security+0x10/0x10 [ 64.756819][ T5847] ? rcu_is_watching+0x15/0xb0 [ 64.761831][ T5847] ? __brelse+0x59/0xa0 [ 64.766104][ T5847] ? __ext4_new_inode+0x380f/0x4380 [ 64.771330][ T5847] ? __pfx_ext4_add_entry+0x10/0x10 [ 64.776633][ T5847] ext4_add_nondir+0x8d/0x290 [ 64.781331][ T5847] ? ext4_symlink+0x6ce/0xb50 [ 64.786116][ T5847] ext4_symlink+0x920/0xb50 [ 64.790640][ T5847] ? __pfx_ext4_symlink+0x10/0x10 [ 64.795675][ T5847] ? generic_permission+0x1e0/0x550 [ 64.800881][ T5847] ? bpf_lsm_inode_symlink+0x9/0x10 [ 64.806083][ T5847] ? security_inode_symlink+0xbe/0x330 [ 64.811583][ T5847] vfs_symlink+0x137/0x2e0 [ 64.816093][ T5847] do_symlinkat+0x222/0x3a0 [ 64.820719][ T5847] ? __pfx_do_symlinkat+0x10/0x10 [ 64.826021][ T5847] ? strncpy_from_user+0x13a/0x260 [ 64.831314][ T5847] ? getname_flags+0x1e3/0x540 [ 64.836075][ T5847] __x64_sys_symlink+0x7a/0x90 [ 64.840856][ T5847] do_syscall_64+0xf3/0x230 [ 64.845377][ T5847] ? clear_bhb_loop+0x35/0x90 [ 64.850059][ T5847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.856099][ T5847] RIP: 0033:0x7fce8c3ec229 [ 64.860573][ T5847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.880233][ T5847] RSP: 002b:00007ffec7eb3138 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 64.888785][ T5847] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fce8c3ec229 [ 64.896998][ T5847] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 64.904998][ T5847] RBP: 0000000000000000 R08: 00007ffec7eb3170 R09: 00007ffec7eb3170 [ 64.913061][ T5847] R10: 00007ffec7eb3170 R11: 0000000000000246 R12: 00007ffec7eb315c [ 64.921035][ T5847] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffec7eb3190 [ 64.929026][ T5847] [ 64.932509][ T5847] Kernel Offset: disabled [ 64.936852][ T5847] Rebooting in 86400 seconds..