./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2421086218 <...> Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts. execve("./syz-executor2421086218", ["./syz-executor2421086218"], 0x7ffcc320daf0 /* 10 vars */) = 0 brk(NULL) = 0x555556bab000 brk(0x555556babe00) = 0x555556babe00 arch_prctl(ARCH_SET_FS, 0x555556bab480) = 0 set_tid_address(0x555556bab750) = 292 set_robust_list(0x555556bab760, 24) = 0 rseq(0x555556babda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2421086218", 4096) = 28 getrandom("\xb6\xa9\x88\x71\x8e\x27\x5d\x32", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556babe00 brk(0x555556bcce00) = 0x555556bcce00 brk(0x555556bcd000) = 0x555556bcd000 mprotect(0x7f3d06e9b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f3d06df0940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3d06df9cd0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f3d06df0940, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f3d06df9cd0}, NULL, 8) = 0 getrandom("\x1d\x88\x20\xbd\xc5\x1c\xa1\x29", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.foR9l2", 0700) = 0 chmod("./syzkaller.foR9l2", 0777) = 0 chdir("./syzkaller.foR9l2") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555556bab760, 24) = 0 [pid 293] chdir("./0") = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [pid 293] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 293] write(1, "executing program\n", 18) = 18 [pid 293] memfd_create("syzkaller", 0) = 3 [pid 293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 293] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 293] close(3) = 0 [ 21.554043][ T30] audit: type=1400 audit(1719581011.501:66): avc: denied { execmem } for pid=292 comm="syz-executor242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.564469][ T30] audit: type=1400 audit(1719581011.511:67): avc: denied { read write } for pid=292 comm="syz-executor242" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.569446][ T30] audit: type=1400 audit(1719581011.511:68): avc: denied { open } for pid=292 comm="syz-executor242" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.579910][ T293] loop0: detected capacity change from 0 to 512 [pid 293] close(4) = 0 [pid 293] mkdir("./file0", 0777) = 0 [ 21.591207][ T30] audit: type=1400 audit(1719581011.511:69): avc: denied { ioctl } for pid=292 comm="syz-executor242" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.641085][ T30] audit: type=1400 audit(1719581011.591:70): avc: denied { mounton } for pid=293 comm="syz-executor242" path="/root/syzkaller.foR9l2/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.682189][ T293] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 21.691032][ T293] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 21.706210][ T293] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [ 21.718388][ T293] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 293] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 293] chdir("./file0") = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_CLR_FD) = 0 [pid 293] close(4) = 0 [pid 293] mkdir("./file0", 0777) = 0 [pid 293] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 293] mkdir("./file1", 000) = 0 [pid 293] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 293] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 293] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 21.746293][ T30] audit: type=1400 audit(1719581011.701:71): avc: denied { mount } for pid=293 comm="syz-executor242" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.750638][ T293] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 293] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 293] open(".", O_RDONLY) = 5 [pid 293] lseek(5, 2047, SEEK_SET) = 2047 [ 21.774390][ T30] audit: type=1400 audit(1719581011.701:72): avc: denied { write } for pid=293 comm="syz-executor242" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.788695][ T293] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 21.809972][ T30] audit: type=1400 audit(1719581011.701:73): avc: denied { add_name } for pid=293 comm="syz-executor242" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.821342][ T293] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [pid 293] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 293] exit_group(0) = ? [pid 293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [ 21.842118][ T30] audit: type=1400 audit(1719581011.701:74): avc: denied { create } for pid=293 comm="syz-executor242" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 21.855088][ T293] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/0/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=3786747904, rec_len=15622, size=1024 fake=0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 21.875331][ T30] audit: type=1400 audit(1719581011.701:75): avc: denied { create } for pid=293 comm="syz-executor242" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x555556bab760, 24) = 0 [pid 298] chdir("./1") = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] write(1, "executing program\n", 18) = 18 [pid 298] memfd_create("syzkaller", 0) = 3 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 298] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 298] close(3) = 0 [pid 298] close(4) = 0 [pid 298] mkdir("./file0", 0777) = 0 [ 21.998790][ T298] loop0: detected capacity change from 0 to 512 [ 22.007050][ T298] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 22.015279][ T298] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 22.030388][ T298] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 298] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 298] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 298] chdir("./file0") = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 298] ioctl(4, LOOP_CLR_FD) = 0 [pid 298] close(4) = 0 [pid 298] mkdir("./file0", 0777) = 0 [pid 298] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 298] mkdir("./file1", 000) = 0 [pid 298] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 298] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 298] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 298] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 298] open(".", O_RDONLY) = 5 [pid 298] lseek(5, 2047, SEEK_SET) = 2047 [ 22.042764][ T298] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 22.077144][ T298] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.098687][ T298] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 22.110485][ T298] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 22.123530][ T298] ================================================================== [ 22.131380][ T298] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880 [ 22.139103][ T298] Read of size 2 at addr ffff88811d6ca003 by task syz-executor242/298 [ 22.147089][ T298] [ 22.149262][ T298] CPU: 1 PID: 298 Comm: syz-executor242 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 22.159327][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 22.169229][ T298] Call Trace: [ 22.172349][ T298] [ 22.175122][ T298] dump_stack_lvl+0x151/0x1b7 [ 22.179642][ T298] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.185105][ T298] ? panic+0x751/0x751 [ 22.189050][ T298] print_address_description+0x87/0x3b0 [ 22.194395][ T298] kasan_report+0x179/0x1c0 [ 22.198744][ T298] ? __ext4_check_dir_entry+0x700/0x880 [ 22.204114][ T298] ? __ext4_check_dir_entry+0x700/0x880 [ 22.209494][ T298] __asan_report_load2_noabort+0x14/0x20 [ 22.214961][ T298] __ext4_check_dir_entry+0x700/0x880 [ 22.220172][ T298] ? ext4_initialize_dirent_tail+0xe0/0xe0 [ 22.225813][ T298] ext4_readdir+0x1490/0x38d0 [ 22.230327][ T298] ? sched_clock+0x9/0x10 [ 22.234492][ T298] ? ext4_dir_llseek+0x540/0x540 [ 22.239263][ T298] ? __schedule+0xcd4/0x1590 [ 22.243691][ T298] ? __kasan_check_write+0x14/0x20 [ 22.248638][ T298] ? __kasan_check_read+0x11/0x20 [ 22.253503][ T298] ? fsnotify_perm+0x470/0x5d0 [ 22.258098][ T298] ? security_file_permission+0x86/0xb0 [ 22.263481][ T298] iterate_dir+0x265/0x610 [ 22.267733][ T298] ? ext4_dir_llseek+0x540/0x540 [ 22.272508][ T298] __se_sys_getdents64+0x1c1/0x460 [ 22.277454][ T298] ? __x64_sys_getdents64+0x90/0x90 [ 22.282489][ T298] ? filldir+0x680/0x680 [ 22.286567][ T298] ? __kasan_check_read+0x11/0x20 [ 22.291428][ T298] __x64_sys_getdents64+0x7b/0x90 [ 22.296288][ T298] do_syscall_64+0x3d/0xb0 [ 22.300541][ T298] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.306363][ T298] RIP: 0033:0x7f3d06e270e9 [ 22.310609][ T298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 22.330052][ T298] RSP: 002b:00007fff4f057368 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 22.338297][ T298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3d06e270e9 [ 22.346108][ T298] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005 [ 22.353920][ T298] RBP: 0000000000000000 R08: 00007fff4f05739c R09: 00007fff4f05739c [ 22.361758][ T298] R10: 00007fff4f05739c R11: 0000000000000246 R12: 00007fff4f05739c [ 22.369541][ T298] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007fff4f0573d0 [ 22.377356][ T298] [ 22.380218][ T298] [ 22.382389][ T298] The buggy address belongs to the page: [ 22.387863][ T298] page:ffffea000475b280 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11d6ca [ 22.397924][ T298] flags: 0x4000000000000000(zone=1) [ 22.402976][ T298] raw: 4000000000000000 ffffea000475b2c8 ffffea000478a008 0000000000000000 [ 22.411381][ T298] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 22.419797][ T298] page dumped because: kasan: bad access detected [ 22.426050][ T298] page_owner tracks the page as freed [ 22.431253][ T298] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 236, ts 16085646426, free_ts 16087143754 [ 22.446448][ T298] post_alloc_hook+0x1a3/0x1b0 [ 22.451041][ T298] prep_new_page+0x1b/0x110 [ 22.455380][ T298] get_page_from_freelist+0x3550/0x35d0 [ 22.460762][ T298] __alloc_pages+0x27e/0x8f0 [ 22.465188][ T298] handle_pte_fault+0xea0/0x24d0 [ 22.469965][ T298] do_handle_mm_fault+0x1ea9/0x23a0 [ 22.474996][ T298] exc_page_fault+0x3b5/0x830 [ 22.479509][ T298] asm_exc_page_fault+0x27/0x30 [ 22.484197][ T298] page last free stack trace: [ 22.488710][ T298] free_unref_page_prepare+0x7c8/0x7d0 [ 22.494005][ T298] free_unref_page_list+0x14b/0xa60 [ 22.499038][ T298] release_pages+0x1310/0x1370 [ 22.503640][ T298] free_pages_and_swap_cache+0x8a/0xa0 [ 22.508932][ T298] tlb_finish_mmu+0x177/0x320 [ 22.513447][ T298] unmap_region+0x304/0x350 [ 22.517793][ T298] __do_munmap+0x1421/0x1a90 [ 22.522215][ T298] __vm_munmap+0x166/0x2a0 [ 22.526465][ T298] __x64_sys_munmap+0x6b/0x80 [ 22.530978][ T298] do_syscall_64+0x3d/0xb0 [ 22.535232][ T298] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 22.540961][ T298] [ 22.543139][ T298] Memory state around the buggy address: [ 22.548602][ T298] ffff88811d6c9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.556502][ T298] ffff88811d6c9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.564398][ T298] >ffff88811d6ca000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.572294][ T298] ^ [ 22.576202][ T298] ffff88811d6ca080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.584102][ T298] ffff88811d6ca100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.591997][ T298] ================================================================== [pid 298] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 298] exit_group(0) = ? [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 22.599894][ T298] Disabling lock debugging due to kernel taint [ 22.607986][ T298] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/1/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556bab760, 24) = 0 [pid 300] chdir("./2") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18executing program ) = 18 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file0", 0777) = 0 [ 22.763454][ T300] loop0: detected capacity change from 0 to 512 [ 22.774730][ T300] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 22.783678][ T300] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 22.798873][ T300] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 300] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file0", 0777) = 0 [pid 300] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 300] mkdir("./file1", 000) = 0 [pid 300] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 300] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 300] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 22.811138][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 300] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 300] open(".", O_RDONLY) = 5 [pid 300] lseek(5, 2047, SEEK_SET) = 2047 [pid 300] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 22.845032][ T300] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 22.866491][ T300] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 22.878314][ T300] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 22.891535][ T300] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/2/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=90288128, rec_len=65359, size=1024 fake=0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555556bab760, 24) = 0 [pid 304] chdir("./3") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] write(1, "executing program\n", 18) = 18 [pid 304] memfd_create("syzkaller", 0) = 3 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 304] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 304] close(3) = 0 [pid 304] close(4) = 0 [pid 304] mkdir("./file0", 0777) = 0 [ 22.998069][ T304] loop0: detected capacity change from 0 to 512 [ 23.079977][ T304] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 23.087762][ T304] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 23.102983][ T304] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 304] mkdir("./file1", 000) = 0 [pid 304] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 304] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 304] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 304] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 304] open(".", O_RDONLY) = 5 [pid 304] lseek(5, 2047, SEEK_SET) = 2047 [ 23.115156][ T304] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 23.150134][ T304] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 304] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 23.171431][ T304] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 23.183171][ T304] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 23.196267][ T304] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556bab760, 24) = 0 [pid 306] chdir("./4") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file0", 0777) = 0 [ 23.317530][ T306] loop0: detected capacity change from 0 to 512 [ 23.399942][ T306] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 23.408061][ T306] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 23.423162][ T306] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 306] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file0") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file0", 0777) = 0 [pid 306] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 306] mkdir("./file1", 000) = 0 [pid 306] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 306] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 306] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 306] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 306] open(".", O_RDONLY) = 5 [pid 306] lseek(5, 2047, SEEK_SET) = 2047 [ 23.435472][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 23.468398][ T306] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 306] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 23.488879][ T306] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 23.500653][ T306] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 23.513792][ T306] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/4/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 308 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x555556bab760, 24) = 0 [pid 308] chdir("./5") = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] write(1, "executing program\n", 18) = 18 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 308] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file0", 0777) = 0 [ 23.638147][ T308] loop0: detected capacity change from 0 to 512 [ 23.646322][ T308] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 23.655046][ T308] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 23.670323][ T308] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 308] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file0") = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file0", 0777) = 0 [pid 308] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 308] mkdir("./file1", 000) = 0 [pid 308] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 308] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 308] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 308] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 308] open(".", O_RDONLY) = 5 [pid 308] lseek(5, 2047, SEEK_SET) = 2047 [ 23.682637][ T308] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 23.715825][ T308] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 308] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 308] exit_group(0) = ? [pid 308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 23.736350][ T308] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 23.748094][ T308] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 23.761225][ T308] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/5/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555556bab760, 24) = 0 [pid 310] chdir("./6") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] memfd_create("syzkaller", 0) = 3 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 310] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 310] close(3) = 0 [pid 310] close(4) = 0 [pid 310] mkdir("./file0", 0777) = 0 [ 23.883385][ T310] loop0: detected capacity change from 0 to 512 [ 23.911704][ T310] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [pid 310] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 310] ioctl(4, LOOP_CLR_FD) = 0 [pid 310] close(4) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 310] mkdir("./file1", 000) = 0 [pid 310] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 310] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 310] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 23.920069][ T310] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 23.935243][ T310] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [ 23.947389][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 310] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 310] open(".", O_RDONLY) = 5 [pid 310] lseek(5, 2047, SEEK_SET) = 2047 [ 23.980485][ T310] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.000978][ T310] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 24.012789][ T310] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [pid 310] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 310] exit_group(0) = ? [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 24.026059][ T310] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/6/file0: bad entry in directory: directory entry overrun - offset=1023, inode=494080, rec_len=3072, size=1024 fake=0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555556bab760, 24) = 0 [pid 313] chdir("./7") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] write(1, "executing program\n", 18executing program ) = 18 [pid 313] memfd_create("syzkaller", 0) = 3 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 313] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 313] close(3) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("./file0", 0777) = 0 [ 24.165316][ T313] loop0: detected capacity change from 0 to 512 [ 24.239972][ T313] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 24.247781][ T313] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 24.263019][ T313] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 313] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 313] chdir("./file0") = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 313] close(4) = 0 [pid 313] mkdir("./file0", 0777) = 0 [pid 313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 313] mkdir("./file1", 000) = 0 [pid 313] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 313] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 313] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 313] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 313] open(".", O_RDONLY) = 5 [pid 313] lseek(5, 2047, SEEK_SET) = 2047 [ 24.275210][ T313] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 24.308674][ T313] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 313] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 313] exit_group(0) = ? [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 24.329135][ T313] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 24.340793][ T313] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 24.353905][ T313] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/7/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=165855232, rec_len=20797, size=1024 fake=0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555556bab760, 24) = 0 [pid 315] chdir("./8") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] memfd_create("syzkaller", 0) = 3 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 315] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 315] close(3) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("./file0", 0777) = 0 [ 24.480748][ T315] loop0: detected capacity change from 0 to 512 [ 24.559931][ T315] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 24.567899][ T315] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 24.583088][ T315] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 315] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_CLR_FD) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("./file0", 0777) = 0 [pid 315] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 315] mkdir("./file1", 000) = 0 [pid 315] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 315] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 315] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 315] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 315] open(".", O_RDONLY) = 5 [pid 315] lseek(5, 2047, SEEK_SET) = 2047 [ 24.595254][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 24.625771][ T315] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 24.646508][ T315] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 315] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 315] exit_group(0) = ? [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 24.658371][ T315] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 24.671624][ T315] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/8/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 317 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x555556bab760, 24) = 0 [pid 317] chdir("./9") = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 317] write(1, "executing program\n", 18) = 18 [pid 317] memfd_create("syzkaller", 0) = 3 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 317] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 317] close(3) = 0 [pid 317] close(4) = 0 [pid 317] mkdir("./file0", 0777) = 0 [ 24.761607][ T317] loop0: detected capacity change from 0 to 512 [ 24.772870][ T317] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 24.781234][ T317] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 24.796443][ T317] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 317] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 317] chdir("./file0") = 0 [pid 317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 317] ioctl(4, LOOP_CLR_FD) = 0 [pid 317] close(4) = 0 [pid 317] mkdir("./file0", 0777) = 0 [pid 317] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 317] mkdir("./file1", 000) = 0 [pid 317] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 317] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 317] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 317] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 317] open(".", O_RDONLY) = 5 [pid 317] lseek(5, 2047, SEEK_SET) = 2047 [ 24.808710][ T317] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 24.840772][ T317] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 317] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 317] exit_group(0) = ? [pid 317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 24.861951][ T317] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 24.873628][ T317] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 24.886754][ T317] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/9/file0: bad entry in directory: directory entry overrun - offset=1023, inode=1081862144, rec_len=65532, size=1024 fake=0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555556bab760, 24) = 0 [pid 320] chdir("./10") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18executing program ) = 18 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 320] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] close(4) = 0 [pid 320] mkdir("./file0", 0777) = 0 [ 24.958094][ T320] loop0: detected capacity change from 0 to 512 [ 25.039962][ T320] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.047886][ T320] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 25.063131][ T320] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file0") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 320] mkdir("./file1", 000) = 0 [pid 320] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 320] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 320] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 320] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 320] open(".", O_RDONLY) = 5 [pid 320] lseek(5, 2047, SEEK_SET) = 2047 [ 25.075291][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 25.108439][ T320] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 320] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 320] exit_group(0) = ? [pid 320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 25.129939][ T320] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 25.141741][ T320] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 25.155000][ T320] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/10/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555556bab760, 24) = 0 [pid 322] chdir("./11") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 322] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file0", 0777) = 0 [ 25.282512][ T322] loop0: detected capacity change from 0 to 512 [ 25.293997][ T322] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.302055][ T322] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 25.317319][ T322] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 322] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 322] mkdir("./file1", 000) = 0 [pid 322] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 322] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 322] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 25.329769][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 322] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 322] open(".", O_RDONLY) = 5 [pid 322] lseek(5, 2047, SEEK_SET) = 2047 [pid 322] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 25.363581][ T322] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.384129][ T322] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 25.395819][ T322] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 25.408924][ T322] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555556bab760, 24) = 0 [pid 324] chdir("./12") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] write(1, "executing program\n", 18) = 18 [pid 324] memfd_create("syzkaller", 0) = 3 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 324] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 324] close(3) = 0 [pid 324] close(4) = 0 [pid 324] mkdir("./file0", 0777) = 0 [ 25.518385][ T324] loop0: detected capacity change from 0 to 512 [ 25.525946][ T324] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.534337][ T324] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 25.549451][ T324] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 324] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 324] chdir("./file0") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_CLR_FD) = 0 [pid 324] close(4) = 0 [pid 324] mkdir("./file0", 0777) = 0 [pid 324] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 324] mkdir("./file1", 000) = 0 [pid 324] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 324] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 324] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 324] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 324] open(".", O_RDONLY) = 5 [pid 324] lseek(5, 2047, SEEK_SET) = 2047 [ 25.561646][ T324] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 25.592592][ T324] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 324] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 324] exit_group(0) = ? [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555556bab760, 24) = 0 [pid 326] chdir("./13") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 326] write(1, "executing program\n", 18) = 18 [pid 326] memfd_create("syzkaller", 0) = 3 [pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 326] munmap(0x7f3cfe9e7000, 138412032) = 0 [ 25.613203][ T324] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 25.624885][ T324] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 25.638208][ T324] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/12/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 326] close(3) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("./file0", 0777) = 0 [ 25.700280][ T326] loop0: detected capacity change from 0 to 512 [ 25.780202][ T326] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.788096][ T326] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 25.803217][ T326] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 326] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 326] chdir("./file0") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 326] ioctl(4, LOOP_CLR_FD) = 0 [pid 326] close(4) = 0 [pid 326] mkdir("./file0", 0777) = 0 [pid 326] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 326] mkdir("./file1", 000) = 0 [pid 326] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 326] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 326] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 326] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 326] open(".", O_RDONLY) = 5 [pid 326] lseek(5, 2047, SEEK_SET) = 2047 [ 25.815358][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 25.845552][ T326] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 25.866013][ T326] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 326] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 326] exit_group(0) = ? [pid 326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 25.877758][ T326] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 25.890887][ T326] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/13/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=4005576704, rec_len=33538, size=1024 fake=0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556bab750) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555556bab760, 24) = 0 [pid 329] chdir("./14") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] write(1, "executing program\n", 18) = 18 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 329] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 329] close(3) = 0 [pid 329] close(4) = 0 [pid 329] mkdir("./file0", 0777) = 0 [ 25.977633][ T329] loop0: detected capacity change from 0 to 512 [ 25.986379][ T329] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 25.995368][ T329] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 26.011061][ T329] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 329] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 329] chdir("./file0") = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 329] close(4) = 0 [pid 329] mkdir("./file0", 0777) = 0 [pid 329] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 329] mkdir("./file1", 000) = 0 [pid 329] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 329] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 329] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 329] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 329] open(".", O_RDONLY) = 5 [pid 329] lseek(5, 2047, SEEK_SET) = 2047 [ 26.023290][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 26.057666][ T329] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 329] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 329] exit_group(0) = ? [pid 329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 26.078285][ T329] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 26.089937][ T329] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 26.103046][ T329] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/14/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555556bab760, 24) = 0 [pid 332] chdir("./15") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18) = 18 [pid 332] memfd_create("syzkaller", 0) = 3 [pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 332] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 332] close(3) = 0 [pid 332] close(4) = 0 [pid 332] mkdir("./file0", 0777) = 0 [ 26.197580][ T332] loop0: detected capacity change from 0 to 512 [ 26.300048][ T332] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 26.307801][ T332] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 26.323052][ T332] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 332] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 332] chdir("./file0") = 0 [pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 332] ioctl(4, LOOP_CLR_FD) = 0 [pid 332] close(4) = 0 [pid 332] mkdir("./file0", 0777) = 0 [pid 332] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 332] mkdir("./file1", 000) = 0 [pid 332] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 332] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 332] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 332] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 332] open(".", O_RDONLY) = 5 [pid 332] lseek(5, 2047, SEEK_SET) = 2047 [ 26.335221][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 26.368336][ T332] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 332] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 332] exit_group(0) = ? [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 26.389055][ T332] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 26.400789][ T332] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 26.413861][ T332] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/15/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555556bab760, 24) = 0 [pid 334] chdir("./16") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 334] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] close(4) = 0 [pid 334] mkdir("./file0", 0777) = 0 [ 26.588528][ T334] loop0: detected capacity change from 0 to 512 [ 26.670050][ T334] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 26.678081][ T334] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 26.693448][ T334] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 334] mkdir("./file1", 000) = 0 [pid 334] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 334] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 334] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 334] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 334] open(".", O_RDONLY) = 5 [pid 334] lseek(5, 2047, SEEK_SET) = 2047 [ 26.705628][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 26.737963][ T334] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 334] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 26.758811][ T334] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 26.770699][ T334] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 26.783785][ T334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/16/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555556bab760, 24) = 0 [pid 336] chdir("./17") = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 336] write(1, "executing program\n", 18executing program ) = 18 [pid 336] memfd_create("syzkaller", 0) = 3 [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 336] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 336] close(3) = 0 [pid 336] close(4) = 0 [pid 336] mkdir("./file0", 0777) = 0 [ 26.885629][ T336] loop0: detected capacity change from 0 to 512 [ 26.894612][ T336] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 26.902914][ T336] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 26.918207][ T336] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 336] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 336] chdir("./file0") = 0 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] ioctl(4, LOOP_CLR_FD) = 0 [pid 336] close(4) = 0 [pid 336] mkdir("./file0", 0777) = 0 [pid 336] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 336] mkdir("./file1", 000) = 0 [pid 336] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 336] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 336] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 336] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 336] open(".", O_RDONLY) = 5 [pid 336] lseek(5, 2047, SEEK_SET) = 2047 [ 26.930591][ T336] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 26.963408][ T336] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 336] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 336] exit_group(0) = ? [pid 336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 26.984061][ T336] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 26.995706][ T336] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 27.008820][ T336] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/17/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=3786747904, rec_len=15622, size=1024 fake=0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556bab750) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555556bab760, 24) = 0 [pid 339] chdir("./18") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 339] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 339] close(3) = 0 [pid 339] close(4) = 0 [pid 339] mkdir("./file0", 0777) = 0 [ 27.080982][ T339] loop0: detected capacity change from 0 to 512 [ 27.149976][ T339] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.157726][ T339] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 27.173017][ T339] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 339] mkdir("./file1", 000) = 0 [pid 339] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 339] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 339] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 339] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 339] open(".", O_RDONLY) = 5 [pid 339] lseek(5, 2047, SEEK_SET) = 2047 [ 27.185222][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 27.217539][ T339] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.238478][ T339] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 339] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 339] exit_group(0) = ? [pid 339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 27.250213][ T339] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 27.263421][ T339] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/18/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555556bab760, 24) = 0 [pid 341] chdir("./19") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 341] write(1, "executing program\n", 18) = 18 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 341] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [ 27.404757][ T341] loop0: detected capacity change from 0 to 512 [ 27.500156][ T341] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.507942][ T341] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 27.523200][ T341] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 341] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file0") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 341] mkdir("./file1", 000) = 0 [pid 341] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 341] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 341] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 341] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 341] open(".", O_RDONLY) = 5 [pid 341] lseek(5, 2047, SEEK_SET) = 2047 [ 27.535438][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 27.565598][ T341] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 27.586415][ T341] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 341] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 27.598108][ T341] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 27.611207][ T341] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/19/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555556bab760, 24) = 0 [pid 343] chdir("./20") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 343] write(1, "executing program\n", 18) = 18 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 343] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file0", 0777) = 0 [ 27.720555][ T343] loop0: detected capacity change from 0 to 512 [ 27.730231][ T343] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.738377][ T343] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 27.753515][ T343] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 343] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file0") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file0", 0777) = 0 [pid 343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 343] mkdir("./file1", 000) = 0 [pid 343] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 343] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 343] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 343] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 343] open(".", O_RDONLY) = 5 [pid 343] lseek(5, 2047, SEEK_SET) = 2047 [ 27.765674][ T343] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 27.797680][ T343] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 343] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 343] exit_group(0) = ? [pid 343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 27.818759][ T343] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 27.830424][ T343] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 27.843532][ T343] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/20/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556bab750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555556bab760, 24) = 0 [pid 345] chdir("./21") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18) = 18 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 345] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] close(4) = 0 [pid 345] mkdir("./file0", 0777) = 0 [ 27.917944][ T345] loop0: detected capacity change from 0 to 512 [ 27.926486][ T345] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 27.934614][ T345] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 27.949895][ T345] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file0") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 345] mkdir("./file1", 000) = 0 [pid 345] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 345] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 345] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 345] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 345] open(".", O_RDONLY) = 5 [pid 345] lseek(5, 2047, SEEK_SET) = 2047 [ 27.962268][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 27.996803][ T345] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 345] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 345] exit_group(0) = ? [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 28.017711][ T345] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 28.029491][ T345] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 28.042772][ T345] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/21/file0: bad entry in directory: directory entry overrun - offset=1023, inode=1143942912, rec_len=17492, size=1024 fake=0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x555556bab760, 24) = 0 [pid 348] chdir("./22") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] write(1, "executing program\n", 18executing program ) = 18 [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 348] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] close(4) = 0 [pid 348] mkdir("./file0", 0777) = 0 [ 28.203707][ T348] loop0: detected capacity change from 0 to 512 [ 28.213621][ T348] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 28.222040][ T348] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 28.237310][ T348] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 348] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("./file0") = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] mkdir("./file0", 0777) = 0 [pid 348] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 348] mkdir("./file1", 000) = 0 [pid 348] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 348] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 348] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 348] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 348] open(".", O_RDONLY) = 5 [pid 348] lseek(5, 2047, SEEK_SET) = 2047 [ 28.249452][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 28.282711][ T348] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 348] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 348] exit_group(0) = ? [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 28.303693][ T348] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 28.315431][ T348] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 28.328574][ T348] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/22/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555556bab760, 24) = 0 [pid 350] chdir("./23") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 350] write(1, "executing program\n", 18) = 18 [pid 350] memfd_create("syzkaller", 0) = 3 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 350] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 350] close(3) = 0 [pid 350] close(4) = 0 [pid 350] mkdir("./file0", 0777) = 0 [ 28.428816][ T350] loop0: detected capacity change from 0 to 512 [ 28.520002][ T350] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 28.527828][ T350] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 28.543000][ T350] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_CLR_FD) = 0 [pid 350] close(4) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 350] mkdir("./file1", 000) = 0 [pid 350] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 350] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 350] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 350] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 350] open(".", O_RDONLY) = 5 [pid 350] lseek(5, 2047, SEEK_SET) = 2047 [ 28.555088][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 28.585524][ T350] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 28.606307][ T350] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 350] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 350] exit_group(0) = ? [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 28.618064][ T350] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 28.631309][ T350] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/23/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=3138883328, rec_len=0, size=1024 fake=0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555556bab760, 24) = 0 [pid 352] chdir("./24") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] memfd_create("syzkaller", 0) = 3 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 352] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 352] close(3) = 0 [pid 352] close(4) = 0 [pid 352] mkdir("./file0", 0777) = 0 [ 28.758026][ T352] loop0: detected capacity change from 0 to 512 [ 28.765139][ T352] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 28.773163][ T352] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 28.788691][ T352] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 352] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 352] chdir("./file0") = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_CLR_FD) = 0 [pid 352] close(4) = 0 [pid 352] mkdir("./file0", 0777) = 0 [pid 352] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 352] mkdir("./file1", 000) = 0 [pid 352] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 352] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 352] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 352] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 352] open(".", O_RDONLY) = 5 [pid 352] lseek(5, 2047, SEEK_SET) = 2047 [ 28.801065][ T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 28.833403][ T352] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 352] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 352] exit_group(0) = ? [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 28.853915][ T352] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 28.865641][ T352] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 28.878741][ T352] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/24/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x555556bab760, 24) = 0 [pid 354] chdir("./25") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] write(1, "executing program\n", 18) = 18 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 354] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 354] close(3) = 0 [pid 354] close(4) = 0 [pid 354] mkdir("./file0", 0777) = 0 [ 28.951911][ T354] loop0: detected capacity change from 0 to 512 [ 29.029940][ T354] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 29.037790][ T354] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 29.052989][ T354] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("./file0") = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] mkdir("./file0", 0777) = 0 [pid 354] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 354] mkdir("./file1", 000) = 0 [pid 354] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 354] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 354] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 354] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 354] open(".", O_RDONLY) = 5 [pid 354] lseek(5, 2047, SEEK_SET) = 2047 [ 29.065232][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 29.097955][ T354] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.118431][ T354] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 354] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 354] exit_group(0) = ? [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 29.130231][ T354] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 29.143308][ T354] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/25/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555556bab760, 24) = 0 [pid 357] chdir("./26") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] memfd_create("syzkaller", 0) = 3 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 357] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 357] close(3) = 0 [pid 357] close(4) = 0 [pid 357] mkdir("./file0", 0777) = 0 [ 29.282134][ T357] loop0: detected capacity change from 0 to 512 [ 29.303043][ T357] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 29.310870][ T357] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [pid 357] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 357] chdir("./file0") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] close(4) = 0 [pid 357] mkdir("./file0", 0777) = 0 [pid 357] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 357] mkdir("./file1", 000) = 0 [pid 357] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 357] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 357] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 29.326056][ T357] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [ 29.338236][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 357] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 357] open(".", O_RDONLY) = 5 [pid 357] lseek(5, 2047, SEEK_SET) = 2047 [ 29.368618][ T357] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.389795][ T357] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 29.401443][ T357] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [pid 357] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 357] exit_group(0) = ? [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 29.414557][ T357] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x555556bab760, 24) = 0 [pid 359] chdir("./27") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] write(1, "executing program\n", 18executing program ) = 18 [pid 359] memfd_create("syzkaller", 0) = 3 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 359] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 359] close(3) = 0 [pid 359] close(4) = 0 [pid 359] mkdir("./file0", 0777) = 0 [ 29.492217][ T359] loop0: detected capacity change from 0 to 512 [ 29.549992][ T359] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 29.557892][ T359] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 29.573022][ T359] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 359] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 359] ioctl(4, LOOP_CLR_FD) = 0 [pid 359] close(4) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 359] mkdir("./file1", 000) = 0 [pid 359] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 359] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 359] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 359] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 359] open(".", O_RDONLY) = 5 [pid 359] lseek(5, 2047, SEEK_SET) = 2047 [ 29.585212][ T359] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 29.618088][ T359] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 29.638631][ T359] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 359] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 359] exit_group(0) = ? [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 29.650478][ T359] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 29.663614][ T359] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/27/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x555556bab760, 24) = 0 [pid 361] chdir("./28") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] write(1, "executing program\n", 18) = 18 [pid 361] memfd_create("syzkaller", 0) = 3 [pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 361] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 361] close(3) = 0 [pid 361] close(4) = 0 [pid 361] mkdir("./file0", 0777) = 0 [ 29.797933][ T361] loop0: detected capacity change from 0 to 512 [ 29.806282][ T361] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 29.814454][ T361] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 29.829619][ T361] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 361] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 361] chdir("./file0") = 0 [pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_CLR_FD) = 0 [pid 361] close(4) = 0 [pid 361] mkdir("./file0", 0777) = 0 [pid 361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 361] mkdir("./file1", 000) = 0 [pid 361] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 361] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 361] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 361] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 361] open(".", O_RDONLY) = 5 [pid 361] lseek(5, 2047, SEEK_SET) = 2047 [ 29.842069][ T361] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 29.875047][ T361] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 361] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 361] exit_group(0) = ? [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 29.895512][ T361] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 29.907367][ T361] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 29.920649][ T361] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x555556bab760, 24) = 0 [pid 364] chdir("./29") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 364] write(1, "executing program\n", 18) = 18 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 364] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] close(4) = 0 [pid 364] mkdir("./file0", 0777) = 0 [ 30.042751][ T364] loop0: detected capacity change from 0 to 512 [ 30.054132][ T364] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 30.062701][ T364] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 30.077923][ T364] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 364] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file0") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] mkdir("./file0", 0777) = 0 [pid 364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 364] mkdir("./file1", 000) = 0 [pid 364] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 364] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 364] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [ 30.090136][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 364] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 364] open(".", O_RDONLY) = 5 [pid 364] lseek(5, 2047, SEEK_SET) = 2047 [pid 364] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 364] exit_group(0) = ? [pid 364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 30.123852][ T364] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.144385][ T364] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 30.156194][ T364] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 30.169274][ T364] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/29/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x555556bab760, 24) = 0 [pid 366] chdir("./30") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 366] write(1, "executing program\n", 18) = 18 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 366] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file0", 0777) = 0 [ 30.277500][ T366] loop0: detected capacity change from 0 to 512 [ 30.359979][ T366] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 30.367899][ T366] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 30.383078][ T366] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 366] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file0") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file0", 0777) = 0 [pid 366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 366] mkdir("./file1", 000) = 0 [pid 366] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 366] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 366] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 366] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 366] open(".", O_RDONLY) = 5 [pid 366] lseek(5, 2047, SEEK_SET) = 2047 [ 30.395255][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 30.428556][ T366] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 366] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 30.449007][ T366] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 30.460709][ T366] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 30.473787][ T366] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/30/file0: bad entry in directory: directory entry overrun - offset=1023, inode=493568, rec_len=3072, size=1024 fake=0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556bab750) = 368 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555556bab760, 24) = 0 [pid 368] chdir("./31") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] write(1, "executing program\n", 18) = 18 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 368] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 30.548443][ T368] loop0: detected capacity change from 0 to 512 [ 30.583398][ T368] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [ 30.591395][ T368] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 30.606776][ T368] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [ 30.619151][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [pid 368] mkdir("./file0", 0777) = 0 [pid 368] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 368] mkdir("./file1", 000) = 0 [pid 368] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 368] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 368] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 368] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 368] open(".", O_RDONLY) = 5 [pid 368] lseek(5, 2047, SEEK_SET) = 2047 [ 30.649533][ T368] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.670884][ T368] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 30.682545][ T368] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [pid 368] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 368] exit_group(0) = ? [pid 368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 30.695659][ T368] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/31/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556bab750) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555556bab760, 24) = 0 [pid 370] chdir("./32") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 370] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("./file0", 0777) = 0 [ 30.798004][ T370] loop0: detected capacity change from 0 to 512 [ 30.843708][ T370] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 30.851619][ T370] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 30.866994][ T370] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 370] mkdir("./file1", 000) = 0 [pid 370] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 370] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 370] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 370] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 370] open(".", O_RDONLY) = 5 [pid 370] lseek(5, 2047, SEEK_SET) = 2047 [ 30.879193][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 30.909808][ T370] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 30.931416][ T370] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 370] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 370] exit_group(0) = ? [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 30.943183][ T370] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 30.956457][ T370] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/32/file0: bad entry in directory: rec_len % 4 != 0 - offset=1023, inode=90288128, rec_len=65359, size=1024 fake=0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x555556bab760, 24) = 0 [pid 373] chdir("./33") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18executing program ) = 18 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 373] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 373] close(3) = 0 [pid 373] close(4) = 0 [pid 373] mkdir("./file0", 0777) = 0 [ 31.064683][ T373] loop0: detected capacity change from 0 to 512 [ 31.129999][ T373] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.137994][ T373] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 31.153096][ T373] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 373] chdir("./file0") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_CLR_FD) = 0 [pid 373] close(4) = 0 [pid 373] mkdir("./file0", 0777) = 0 [pid 373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 373] mkdir("./file1", 000) = 0 [pid 373] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 373] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 373] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 373] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 373] open(".", O_RDONLY) = 5 [pid 373] lseek(5, 2047, SEEK_SET) = 2047 [ 31.165327][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 31.198452][ T373] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 373] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 373] exit_group(0) = ? [pid 373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 31.218894][ T373] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 31.230631][ T373] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 31.243742][ T373] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/33/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555556bab760, 24) = 0 [pid 375] chdir("./34") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 375] munmap(0x7f3cfe9e7000, 138412032executing program ) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] close(4) = 0 [pid 375] mkdir("./file0", 0777) = 0 [ 31.362424][ T375] loop0: detected capacity change from 0 to 512 [ 31.460027][ T375] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.468077][ T375] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 31.483216][ T375] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 375] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] mkdir("./file0", 0777) = 0 [pid 375] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 375] mkdir("./file1", 000) = 0 [pid 375] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 375] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 375] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 375] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 375] open(".", O_RDONLY) = 5 [pid 375] lseek(5, 2047, SEEK_SET) = 2047 [ 31.495391][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 31.527552][ T375] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [ 31.548124][ T375] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [pid 375] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 31.559971][ T375] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 31.573071][ T375] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/34/file0: bad entry in directory: directory entry overrun - offset=1023, inode=493568, rec_len=3072, size=1024 fake=0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555556bab760, 24) = 0 [pid 377] chdir("./35") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] write(1, "executing program\n", 18executing program ) = 18 [pid 377] memfd_create("syzkaller", 0) = 3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 377] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 377] close(3) = 0 [pid 377] close(4) = 0 [pid 377] mkdir("./file0", 0777) = 0 [ 31.704547][ T377] loop0: detected capacity change from 0 to 512 [ 31.712986][ T377] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.721167][ T377] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 31.736308][ T377] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 377] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 377] chdir("./file0") = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 377] ioctl(4, LOOP_CLR_FD) = 0 [pid 377] close(4) = 0 [pid 377] mkdir("./file0", 0777) = 0 [pid 377] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 377] mkdir("./file1", 000) = 0 [pid 377] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 377] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 377] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 377] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 377] open(".", O_RDONLY) = 5 [pid 377] lseek(5, 2047, SEEK_SET) = 2047 [ 31.748476][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 31.780238][ T377] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 377] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 377] exit_group(0) = ? [pid 377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 31.801707][ T377] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 31.813564][ T377] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 31.826753][ T377] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/35/file0: bad entry in directory: directory entry overrun - offset=1023, inode=493568, rec_len=3072, size=1024 fake=0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556bb4830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556bb4830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555556bac7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556bab750) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555556bab760, 24) = 0 [pid 380] chdir("./36") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] write(1, "executing program\n", 18) = 18 [pid 380] memfd_create("syzkaller", 0) = 3 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3cfe9e7000 [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 380] munmap(0x7f3cfe9e7000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 380] close(3) = 0 [pid 380] close(4) = 0 [pid 380] mkdir("./file0", 0777) = 0 [ 31.918634][ T380] loop0: detected capacity change from 0 to 512 [ 31.926225][ T380] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 31.934754][ T380] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor242: inline data xattr refers to an external xattr inode [ 31.950041][ T380] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor242: couldn't read orphan inode 12 (err -117) [pid 380] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_SYNCHRONOUS|MS_NOSYMFOLLOW|MS_NOATIME|MS_POSIXACL|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME|0x200, "inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota"...) = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_CLR_FD) = 0 [pid 380] close(4) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 380] mkdir("./file1", 000) = 0 [pid 380] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 380] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 380] link("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 380] rename("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = -1 EUCLEAN (Structure needs cleaning) [pid 380] open(".", O_RDONLY) = 5 [pid 380] lseek(5, 2047, SEEK_SET) = 2047 [ 31.962842][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 31.995899][ T380] EXT4-fs error (device loop0): make_indexed_dir:2284: inode #2: block 255: comm syz-executor242: bad entry in directory: rec_len is smaller than minimal - offset=1024, inode=5120, rec_len=0, size=993 fake=0 [pid 380] getdents64(5, NULL /* 0 entries */, 16) = 0 [pid 380] exit_group(0) = ? [pid 380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556bac7f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 32.016359][ T380] EXT4-fs warning (device loop0): dx_probe:832: inode #2: comm syz-executor242: Unrecognised inode hash code 49 [ 32.028139][ T380] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor242: Corrupt directory, running e2fsck is recommended [ 32.041418][ T380] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 255: comm syz-executor242: path /root/syzkaller.foR9l2/36/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0