./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor729095671
<...>
Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts.
execve("./syz-executor729095671", ["./syz-executor729095671"], 0x7ffdc82fe410 /* 10 vars */) = 0
brk(NULL) = 0x555571ff3000
brk(0x555571ff3d00) = 0x555571ff3d00
arch_prctl(ARCH_SET_FS, 0x555571ff3380) = 0
set_tid_address(0x555571ff3650) = 291
set_robust_list(0x555571ff3660, 24) = 0
rseq(0x555571ff3ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor729095671", 4096) = 27
getrandom("\x5b\x5e\x8a\x35\x25\x58\xba\x84", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555571ff3d00
brk(0x555572014d00) = 0x555572014d00
brk(0x555572015000) = 0x555572015000
mprotect(0x7f0e6a2ff000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
mkdir("./syzkaller.QkMVbB", 0700) = 0
chmod("./syzkaller.QkMVbB", 0777) = 0
chdir("./syzkaller.QkMVbB") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 292
./strace-static-x86_64: Process 292 attached
[pid 292] set_robust_list(0x555571ff3660, 24) = 0
[pid 292] chdir("./0") = 0
[pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 292] setpgid(0, 0) = 0
[pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 292] write(3, "1000", 4) = 4
[pid 292] close(3) = 0
[pid 292] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 292] write(1, "executing program\n", 18) = 18
[pid 292] memfd_create("syzkaller", 0) = 3
[pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 292] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 292] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 292] close(3) = 0
[pid 292] close(4) = 0
[pid 292] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 25.014628][ T24] audit: type=1400 audit(1740495101.100:66): avc: denied { execmem } for pid=291 comm="syz-executor729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 25.034141][ T24] audit: type=1400 audit(1740495101.120:67): avc: denied { read write } for pid=291 comm="syz-executor729" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.054155][ T292] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 25.059309][ T24] audit: type=1400 audit(1740495101.120:68): avc: denied { open } for pid=291 comm="syz-executor729" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.070612][ T292] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[pid 292] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 292] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 292] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 292] ioctl(4, LOOP_CLR_FD) = 0
[pid 292] close(4) = 0
[pid 292] chdir("./file0") = 0
[pid 292] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 292] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 292] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 292] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[ 25.094569][ T24] audit: type=1400 audit(1740495101.120:69): avc: denied { ioctl } for pid=291 comm="syz-executor729" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 25.106628][ T292] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[ 25.132209][ T24] audit: type=1400 audit(1740495101.120:70): avc: denied { mounton } for pid=292 comm="syz-executor729" path=2F726F6F742F73797A6B616C6C65722E516B4D5662422F302FE91F7189591E9233614B dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 25.159461][ T292] ==================================================================
[ 25.168492][ T24] audit: type=1400 audit(1740495101.230:71): avc: denied { mount } for pid=292 comm="syz-executor729" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 25.175708][ T292] BUG: KASAN: use-after-free in ext4_insert_dentry+0x392/0x710
[ 25.197804][ T24] audit: type=1400 audit(1740495101.230:72): avc: denied { write } for pid=292 comm="syz-executor729" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 25.204841][ T292] Write of size 251 at addr ffff88811fb7cf14 by task syz-executor729/292
[ 25.227315][ T24] audit: type=1400 audit(1740495101.230:73): avc: denied { add_name } for pid=292 comm="syz-executor729" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 25.235126][ T292]
[ 25.257176][ T24] audit: type=1400 audit(1740495101.230:74): avc: denied { create } for pid=292 comm="syz-executor729" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 25.258923][ T292] CPU: 1 PID: 292 Comm: syz-executor729 Not tainted 5.10.234-syzkaller-00023-g3f5f2283d684 #0
[ 25.280518][ T24] audit: type=1400 audit(1740495101.230:75): avc: denied { read append open } for pid=292 comm="syz-executor729" path=2F726F6F742F73797A6B616C6C65722E516B4D5662422F302FE91F7189591E9233614B2F66696C65302F6E65745F7072696F2E7072696F696478 dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 25.290151][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 25.290165][ T292] Call Trace:
[ 25.290182][ T292] dump_stack_lvl+0x1e2/0x24b
[ 25.290191][ T292] ? bfq_pos_tree_add_move+0x43b/0x43b
[ 25.290198][ T292] ? panic+0x812/0x812
[ 25.290217][ T292] ? __ext4_handle_dirty_metadata+0x2de/0x810
[ 25.354997][ T292] print_address_description+0x81/0x3b0
[ 25.360371][ T292] kasan_report+0x179/0x1c0
[ 25.364711][ T292] ? ext4_insert_dentry+0x392/0x710
[ 25.369749][ T292] ? ext4_insert_dentry+0x392/0x710
[ 25.374776][ T292] kasan_check_range+0x293/0x2a0
[ 25.379551][ T292] ? ext4_insert_dentry+0x392/0x710
[ 25.384586][ T292] memcpy+0x44/0x70
[ 25.388231][ T292] ext4_insert_dentry+0x392/0x710
[ 25.393087][ T292] add_dirent_to_buf+0x3ac/0x780
[ 25.397881][ T292] ? ext4_dx_add_entry+0x1600/0x1600
[ 25.402983][ T292] ? ext4_handle_dirty_dx_node+0x41c/0x580
[ 25.408733][ T292] make_indexed_dir+0xe9f/0x1500
[ 25.413501][ T292] ? add_dirent_to_buf+0x780/0x780
[ 25.418444][ T292] ? add_dirent_to_buf+0x36f/0x780
[ 25.423399][ T292] ? ext4_dx_add_entry+0x1600/0x1600
[ 25.428516][ T292] ? __kasan_check_read+0x11/0x20
[ 25.433457][ T292] ? __ext4_read_dirblock+0x4d8/0x8c0
[ 25.438668][ T292] ext4_add_entry+0xdcf/0x1280
[ 25.443263][ T292] ? memcpy+0x56/0x70
[ 25.447083][ T292] ? ext4_inc_count+0x190/0x190
[ 25.451768][ T292] ? dquot_initialize+0x20/0x20
[ 25.456455][ T292] ext4_add_nondir+0x97/0x270
[ 25.460968][ T292] ? memcpy+0x56/0x70
[ 25.464783][ T292] ext4_symlink+0x911/0xe40
[ 25.469129][ T292] ? ext4_unlink+0x3f0/0x3f0
[ 25.473560][ T292] ? selinux_inode_symlink+0x22/0x30
[ 25.478677][ T292] ? security_inode_symlink+0xb8/0x100
[ 25.483965][ T292] vfs_symlink+0x367/0x4f0
[ 25.488222][ T292] do_symlinkat+0x19b/0x400
[ 25.492560][ T292] ? do_notify_parent+0xa10/0xa10
[ 25.497421][ T292] ? do_mkdirat+0x2c0/0x2c0
[ 25.501758][ T292] __x64_sys_symlink+0x60/0x70
[ 25.506361][ T292] do_syscall_64+0x34/0x70
[ 25.510615][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 25.516340][ T292] RIP: 0033:0x7f0e6a28b269
[ 25.520595][ T292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 25.540038][ T292] RSP: 002b:00007ffe8fba6c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[ 25.548283][ T292] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f0e6a28b269
[ 25.556091][ T292] RDX: 0000000000000000 RSI: 0000400000000cc0 RDI: 0000400000000dc0
[ 25.563902][ T292] RBP: 0000400000000180 R08: 00007ffe8fba6c50 R09: 00007ffe8fba6c50
[ 25.571717][ T292] R10: 00007ffe8fba6c50 R11: 0000000000000246 R12: 0000000000000001
[ 25.579526][ T292] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe8fba6c70
[ 25.587336][ T292]
[ 25.589516][ T292] The buggy address belongs to the page:
[ 25.594993][ T292] page:ffffea00047edf00 refcount:3 mapcount:0 mapping:ffff88810919fe10 index:0x3f pfn:0x11fb7c
[ 25.605137][ T292] aops:def_blk_aops ino:0
[ 25.609298][ T292] flags: 0x400000000000202a(referenced|dirty|active|private)
[ 25.616510][ T292] raw: 400000000000202a dead000000000100 dead000000000122 ffff88810919fe10
[ 25.624921][ T292] raw: 000000000000003f ffff88811bbdf7e0 00000003ffffffff ffff88810013a000
[ 25.633338][ T292] page dumped because: kasan: bad access detected
[ 25.639586][ T292] page->mem_cgroup:ffff88810013a000
[ 25.644628][ T292] page_owner tracks the page as allocated
[ 25.650185][ T292] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 292, ts 25159342820, free_ts 19550221674
[ 25.667021][ T292] prep_new_page+0x166/0x180
[ 25.671441][ T292] get_page_from_freelist+0x2d8c/0x2f30
[ 25.676823][ T292] __alloc_pages_nodemask+0x435/0xaf0
[ 25.682033][ T292] pagecache_get_page+0x669/0x950
[ 25.686892][ T292] __getblk_gfp+0x221/0x7e0
[ 25.691232][ T292] ext4_getblk+0x259/0x660
[ 25.695484][ T292] ext4_bread+0x2f/0x1b0
[ 25.699563][ T292] ext4_append+0x29a/0x4d0
[ 25.703815][ T292] make_indexed_dir+0x505/0x1500
[ 25.708590][ T292] ext4_add_entry+0xdcf/0x1280
[ 25.713188][ T292] ext4_add_nondir+0x97/0x270
[ 25.717703][ T292] ext4_symlink+0x911/0xe40
[ 25.722042][ T292] vfs_symlink+0x367/0x4f0
[ 25.726295][ T292] do_symlinkat+0x19b/0x400
[ 25.730637][ T292] __x64_sys_symlink+0x60/0x70
[ 25.735232][ T292] do_syscall_64+0x34/0x70
[ 25.739484][ T292] page last free stack trace:
[ 25.744003][ T292] free_unref_page_prepare+0x2ae/0x2d0
[ 25.749293][ T292] free_unref_page_list+0x122/0xb20
[ 25.754330][ T292] release_pages+0xea0/0xef0
[ 25.758757][ T292] free_pages_and_swap_cache+0x8a/0xa0
[ 25.764051][ T292] tlb_finish_mmu+0x177/0x320
[ 25.768564][ T292] unmap_region+0x31c/0x370
[ 25.772903][ T292] __do_munmap+0x699/0x8c0
[ 25.777157][ T292] __se_sys_munmap+0x120/0x1a0
[ 25.781756][ T292] __x64_sys_munmap+0x5b/0x70
[ 25.786269][ T292] do_syscall_64+0x34/0x70
[ 25.790522][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 25.796248][ T292]
[ 25.798416][ T292] Memory state around the buggy address:
[ 25.803890][ T292] ffff88811fb7cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[pid 292] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 292] exit_group(0) = ?
[pid 292] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 25.811786][ T292] ffff88811fb7cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 25.819698][ T292] >ffff88811fb7d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 25.827579][ T292] ^
[ 25.831488][ T292] ffff88811fb7d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 25.839386][ T292] ffff88811fb7d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 25.847368][ T292] ==================================================================
[ 25.855265][ T292] Disabling lock debugging due to kernel taint
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 297
./strace-static-x86_64: Process 297 attached
[pid 297] set_robust_list(0x555571ff3660, 24) = 0
[pid 297] chdir("./1") = 0
[pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 297] setpgid(0, 0) = 0
[pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 297] write(3, "1000", 4) = 4
[pid 297] close(3) = 0
[pid 297] symlink("/dev/binderfs", "./binderfs") = 0
[pid 297] write(1, "executing program\n", 18) = 18
[pid 297] memfd_create("syzkaller", 0) = 3
[pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 297] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 297] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 297] close(3) = 0
[pid 297] close(4) = 0
[pid 297] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 297] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 297] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 297] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 297] ioctl(4, LOOP_CLR_FD) = 0
[pid 297] close(4) = 0
[pid 297] chdir("./file0") = 0
[pid 297] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 297] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 297] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 297] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 297] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 297] exit_group(0) = ?
[pid 297] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 26.009548][ T297] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.021885][ T297] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.034143][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 300
./strace-static-x86_64: Process 300 attached
[pid 300] set_robust_list(0x555571ff3660, 24) = 0
[pid 300] chdir("./2") = 0
[pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 300] setpgid(0, 0) = 0
[pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 300] write(3, "1000", 4) = 4
[pid 300] close(3) = 0
[pid 300] symlink("/dev/binderfs", "./binderfs") = 0
[pid 300] write(1, "executing program\n", 18) = 18
[pid 300] memfd_create("syzkaller", 0) = 3
[pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 300] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 300] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 300] close(3) = 0
[pid 300] close(4) = 0
[pid 300] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 300] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 300] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 300] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 300] ioctl(4, LOOP_CLR_FD) = 0
[pid 300] close(4) = 0
[pid 300] chdir("./file0") = 0
[pid 300] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 300] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 300] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 300] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 300] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 300] exit_group(0) = ?
[pid 300] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 303
./strace-static-x86_64: Process 303 attached
[pid 303] set_robust_list(0x555571ff3660, 24) = 0
[pid 303] chdir("./3") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 303] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 303] write(1, "executing program\n", 18) = 18
[pid 303] memfd_create("syzkaller", 0) = 3
[pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 303] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 303] close(3) = 0
[pid 303] close(4) = 0
[pid 303] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 26.159645][ T300] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.171952][ T300] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.184150][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 303] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 303] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 303] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_CLR_FD) = 0
[pid 303] close(4) = 0
[pid 303] chdir("./file0") = 0
[pid 303] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 303] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 303] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 303] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 303] exit_group(0) = ?
[pid 303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 26.229828][ T303] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.242162][ T303] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.254448][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 306
./strace-static-x86_64: Process 306 attached
[pid 306] set_robust_list(0x555571ff3660, 24) = 0
[pid 306] chdir("./4") = 0
[pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 306] setpgid(0, 0) = 0
[pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 306] write(3, "1000", 4executing program
) = 4
[pid 306] close(3) = 0
[pid 306] symlink("/dev/binderfs", "./binderfs") = 0
[pid 306] write(1, "executing program\n", 18) = 18
[pid 306] memfd_create("syzkaller", 0) = 3
[pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 306] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 306] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 306] close(3) = 0
[pid 306] close(4) = 0
[pid 306] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 306] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 306] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 306] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 306] ioctl(4, LOOP_CLR_FD) = 0
[pid 306] close(4) = 0
[pid 306] chdir("./file0") = 0
[pid 306] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 306] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 306] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 306] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 306] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 306] exit_group(0) = ?
[pid 306] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
[ 26.377993][ T306] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.390484][ T306] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.402809][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 309
./strace-static-x86_64: Process 309 attached
[pid 309] set_robust_list(0x555571ff3660, 24) = 0
[pid 309] chdir("./5") = 0
[pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 309] setpgid(0, 0) = 0
[pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 309] write(3, "1000", 4) = 4
[pid 309] close(3) = 0
[pid 309] symlink("/dev/binderfs", "./binderfs") = 0
[pid 309] write(1, "executing program\n", 18executing program
) = 18
[pid 309] memfd_create("syzkaller", 0) = 3
[pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 309] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 309] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 309] close(3) = 0
[pid 309] close(4) = 0
[pid 309] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 309] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 309] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 309] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 309] ioctl(4, LOOP_CLR_FD) = 0
[pid 309] close(4) = 0
[pid 309] chdir("./file0") = 0
[pid 309] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 309] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 309] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 309] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 309] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 309] exit_group(0) = ?
[pid 309] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 312
./strace-static-x86_64: Process 312 attached
[pid 312] set_robust_list(0x555571ff3660, 24) = 0
[pid 312] chdir("./6") = 0
[pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 312] setpgid(0, 0) = 0
[pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 312] write(3, "1000", 4) = 4
[pid 312] close(3) = 0
[pid 312] symlink("/dev/binderfs", "./binderfs") = 0
[pid 312] write(1, "executing program\n", 18executing program
) = 18
[pid 312] memfd_create("syzkaller", 0) = 3
[pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 312] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 312] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 312] close(3) = 0
[ 26.547701][ T309] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.560058][ T309] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.572380][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 312] close(4) = 0
[pid 312] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 312] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 312] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 312] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 312] ioctl(4, LOOP_CLR_FD) = 0
[pid 312] close(4) = 0
[pid 312] chdir("./file0") = 0
[pid 312] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 312] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 312] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 312] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 312] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 312] exit_group(0) = ?
[pid 312] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 26.660305][ T312] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.672696][ T312] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.684940][ T312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] set_robust_list(0x555571ff3660, 24) = 0
[pid 315] chdir("./7") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] close(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] write(1, "executing program\n", 18) = 18
[pid 315] memfd_create("syzkaller", 0) = 3
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 315] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 315] close(3) = 0
[pid 315] close(4) = 0
[pid 315] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 315] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 315] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 315] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 315] ioctl(4, LOOP_CLR_FD) = 0
[pid 315] close(4) = 0
[pid 315] chdir("./file0") = 0
[pid 315] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 315] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 315] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 315] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 315] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 319
./strace-static-x86_64: Process 319 attached
[pid 319] set_robust_list(0x555571ff3660, 24) = 0
[pid 319] chdir("./8") = 0
[pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 319] setpgid(0, 0) = 0
[pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 319] write(3, "1000", 4) = 4
[pid 319] close(3) = 0
[pid 319] symlink("/dev/binderfs", "./binderfs") = 0
[pid 319] write(1, "executing program\n", 18) = 18
[pid 319] memfd_create("syzkaller", 0) = 3
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 319] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 319] close(3) = 0
[ 26.847455][ T315] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 26.859807][ T315] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 26.872194][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 319] close(4) = 0
[pid 319] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 319] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 319] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 319] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_CLR_FD) = 0
[pid 319] close(4) = 0
[pid 319] chdir("./file0") = 0
[pid 319] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 319] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 319] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 319] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 319] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 319] exit_group(0) = ?
[pid 319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 27.007471][ T319] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.019829][ T319] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.032034][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 322
./strace-static-x86_64: Process 322 attached
[pid 322] set_robust_list(0x555571ff3660, 24) = 0
[pid 322] chdir("./9") = 0
[pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 322] setpgid(0, 0) = 0
[pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 322] write(3, "1000", 4) = 4
[pid 322] close(3) = 0
[pid 322] symlink("/dev/binderfs", "./binderfs") = 0
[pid 322] write(1, "executing program\n", 18) = 18
[pid 322] memfd_create("syzkaller", 0) = 3
[pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 322] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 322] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 322] close(3) = 0
[pid 322] close(4) = 0
[pid 322] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 322] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 322] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 322] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 322] ioctl(4, LOOP_CLR_FD) = 0
[pid 322] close(4) = 0
[pid 322] chdir("./file0") = 0
[pid 322] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 322] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 322] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 322] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 322] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 322] exit_group(0) = ?
[pid 322] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 27.138909][ T322] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.151340][ T322] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.163751][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 325
./strace-static-x86_64: Process 325 attached
[pid 325] set_robust_list(0x555571ff3660, 24) = 0
[pid 325] chdir("./10") = 0
[pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 325] setpgid(0, 0) = 0
[pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 325] write(3, "1000", 4) = 4
[pid 325] close(3) = 0
[pid 325] symlink("/dev/binderfs", "./binderfs") = 0
[pid 325] write(1, "executing program\n", 18) = 18
[pid 325] memfd_create("syzkaller", 0) = 3
[pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 325] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 325] close(3) = 0
[pid 325] close(4) = 0
[pid 325] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 325] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 325] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 325] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 325] ioctl(4, LOOP_CLR_FD) = 0
[pid 325] close(4) = 0
[pid 325] chdir("./file0") = 0
[pid 325] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 325] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 325] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 325] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 325] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 325] exit_group(0) = ?
[pid 325] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 27.340571][ T325] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.352888][ T325] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.365180][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 328
./strace-static-x86_64: Process 328 attached
[pid 328] set_robust_list(0x555571ff3660, 24) = 0
[pid 328] chdir("./11") = 0
[pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 328] setpgid(0, 0) = 0
[pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 328] write(3, "1000", 4) = 4
[pid 328] close(3) = 0
[pid 328] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 328] write(1, "executing program\n", 18) = 18
[pid 328] memfd_create("syzkaller", 0) = 3
[pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 328] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 328] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 328] close(3) = 0
[pid 328] close(4) = 0
[pid 328] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 328] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 328] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 328] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 328] ioctl(4, LOOP_CLR_FD) = 0
[pid 328] close(4) = 0
[pid 328] chdir("./file0") = 0
[pid 328] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 328] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 328] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 328] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 328] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 328] exit_group(0) = ?
[pid 328] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 27.549427][ T328] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.561794][ T328] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.574038][ T328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] set_robust_list(0x555571ff3660, 24) = 0
[pid 331] chdir("./12") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 331] write(1, "executing program\n", 18) = 18
[pid 331] memfd_create("syzkaller", 0) = 3
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 331] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 331] close(3) = 0
[pid 331] close(4) = 0
[pid 331] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 331] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 331] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 331] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 331] ioctl(4, LOOP_CLR_FD) = 0
[pid 331] close(4) = 0
[pid 331] chdir("./file0") = 0
[pid 331] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 331] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 331] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 331] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 331] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 334
./strace-static-x86_64: Process 334 attached
[pid 334] set_robust_list(0x555571ff3660, 24) = 0
[pid 334] chdir("./13") = 0
[pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 334] setpgid(0, 0) = 0
[pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 334] write(3, "1000", 4) = 4
[pid 334] close(3) = 0
[pid 334] symlink("/dev/binderfs", "./binderfs") = 0
[pid 334] write(1, "executing program\n", 18) = 18
[pid 334] memfd_create("syzkaller", 0) = 3
[pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 334] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 334] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 334] close(3) = 0
[ 27.697079][ T331] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.709448][ T331] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.721758][ T331] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 334] close(4) = 0
[pid 334] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 334] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 334] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 334] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 334] ioctl(4, LOOP_CLR_FD) = 0
[pid 334] close(4) = 0
[pid 334] chdir("./file0") = 0
[pid 334] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 334] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 334] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 334] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 334] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 334] exit_group(0) = ?
[pid 334] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
[ 27.810316][ T334] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.822634][ T334] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.834929][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 338
./strace-static-x86_64: Process 338 attached
[pid 338] set_robust_list(0x555571ff3660, 24) = 0
[pid 338] chdir("./14") = 0
[pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 338] setpgid(0, 0) = 0
[pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 338] write(3, "1000", 4) = 4
[pid 338] close(3) = 0
[pid 338] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 338] write(1, "executing program\n", 18) = 18
[pid 338] memfd_create("syzkaller", 0) = 3
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 338] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 338] close(3) = 0
[pid 338] close(4) = 0
[pid 338] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 338] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 338] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 338] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_CLR_FD) = 0
[pid 338] close(4) = 0
[pid 338] chdir("./file0") = 0
[pid 338] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 338] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 338] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 338] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 338] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 338] exit_group(0) = ?
[pid 338] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
[ 27.906403][ T338] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 27.918817][ T338] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 27.931015][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 341
./strace-static-x86_64: Process 341 attached
[pid 341] set_robust_list(0x555571ff3660, 24) = 0
[pid 341] chdir("./15") = 0
[pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 341] setpgid(0, 0) = 0
[pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 341] write(3, "1000", 4) = 4
[pid 341] close(3) = 0
[pid 341] symlink("/dev/binderfs", "./binderfs") = 0
[pid 341] write(1, "executing program\n", 18executing program
) = 18
[pid 341] memfd_create("syzkaller", 0) = 3
[pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 341] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 341] close(3) = 0
[pid 341] close(4) = 0
[pid 341] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 341] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 341] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 341] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 341] ioctl(4, LOOP_CLR_FD) = 0
[pid 341] close(4) = 0
[pid 341] chdir("./file0") = 0
[pid 341] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 341] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 341] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 341] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 341] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 341] exit_group(0) = ?
[pid 341] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
[ 28.063675][ T341] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.076117][ T341] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.088430][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 344
./strace-static-x86_64: Process 344 attached
[pid 344] set_robust_list(0x555571ff3660, 24) = 0
[pid 344] chdir("./16") = 0
[pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 344] setpgid(0, 0) = 0
[pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 344] write(3, "1000", 4) = 4
[pid 344] close(3) = 0
[pid 344] symlink("/dev/binderfs", "./binderfs") = 0
[pid 344] write(1, "executing program\n", 18) = 18
executing program
[pid 344] memfd_create("syzkaller", 0) = 3
[pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 344] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 344] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 344] close(3) = 0
[pid 344] close(4) = 0
[pid 344] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 344] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 344] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 344] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 344] ioctl(4, LOOP_CLR_FD) = 0
[pid 344] close(4) = 0
[pid 344] chdir("./file0") = 0
[pid 344] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 344] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 344] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 344] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 344] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 344] exit_group(0) = ?
[pid 344] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 28.309524][ T344] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.321853][ T344] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.334097][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 347
./strace-static-x86_64: Process 347 attached
[pid 347] set_robust_list(0x555571ff3660, 24) = 0
[pid 347] chdir("./17") = 0
[pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 347] setpgid(0, 0) = 0
[pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 347] write(3, "1000", 4) = 4
[pid 347] close(3) = 0
[pid 347] symlink("/dev/binderfs", "./binderfs") = 0
[pid 347] write(1, "executing program\n", 18executing program
) = 18
[pid 347] memfd_create("syzkaller", 0) = 3
[pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 347] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 347] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 347] close(3) = 0
[pid 347] close(4) = 0
[pid 347] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 347] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 347] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 347] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 347] ioctl(4, LOOP_CLR_FD) = 0
[pid 347] close(4) = 0
[pid 347] chdir("./file0") = 0
[pid 347] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 347] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 347] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 347] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 347] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 347] exit_group(0) = ?
[pid 347] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 350
./strace-static-x86_64: Process 350 attached
[pid 350] set_robust_list(0x555571ff3660, 24) = 0
[pid 350] chdir("./18") = 0
[pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 350] setpgid(0, 0) = 0
[pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 350] write(3, "1000", 4) = 4
[pid 350] close(3) = 0
[pid 350] symlink("/dev/binderfs", "./binderfs") = 0
[pid 350] write(1, "executing program\n", 18) = 18
executing program
[pid 350] memfd_create("syzkaller", 0) = 3
[pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 350] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 350] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 350] close(3) = 0
[pid 350] close(4) = 0
[pid 350] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 28.499525][ T347] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.511869][ T347] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.524160][ T347] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 350] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 350] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 350] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 350] ioctl(4, LOOP_CLR_FD) = 0
[pid 350] close(4) = 0
[pid 350] chdir("./file0") = 0
[pid 350] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 350] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 350] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 350] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 350] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 350] exit_group(0) = ?
[pid 350] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 353
./strace-static-x86_64: Process 353 attached
[pid 353] set_robust_list(0x555571ff3660, 24) = 0
[pid 353] chdir("./19") = 0
[pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 353] setpgid(0, 0) = 0
[pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 353] write(3, "1000", 4) = 4
[pid 353] close(3) = 0
[pid 353] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 353] write(1, "executing program\n", 18) = 18
[pid 353] memfd_create("syzkaller", 0) = 3
[pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 353] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 353] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 353] close(3) = 0
[pid 353] close(4) = 0
[pid 353] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 28.575426][ T350] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.587879][ T350] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.600070][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 353] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 353] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 353] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 353] ioctl(4, LOOP_CLR_FD) = 0
[pid 353] close(4) = 0
[pid 353] chdir("./file0") = 0
[pid 353] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 353] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 353] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 353] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 353] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 353] exit_group(0) = ?
[pid 353] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 28.645485][ T353] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.657870][ T353] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.670223][ T353] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 356
./strace-static-x86_64: Process 356 attached
[pid 356] set_robust_list(0x555571ff3660, 24) = 0
[pid 356] chdir("./20") = 0
[pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 356] setpgid(0, 0) = 0
[pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 356] write(3, "1000", 4) = 4
[pid 356] close(3) = 0
[pid 356] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 356] write(1, "executing program\n", 18) = 18
[pid 356] memfd_create("syzkaller", 0) = 3
[pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 356] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 356] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 356] close(3) = 0
[pid 356] close(4) = 0
[pid 356] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 356] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 356] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 356] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 356] ioctl(4, LOOP_CLR_FD) = 0
[pid 356] close(4) = 0
[pid 356] chdir("./file0") = 0
[pid 356] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 356] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 356] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 356] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 356] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 356] exit_group(0) = ?
[pid 356] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
[ 28.869655][ T356] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 28.882003][ T356] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 28.894192][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 360
./strace-static-x86_64: Process 360 attached
[pid 360] set_robust_list(0x555571ff3660, 24) = 0
[pid 360] chdir("./21") = 0
[pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 360] setpgid(0, 0) = 0
[pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 360] write(3, "1000", 4) = 4
[pid 360] close(3) = 0
[pid 360] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 360] write(1, "executing program\n", 18) = 18
[pid 360] memfd_create("syzkaller", 0) = 3
[pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 360] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 360] close(3) = 0
[pid 360] close(4) = 0
[pid 360] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 360] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 360] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 360] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 360] ioctl(4, LOOP_CLR_FD) = 0
[pid 360] close(4) = 0
[pid 360] chdir("./file0") = 0
[pid 360] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 360] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 360] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 360] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 360] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 360] exit_group(0) = ?
[pid 360] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
[ 29.016653][ T360] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.029086][ T360] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.041364][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 363
./strace-static-x86_64: Process 363 attached
[pid 363] set_robust_list(0x555571ff3660, 24) = 0
[pid 363] chdir("./22") = 0
[pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 363] setpgid(0, 0) = 0
[pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 363] write(3, "1000", 4) = 4
[pid 363] close(3) = 0
[pid 363] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 363] write(1, "executing program\n", 18) = 18
[pid 363] memfd_create("syzkaller", 0) = 3
[pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 363] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 363] close(3) = 0
[pid 363] close(4) = 0
[pid 363] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 363] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 363] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 363] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 363] ioctl(4, LOOP_CLR_FD) = 0
[pid 363] close(4) = 0
[pid 363] chdir("./file0") = 0
[pid 363] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 363] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 363] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 363] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 363] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 363] exit_group(0) = ?
[pid 363] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 366
./strace-static-x86_64: Process 366 attached
[pid 366] set_robust_list(0x555571ff3660, 24) = 0
[pid 366] chdir("./23") = 0
[pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 366] setpgid(0, 0) = 0
[pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 366] write(3, "1000", 4) = 4
[pid 366] close(3) = 0
[pid 366] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 366] write(1, "executing program\n", 18) = 18
[pid 366] memfd_create("syzkaller", 0) = 3
[pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 366] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 366] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 366] close(3) = 0
[ 29.220456][ T363] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.232803][ T363] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.245098][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 366] close(4) = 0
[pid 366] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 366] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 366] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 366] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 366] ioctl(4, LOOP_CLR_FD) = 0
[pid 366] close(4) = 0
[pid 366] chdir("./file0") = 0
[pid 366] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 366] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 366] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 366] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 366] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 366] exit_group(0) = ?
[pid 366] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
[ 29.367575][ T366] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.379901][ T366] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.392183][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 369
./strace-static-x86_64: Process 369 attached
[pid 369] set_robust_list(0x555571ff3660, 24) = 0
[pid 369] chdir("./24") = 0
[pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 369] setpgid(0, 0) = 0
[pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 369] write(3, "1000", 4) = 4
[pid 369] close(3) = 0
[pid 369] symlink("/dev/binderfs", "./binderfs") = 0
[pid 369] write(1, "executing program\n", 18) = 18
[pid 369] memfd_create("syzkaller", 0) = 3
[pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 369] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 369] close(3) = 0
[pid 369] close(4) = 0
[pid 369] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 369] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 369] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 369] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 369] ioctl(4, LOOP_CLR_FD) = 0
[pid 369] close(4) = 0
[pid 369] chdir("./file0") = 0
[pid 369] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 369] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 369] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 369] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 369] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 369] exit_group(0) = ?
[pid 369] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
[ 29.587483][ T369] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.599791][ T369] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.611988][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 372
./strace-static-x86_64: Process 372 attached
[pid 372] set_robust_list(0x555571ff3660, 24) = 0
[pid 372] chdir("./25") = 0
[pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 372] setpgid(0, 0) = 0
[pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 372] write(3, "1000", 4) = 4
[pid 372] close(3) = 0
[pid 372] symlink("/dev/binderfs", "./binderfs") = 0
[pid 372] write(1, "executing program\n", 18) = 18
[pid 372] memfd_create("syzkaller", 0) = 3
[pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 372] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 372] close(3) = 0
[pid 372] close(4) = 0
[pid 372] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 372] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 372] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 372] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 372] ioctl(4, LOOP_CLR_FD) = 0
[pid 372] close(4) = 0
[pid 372] chdir("./file0") = 0
[pid 372] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 372] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 372] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 372] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 372] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 372] exit_group(0) = ?
[pid 372] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 375
./strace-static-x86_64: Process 375 attached
[pid 375] set_robust_list(0x555571ff3660, 24) = 0
[pid 375] chdir("./26") = 0
[pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 375] setpgid(0, 0) = 0
[pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 375] write(3, "1000", 4) = 4
[pid 375] close(3) = 0
[pid 375] symlink("/dev/binderfs", "./binderfs") = 0
[pid 375] write(1, "executing program\n", 18executing program
) = 18
[pid 375] memfd_create("syzkaller", 0) = 3
[pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 375] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 375] close(3) = 0
[pid 375] close(4) = 0
[ 29.718166][ T372] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.730510][ T372] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.742807][ T372] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 375] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 375] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 375] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 375] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 375] ioctl(4, LOOP_CLR_FD) = 0
[pid 375] close(4) = 0
[pid 375] chdir("./file0") = 0
[pid 375] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 375] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 375] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 375] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 375] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 375] exit_group(0) = ?
[pid 375] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 29.801645][ T375] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.813954][ T375] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.826491][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 379
./strace-static-x86_64: Process 379 attached
[pid 379] set_robust_list(0x555571ff3660, 24) = 0
[pid 379] chdir("./27") = 0
[pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 379] setpgid(0, 0) = 0
[pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 379] write(3, "1000", 4) = 4
[pid 379] close(3) = 0
[pid 379] symlink("/dev/binderfs", "./binderfs") = 0
[pid 379] write(1, "executing program\n", 18) = 18
[pid 379] memfd_create("syzkaller", 0) = 3
[pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 379] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 379] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 379] close(3) = 0
[pid 379] close(4) = 0
[pid 379] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 379] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 379] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 379] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 379] ioctl(4, LOOP_CLR_FD) = 0
[pid 379] close(4) = 0
[pid 379] chdir("./file0") = 0
[pid 379] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 379] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 379] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 379] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 379] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 379] exit_group(0) = ?
[pid 379] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
[ 29.950765][ T379] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 29.963143][ T379] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 29.975459][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 382
./strace-static-x86_64: Process 382 attached
[pid 382] set_robust_list(0x555571ff3660, 24) = 0
[pid 382] chdir("./28") = 0
[pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 382] setpgid(0, 0) = 0
[pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 382] write(3, "1000", 4) = 4
[pid 382] close(3) = 0
[pid 382] symlink("/dev/binderfs", "./binderfs") = 0
[pid 382] write(1, "executing program\n", 18executing program
) = 18
[pid 382] memfd_create("syzkaller", 0) = 3
[pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 382] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 382] close(3) = 0
[pid 382] close(4) = 0
[pid 382] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 382] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 382] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 382] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 382] ioctl(4, LOOP_CLR_FD) = 0
[pid 382] close(4) = 0
[pid 382] chdir("./file0") = 0
[pid 382] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 382] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 382] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 382] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 382] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 382] exit_group(0) = ?
[pid 382] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
[ 30.148425][ T382] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.160738][ T382] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.173038][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 385
./strace-static-x86_64: Process 385 attached
[pid 385] set_robust_list(0x555571ff3660, 24) = 0
[pid 385] chdir("./29") = 0
[pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 385] setpgid(0, 0) = 0
[pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 385] write(3, "1000", 4) = 4
[pid 385] close(3) = 0
[pid 385] symlink("/dev/binderfs", "./binderfs") = 0
[pid 385] write(1, "executing program\n", 18) = 18
[pid 385] memfd_create("syzkaller", 0) = 3
[pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 385] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 385] close(3) = 0
[pid 385] close(4) = 0
[pid 385] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 385] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 385] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 385] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 385] ioctl(4, LOOP_CLR_FD) = 0
[pid 385] close(4) = 0
[pid 385] chdir("./file0") = 0
[pid 385] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 385] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 385] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 385] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 385] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 385] exit_group(0) = ?
[pid 385] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 388
./strace-static-x86_64: Process 388 attached
[pid 388] set_robust_list(0x555571ff3660, 24) = 0
[pid 388] chdir("./30") = 0
[pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 388] setpgid(0, 0) = 0
[pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 388] write(3, "1000", 4) = 4
[pid 388] close(3) = 0
[pid 388] symlink("/dev/binderfs", "./binderfs") = 0
[pid 388] write(1, "executing program\n", 18) = 18
[pid 388] memfd_create("syzkaller", 0) = 3
[pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 388] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 388] close(3) = 0
[ 30.329926][ T385] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.342342][ T385] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.354645][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 388] close(4) = 0
[pid 388] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 388] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 388] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 388] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 388] ioctl(4, LOOP_CLR_FD) = 0
[pid 388] close(4) = 0
[pid 388] chdir("./file0") = 0
[pid 388] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 388] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 388] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 388] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 388] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 388] exit_group(0) = ?
[pid 388] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
[ 30.440035][ T388] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.452421][ T388] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.464669][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
executing program
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 391
./strace-static-x86_64: Process 391 attached
[pid 391] set_robust_list(0x555571ff3660, 24) = 0
[pid 391] chdir("./31") = 0
[pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 391] setpgid(0, 0) = 0
[pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 391] write(3, "1000", 4) = 4
[pid 391] close(3) = 0
[pid 391] symlink("/dev/binderfs", "./binderfs") = 0
[pid 391] write(1, "executing program\n", 18) = 18
[pid 391] memfd_create("syzkaller", 0) = 3
[pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 391] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 391] close(3) = 0
[pid 391] close(4) = 0
[pid 391] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 391] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 391] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 391] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 391] ioctl(4, LOOP_CLR_FD) = 0
[pid 391] close(4) = 0
[pid 391] chdir("./file0") = 0
[pid 391] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 391] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 391] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 391] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 391] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 391] exit_group(0) = ?
[pid 391] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
[ 30.578748][ T391] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.591109][ T391] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.603423][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 394
./strace-static-x86_64: Process 394 attached
[pid 394] set_robust_list(0x555571ff3660, 24) = 0
[pid 394] chdir("./32") = 0
[pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 394] setpgid(0, 0) = 0
[pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 394] write(3, "1000", 4) = 4
[pid 394] close(3) = 0
[pid 394] symlink("/dev/binderfs", "./binderfs") = 0
[pid 394] write(1, "executing program\n", 18) = 18
[pid 394] memfd_create("syzkaller", 0) = 3
[pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 394] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 394] close(3) = 0
[pid 394] close(4) = 0
[pid 394] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 394] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 394] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 394] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 394] ioctl(4, LOOP_CLR_FD) = 0
[pid 394] close(4) = 0
[pid 394] chdir("./file0") = 0
[pid 394] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 394] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 394] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 394] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 394] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 394] exit_group(0) = ?
[pid 394] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
[ 30.697539][ T394] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.709945][ T394] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.722161][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 397
./strace-static-x86_64: Process 397 attached
[pid 397] set_robust_list(0x555571ff3660, 24) = 0
[pid 397] chdir("./33") = 0
[pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 397] setpgid(0, 0) = 0
[pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 397] write(3, "1000", 4) = 4
[pid 397] close(3) = 0
[pid 397] symlink("/dev/binderfs", "./binderfs") = 0
[pid 397] write(1, "executing program\n", 18) = 18
executing program
[pid 397] memfd_create("syzkaller", 0) = 3
[pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 397] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 397] close(3) = 0
[pid 397] close(4) = 0
[pid 397] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 397] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 397] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 397] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 397] ioctl(4, LOOP_CLR_FD) = 0
[pid 397] close(4) = 0
[pid 397] chdir("./file0") = 0
[pid 397] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 397] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 397] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 397] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 397] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 397] exit_group(0) = ?
[pid 397] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=1, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
[ 30.857914][ T397] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 30.870327][ T397] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 30.882565][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 401 attached
<unfinished ...>
[pid 401] set_robust_list(0x555571ff3660, 24) = 0
[pid 401] chdir("./34") = 0
[pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 401] setpgid(0, 0) = 0
[pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 401] write(3, "1000", 4) = 4
[pid 401] close(3 <unfinished ...>
[pid 291] <... clone resumed>, child_tidptr=0x555571ff3650) = 401
[pid 401] <... close resumed>) = 0
[pid 401] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 401] write(1, "executing program\n", 18) = 18
[pid 401] memfd_create("syzkaller", 0) = 3
[pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 401] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 401] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 401] close(3) = 0
[pid 401] close(4) = 0
[pid 401] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 401] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 401] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 401] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 401] ioctl(4, LOOP_CLR_FD) = 0
[pid 401] close(4) = 0
[pid 401] chdir("./file0") = 0
[pid 401] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 401] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 401] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 401] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 401] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 401] exit_group(0) = ?
[pid 401] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 404
./strace-static-x86_64: Process 404 attached
[pid 404] set_robust_list(0x555571ff3660, 24) = 0
[pid 404] chdir("./35") = 0
[pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 404] setpgid(0, 0) = 0
[pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 404] write(3, "1000", 4) = 4
[pid 404] close(3) = 0
[pid 404] symlink("/dev/binderfs", "./binderfs") = 0
[pid 404] write(1, "executing program\n", 18) = 18
[pid 404] memfd_create("syzkaller", 0) = 3
[pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[ 31.022551][ T401] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.034957][ T401] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.047208][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 404] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 404] close(3) = 0
[pid 404] close(4) = 0
[pid 404] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 404] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 404] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 404] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 404] ioctl(4, LOOP_CLR_FD) = 0
[pid 404] close(4) = 0
[pid 404] chdir("./file0") = 0
[pid 404] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 404] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 404] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 404] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 404] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 404] exit_group(0) = ?
[pid 404] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
[ 31.160066][ T404] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.172428][ T404] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.184666][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 407
./strace-static-x86_64: Process 407 attached
[pid 407] set_robust_list(0x555571ff3660, 24) = 0
[pid 407] chdir("./36") = 0
[pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 407] setpgid(0, 0) = 0
[pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 407] write(3, "1000", 4) = 4
[pid 407] close(3) = 0
[pid 407] symlink("/dev/binderfs", "./binderfs") = 0
[pid 407] write(1, "executing program\n", 18) = 18
[pid 407] memfd_create("syzkaller", 0) = 3
[pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 407] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 407] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 407] close(3) = 0
[pid 407] close(4) = 0
[pid 407] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 407] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 407] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 407] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 407] ioctl(4, LOOP_CLR_FD) = 0
[pid 407] close(4) = 0
[pid 407] chdir("./file0") = 0
[pid 407] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 407] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 407] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 407] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 407] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 407] exit_group(0) = ?
[pid 407] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
[ 31.367456][ T407] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.379847][ T407] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.392064][ T407] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 410
./strace-static-x86_64: Process 410 attached
[pid 410] set_robust_list(0x555571ff3660, 24) = 0
[pid 410] chdir("./37") = 0
[pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 410] setpgid(0, 0) = 0
[pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 410] write(3, "1000", 4) = 4
[pid 410] close(3) = 0
[pid 410] symlink("/dev/binderfs", "./binderfs") = 0
[pid 410] write(1, "executing program\n", 18) = 18
[pid 410] memfd_create("syzkaller", 0) = 3
[pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 410] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 410] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 410] close(3) = 0
[pid 410] close(4) = 0
[pid 410] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 410] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 410] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 410] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 410] ioctl(4, LOOP_CLR_FD) = 0
[pid 410] close(4) = 0
[pid 410] chdir("./file0") = 0
[pid 410] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 410] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 410] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 410] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 410] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 410] exit_group(0) = ?
[pid 410] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
[ 31.529710][ T410] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.542082][ T410] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.554363][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 413
./strace-static-x86_64: Process 413 attached
[pid 413] set_robust_list(0x555571ff3660, 24) = 0
[pid 413] chdir("./38") = 0
[pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 413] setpgid(0, 0) = 0
[pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 413] write(3, "1000", 4) = 4
[pid 413] close(3) = 0
[pid 413] symlink("/dev/binderfs", "./binderfs") = 0
[pid 413] write(1, "executing program\n", 18) = 18
executing program
[pid 413] memfd_create("syzkaller", 0) = 3
[pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 413] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 413] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 413] close(3) = 0
[pid 413] close(4) = 0
[pid 413] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 413] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 413] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 413] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 413] ioctl(4, LOOP_CLR_FD) = 0
[pid 413] close(4) = 0
[pid 413] chdir("./file0") = 0
[pid 413] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 413] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 413] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 413] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 413] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 413] exit_group(0) = ?
[pid 413] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
[ 31.700856][ T413] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.713166][ T413] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.725432][ T413] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 416
./strace-static-x86_64: Process 416 attached
[pid 416] set_robust_list(0x555571ff3660, 24) = 0
[pid 416] chdir("./39") = 0
[pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 416] setpgid(0, 0) = 0
[pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 416] write(3, "1000", 4) = 4
[pid 416] close(3) = 0
[pid 416] symlink("/dev/binderfs", "./binderfs") = 0
[pid 416] write(1, "executing program\n", 18) = 18
[pid 416] memfd_create("syzkaller", 0) = 3
[pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 416] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 416] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 416] close(3) = 0
[pid 416] close(4) = 0
[pid 416] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 416] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 416] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 416] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 416] ioctl(4, LOOP_CLR_FD) = 0
[pid 416] close(4) = 0
[pid 416] chdir("./file0") = 0
[pid 416] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 416] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 416] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 416] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 416] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 416] exit_group(0) = ?
[pid 416] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 31.798309][ T416] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.810632][ T416] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.822846][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 420
./strace-static-x86_64: Process 420 attached
[pid 420] set_robust_list(0x555571ff3660, 24) = 0
[pid 420] chdir("./40") = 0
[pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 420] setpgid(0, 0) = 0
[pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 420] write(3, "1000", 4) = 4
[pid 420] close(3) = 0
[pid 420] symlink("/dev/binderfs", "./binderfs") = 0
[pid 420] write(1, "executing program\n", 18) = 18
[pid 420] memfd_create("syzkaller", 0) = 3
[pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 420] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 420] close(3) = 0
[pid 420] close(4) = 0
[pid 420] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 420] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 420] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 420] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 420] ioctl(4, LOOP_CLR_FD) = 0
[pid 420] close(4) = 0
[pid 420] chdir("./file0") = 0
[pid 420] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 420] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 420] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 420] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 420] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 420] exit_group(0) = ?
[pid 420] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
[ 31.890201][ T420] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 31.902668][ T420] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 31.914912][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 423
./strace-static-x86_64: Process 423 attached
[pid 423] set_robust_list(0x555571ff3660, 24) = 0
[pid 423] chdir("./41") = 0
[pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 423] setpgid(0, 0) = 0
[pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 423] write(3, "1000", 4) = 4
[pid 423] close(3) = 0
[pid 423] symlink("/dev/binderfs", "./binderfs") = 0
[pid 423] write(1, "executing program\n", 18) = 18
[pid 423] memfd_create("syzkaller", 0) = 3
[pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 423] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 423] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 423] close(3) = 0
[pid 423] close(4) = 0
[pid 423] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 423] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 423] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 423] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 423] ioctl(4, LOOP_CLR_FD) = 0
[pid 423] close(4) = 0
[pid 423] chdir("./file0") = 0
[pid 423] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 423] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 423] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 423] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 423] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 423] exit_group(0) = ?
[pid 423] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
[ 32.041264][ T423] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.053623][ T423] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.065929][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 426
./strace-static-x86_64: Process 426 attached
[pid 426] set_robust_list(0x555571ff3660, 24) = 0
[pid 426] chdir("./42") = 0
[pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 426] setpgid(0, 0) = 0
[pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 426] write(3, "1000", 4) = 4
[pid 426] close(3) = 0
[pid 426] symlink("/dev/binderfs", "./binderfs") = 0
[pid 426] write(1, "executing program\n", 18) = 18
[pid 426] memfd_create("syzkaller", 0) = 3
[pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 426] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 426] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 426] close(3) = 0
[pid 426] close(4) = 0
[pid 426] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 426] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 426] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 426] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 426] ioctl(4, LOOP_CLR_FD) = 0
[pid 426] close(4) = 0
[pid 426] chdir("./file0") = 0
[pid 426] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 426] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 426] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 426] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 426] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 426] exit_group(0) = ?
[pid 426] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
[ 32.209829][ T426] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.222201][ T426] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.234511][ T426] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 429
./strace-static-x86_64: Process 429 attached
[pid 429] set_robust_list(0x555571ff3660, 24) = 0
[pid 429] chdir("./43") = 0
[pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 429] setpgid(0, 0) = 0
[pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 429] write(3, "1000", 4) = 4
[pid 429] close(3) = 0
[pid 429] symlink("/dev/binderfs", "./binderfs") = 0
[pid 429] write(1, "executing program\n", 18) = 18
[pid 429] memfd_create("syzkaller", 0) = 3
[pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 429] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 429] close(3) = 0
[pid 429] close(4) = 0
[pid 429] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 429] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 429] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 429] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 429] ioctl(4, LOOP_CLR_FD) = 0
[pid 429] close(4) = 0
[pid 429] chdir("./file0") = 0
[pid 429] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 429] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 429] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 429] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 429] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 429] exit_group(0) = ?
[pid 429] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
[ 32.350144][ T429] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.362545][ T429] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.374745][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 432
./strace-static-x86_64: Process 432 attached
[pid 432] set_robust_list(0x555571ff3660, 24) = 0
[pid 432] chdir("./44") = 0
[pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 432] setpgid(0, 0) = 0
[pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 432] write(3, "1000", 4) = 4
[pid 432] close(3) = 0
[pid 432] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 432] write(1, "executing program\n", 18) = 18
[pid 432] memfd_create("syzkaller", 0) = 3
[pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 432] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 432] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 432] close(3) = 0
[pid 432] close(4) = 0
[pid 432] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 432] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 432] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 432] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 432] ioctl(4, LOOP_CLR_FD) = 0
[pid 432] close(4) = 0
[pid 432] chdir("./file0") = 0
[pid 432] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 432] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 432] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 432] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 432] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 432] exit_group(0) = ?
[pid 432] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
[ 32.495763][ T432] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.508131][ T432] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.520477][ T432] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 435
./strace-static-x86_64: Process 435 attached
[pid 435] set_robust_list(0x555571ff3660, 24) = 0
[pid 435] chdir("./45") = 0
[pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 435] setpgid(0, 0) = 0
[pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 435] write(3, "1000", 4) = 4
[pid 435] close(3) = 0
[pid 435] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 435] write(1, "executing program\n", 18) = 18
[pid 435] memfd_create("syzkaller", 0) = 3
[pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 435] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 435] close(3) = 0
[pid 435] close(4) = 0
[pid 435] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 435] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 435] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 435] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 435] ioctl(4, LOOP_CLR_FD) = 0
[pid 435] close(4) = 0
[pid 435] chdir("./file0") = 0
[pid 435] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 435] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 435] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 435] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 435] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 435] exit_group(0) = ?
[pid 435] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
[ 32.655688][ T435] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.668174][ T435] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.680379][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 438
./strace-static-x86_64: Process 438 attached
[pid 438] set_robust_list(0x555571ff3660, 24) = 0
[pid 438] chdir("./46") = 0
[pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 438] setpgid(0, 0) = 0
[pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 438] write(3, "1000", 4) = 4
[pid 438] close(3) = 0
[pid 438] symlink("/dev/binderfs", "./binderfs") = 0
[pid 438] write(1, "executing program\n", 18) = 18
[pid 438] memfd_create("syzkaller", 0) = 3
[pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 438] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 438] close(3) = 0
[pid 438] close(4) = 0
[pid 438] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 438] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 438] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 438] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 438] ioctl(4, LOOP_CLR_FD) = 0
[pid 438] close(4) = 0
[pid 438] chdir("./file0") = 0
[pid 438] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 438] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 438] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 438] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 438] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 438] exit_group(0) = ?
[pid 438] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 441
executing program
./strace-static-x86_64: Process 441 attached
[pid 441] set_robust_list(0x555571ff3660, 24) = 0
[pid 441] chdir("./47") = 0
[pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 441] setpgid(0, 0) = 0
[pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 441] write(3, "1000", 4) = 4
[pid 441] close(3) = 0
[pid 441] symlink("/dev/binderfs", "./binderfs") = 0
[pid 441] write(1, "executing program\n", 18) = 18
[pid 441] memfd_create("syzkaller", 0) = 3
[pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 441] munmap(0x7f0e61e4c000, 138412032) = 0
[ 32.782061][ T438] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.794453][ T438] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.806777][ T438] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 441] close(3) = 0
[pid 441] close(4) = 0
[pid 441] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 441] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 441] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 441] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 441] ioctl(4, LOOP_CLR_FD) = 0
[pid 441] close(4) = 0
[pid 441] chdir("./file0") = 0
[pid 441] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 441] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 441] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 441] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 441] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 441] exit_group(0) = ?
[pid 441] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 445
./strace-static-x86_64: Process 445 attached
[pid 445] set_robust_list(0x555571ff3660, 24) = 0
[pid 445] chdir("./48") = 0
[pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 445] setpgid(0, 0) = 0
[pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 445] write(3, "1000", 4) = 4
[pid 445] close(3) = 0
[pid 445] symlink("/dev/binderfs", "./binderfs") = 0
[pid 445] write(1, "executing program\n", 18executing program
) = 18
[pid 445] memfd_create("syzkaller", 0) = 3
[pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[ 32.865150][ T441] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.877515][ T441] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.889911][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 445] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 445] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 445] close(3) = 0
[pid 445] close(4) = 0
[pid 445] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 445] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 445] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 445] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 445] ioctl(4, LOOP_CLR_FD) = 0
[pid 445] close(4) = 0
[pid 445] chdir("./file0") = 0
[pid 445] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 445] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 445] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 445] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 445] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 445] exit_group(0) = ?
[pid 445] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 448
./strace-static-x86_64: Process 448 attached
[pid 448] set_robust_list(0x555571ff3660, 24) = 0
[pid 448] chdir("./49") = 0
[pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 448] setpgid(0, 0) = 0
[pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 448] write(3, "1000", 4) = 4
[pid 448] close(3) = 0
[pid 448] symlink("/dev/binderfs", "./binderfs") = 0
[pid 448] write(1, "executing program\n", 18) = 18
[pid 448] memfd_create("syzkaller", 0) = 3
[pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 448] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 448] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 448] close(3) = 0
[pid 448] close(4) = 0
[pid 448] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.952023][ T445] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 32.964352][ T445] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 32.976767][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 448] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 448] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 448] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 448] ioctl(4, LOOP_CLR_FD) = 0
[pid 448] close(4) = 0
[pid 448] chdir("./file0") = 0
[pid 448] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 448] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 448] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 448] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 448] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 448] exit_group(0) = ?
[pid 448] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
[ 33.028683][ T448] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.040985][ T448] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.053286][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 452
./strace-static-x86_64: Process 452 attached
[pid 452] set_robust_list(0x555571ff3660, 24) = 0
[pid 452] chdir("./50") = 0
[pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 452] setpgid(0, 0) = 0
[pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 452] write(3, "1000", 4) = 4
[pid 452] close(3) = 0
[pid 452] symlink("/dev/binderfs", "./binderfs") = 0
[pid 452] write(1, "executing program\n", 18) = 18
[pid 452] memfd_create("syzkaller", 0) = 3
[pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 452] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 452] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 452] close(3) = 0
[pid 452] close(4) = 0
[pid 452] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 452] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 452] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 452] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 452] ioctl(4, LOOP_CLR_FD) = 0
[pid 452] close(4) = 0
[pid 452] chdir("./file0") = 0
[pid 452] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 452] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 452] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 452] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 452] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 452] exit_group(0) = ?
[pid 452] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
[ 33.159049][ T452] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.171412][ T452] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.183633][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 455
./strace-static-x86_64: Process 455 attached
[pid 455] set_robust_list(0x555571ff3660, 24) = 0
[pid 455] chdir("./51") = 0
[pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 455] setpgid(0, 0) = 0
[pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 455] write(3, "1000", 4) = 4
[pid 455] close(3) = 0
[pid 455] symlink("/dev/binderfs", "./binderfs") = 0
[pid 455] write(1, "executing program\n", 18) = 18
[pid 455] memfd_create("syzkaller", 0) = 3
[pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 455] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 455] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 455] close(3) = 0
[pid 455] close(4) = 0
[pid 455] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 455] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 455] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 455] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 455] ioctl(4, LOOP_CLR_FD) = 0
[pid 455] close(4) = 0
[pid 455] chdir("./file0") = 0
[pid 455] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 455] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 455] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 455] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 455] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 455] exit_group(0) = ?
[pid 455] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 458
./strace-static-x86_64: Process 458 attached
[pid 458] set_robust_list(0x555571ff3660, 24) = 0
[pid 458] chdir("./52") = 0
[pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 458] setpgid(0, 0) = 0
[pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 458] write(3, "1000", 4) = 4
[pid 458] close(3) = 0
[pid 458] symlink("/dev/binderfs", "./binderfs") = 0
[pid 458] write(1, "executing program\n", 18) = 18
[pid 458] memfd_create("syzkaller", 0) = 3
[pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 458] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 458] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 458] close(3) = 0
[pid 458] close(4) = 0
[pid 458] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.330026][ T455] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.342448][ T455] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.354659][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 458] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 458] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 458] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 458] ioctl(4, LOOP_CLR_FD) = 0
[pid 458] close(4) = 0
[pid 458] chdir("./file0") = 0
[pid 458] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 458] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 458] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 458] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 458] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 458] exit_group(0) = ?
[pid 458] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=458, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 33.410835][ T458] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.423158][ T458] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.435591][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 461
./strace-static-x86_64: Process 461 attached
[pid 461] set_robust_list(0x555571ff3660, 24) = 0
[pid 461] chdir("./53") = 0
[pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 461] setpgid(0, 0) = 0
[pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 461] write(3, "1000", 4) = 4
[pid 461] close(3) = 0
[pid 461] symlink("/dev/binderfs", "./binderfs") = 0
[pid 461] write(1, "executing program\n", 18) = 18
[pid 461] memfd_create("syzkaller", 0) = 3
[pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 461] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 461] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 461] close(3) = 0
[pid 461] close(4) = 0
[pid 461] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 461] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 461] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 461] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 461] ioctl(4, LOOP_CLR_FD) = 0
[pid 461] close(4) = 0
[pid 461] chdir("./file0") = 0
[pid 461] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 461] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 461] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 461] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 461] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 461] exit_group(0) = ?
[pid 461] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./53/binderfs") = 0
[ 33.496755][ T461] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.509085][ T461] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.521510][ T461] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 464
./strace-static-x86_64: Process 464 attached
[pid 464] set_robust_list(0x555571ff3660, 24) = 0
[pid 464] chdir("./54") = 0
[pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 464] setpgid(0, 0) = 0
[pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 464] write(3, "1000", 4) = 4
[pid 464] close(3) = 0
[pid 464] symlink("/dev/binderfs", "./binderfs") = 0
[pid 464] write(1, "executing program\n", 18) = 18
[pid 464] memfd_create("syzkaller", 0) = 3
[pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 464] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 464] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 464] close(3) = 0
[pid 464] close(4) = 0
[pid 464] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 464] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 464] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 464] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 464] ioctl(4, LOOP_CLR_FD) = 0
[pid 464] close(4) = 0
[pid 464] chdir("./file0") = 0
[pid 464] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 464] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 464] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 464] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 464] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 464] exit_group(0) = ?
[pid 464] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./54/binderfs") = 0
umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 467
./strace-static-x86_64: Process 467 attached
[pid 467] set_robust_list(0x555571ff3660, 24) = 0
[pid 467] chdir("./55") = 0
[pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 467] setpgid(0, 0) = 0
[pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 467] write(3, "1000", 4) = 4
[pid 467] close(3) = 0
[pid 467] symlink("/dev/binderfs", "./binderfs") = 0
[pid 467] write(1, "executing program\n", 18executing program
) = 18
[pid 467] memfd_create("syzkaller", 0) = 3
[pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 467] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 467] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 467] close(3) = 0
[ 33.658324][ T464] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.670746][ T464] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.683116][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[pid 467] close(4) = 0
[pid 467] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 467] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 467] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 467] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 467] ioctl(4, LOOP_CLR_FD) = 0
[pid 467] close(4) = 0
[pid 467] chdir("./file0") = 0
[pid 467] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 467] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 467] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 467] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 467] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 467] exit_group(0) = ?
[pid 467] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./55/binderfs") = 0
[ 33.779778][ T467] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.792111][ T467] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.804406][ T467] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./55") = 0
mkdir("./56", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 471
./strace-static-x86_64: Process 471 attached
[pid 471] set_robust_list(0x555571ff3660, 24) = 0
[pid 471] chdir("./56") = 0
[pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 471] setpgid(0, 0) = 0
[pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 471] write(3, "1000", 4) = 4
[pid 471] close(3) = 0
[pid 471] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 471] write(1, "executing program\n", 18) = 18
[pid 471] memfd_create("syzkaller", 0) = 3
[pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 471] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 471] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 471] close(3) = 0
[pid 471] close(4) = 0
[pid 471] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 471] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 471] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 471] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 471] ioctl(4, LOOP_CLR_FD) = 0
[pid 471] close(4) = 0
[pid 471] chdir("./file0") = 0
[pid 471] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 471] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 471] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 471] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 471] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 471] exit_group(0) = ?
[pid 471] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./56/binderfs") = 0
umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./56") = 0
mkdir("./57", 0777) = 0
[ 33.949473][ T471] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 33.961795][ T471] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 33.974149][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 474
./strace-static-x86_64: Process 474 attached
[pid 474] set_robust_list(0x555571ff3660, 24) = 0
[pid 474] chdir("./57") = 0
[pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 474] setpgid(0, 0) = 0
[pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 474] write(3, "1000", 4) = 4
[pid 474] close(3) = 0
[pid 474] symlink("/dev/binderfs", "./binderfs") = 0
[pid 474] write(1, "executing program\n", 18executing program
) = 18
[pid 474] memfd_create("syzkaller", 0) = 3
[pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 474] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 474] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 474] close(3) = 0
[pid 474] close(4) = 0
[pid 474] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 474] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 474] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 474] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 474] ioctl(4, LOOP_CLR_FD) = 0
[pid 474] close(4) = 0
[pid 474] chdir("./file0") = 0
[pid 474] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 474] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 474] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 474] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 474] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 474] exit_group(0) = ?
[pid 474] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./57/binderfs") = 0
[ 34.088887][ T474] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.101234][ T474] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.113548][ T474] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./57") = 0
mkdir("./58", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x555571ff3650) = 477
./strace-static-x86_64: Process 477 attached
[pid 477] set_robust_list(0x555571ff3660, 24) = 0
[pid 477] chdir("./58") = 0
[pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 477] setpgid(0, 0) = 0
[pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 477] write(3, "1000", 4) = 4
[pid 477] close(3) = 0
[pid 477] symlink("/dev/binderfs", "./binderfs") = 0
[pid 477] write(1, "executing program\n", 18) = 18
[pid 477] memfd_create("syzkaller", 0) = 3
[pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 477] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 477] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 477] close(3) = 0
[pid 477] close(4) = 0
[pid 477] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 477] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 477] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 477] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 477] ioctl(4, LOOP_CLR_FD) = 0
[pid 477] close(4) = 0
[pid 477] chdir("./file0") = 0
[pid 477] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 477] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 477] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 477] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 477] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 477] exit_group(0) = ?
[pid 477] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./58/binderfs") = 0
[ 34.247665][ T477] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.259999][ T477] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.272194][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./58") = 0
mkdir("./59", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 480
./strace-static-x86_64: Process 480 attached
[pid 480] set_robust_list(0x555571ff3660, 24) = 0
[pid 480] chdir("./59") = 0
[pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 480] setpgid(0, 0) = 0
[pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 480] write(3, "1000", 4) = 4
[pid 480] close(3) = 0
[pid 480] symlink("/dev/binderfs", "./binderfs") = 0
[pid 480] write(1, "executing program\n", 18) = 18
[pid 480] memfd_create("syzkaller", 0) = 3
[pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 480] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 480] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 480] close(3) = 0
[pid 480] close(4) = 0
[pid 480] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 480] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 480] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 480] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 480] ioctl(4, LOOP_CLR_FD) = 0
[pid 480] close(4) = 0
[pid 480] chdir("./file0") = 0
[pid 480] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 480] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 480] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 480] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 480] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 480] exit_group(0) = ?
[pid 480] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./59/binderfs") = 0
[ 34.438658][ T480] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.450992][ T480] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.463270][ T480] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./59") = 0
mkdir("./60", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 483
./strace-static-x86_64: Process 483 attached
[pid 483] set_robust_list(0x555571ff3660, 24) = 0
[pid 483] chdir("./60") = 0
[pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 483] setpgid(0, 0) = 0
[pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 483] write(3, "1000", 4) = 4
[pid 483] close(3) = 0
[pid 483] symlink("/dev/binderfs", "./binderfs") = 0
[pid 483] write(1, "executing program\n", 18executing program
) = 18
[pid 483] memfd_create("syzkaller", 0) = 3
[pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 483] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 483] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 483] close(3) = 0
[pid 483] close(4) = 0
[pid 483] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 483] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 483] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 483] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 483] ioctl(4, LOOP_CLR_FD) = 0
[pid 483] close(4) = 0
[pid 483] chdir("./file0") = 0
[pid 483] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 483] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 483] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 483] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 483] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 483] exit_group(0) = ?
[pid 483] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./60/binderfs") = 0
[ 34.620885][ T483] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.633227][ T483] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.645480][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./60") = 0
mkdir("./61", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 486
./strace-static-x86_64: Process 486 attached
[pid 486] set_robust_list(0x555571ff3660, 24) = 0
[pid 486] chdir("./61") = 0
[pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 486] setpgid(0, 0) = 0
[pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 486] write(3, "1000", 4) = 4
[pid 486] close(3) = 0
[pid 486] symlink("/dev/binderfs", "./binderfs") = 0
[pid 486] write(1, "executing program\n", 18) = 18
[pid 486] memfd_create("syzkaller", 0) = 3
[pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 486] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 486] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 486] close(3) = 0
[pid 486] close(4) = 0
[pid 486] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 486] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 486] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 486] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 486] ioctl(4, LOOP_CLR_FD) = 0
[pid 486] close(4) = 0
[pid 486] chdir("./file0") = 0
[pid 486] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 486] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 486] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 486] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 486] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 486] exit_group(0) = ?
[pid 486] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./61/binderfs") = 0
[ 34.810844][ T486] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.823212][ T486] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.835477][ T486] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./61") = 0
mkdir("./62", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 490
./strace-static-x86_64: Process 490 attached
[pid 490] set_robust_list(0x555571ff3660, 24) = 0
[pid 490] chdir("./62") = 0
[pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 490] setpgid(0, 0) = 0
[pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 490] write(3, "1000", 4) = 4
[pid 490] close(3) = 0
[pid 490] symlink("/dev/binderfs", "./binderfs") = 0
[pid 490] write(1, "executing program\n", 18) = 18
[pid 490] memfd_create("syzkaller", 0) = 3
[pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 490] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 490] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 490] close(3) = 0
[pid 490] close(4) = 0
[pid 490] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 490] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 490] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 490] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 490] ioctl(4, LOOP_CLR_FD) = 0
[pid 490] close(4) = 0
[pid 490] chdir("./file0") = 0
[pid 490] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 490] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 490] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 490] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 490] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 490] exit_group(0) = ?
[pid 490] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./62/binderfs") = 0
[ 34.947911][ T490] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 34.960298][ T490] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 34.972550][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./62") = 0
mkdir("./63", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 493
./strace-static-x86_64: Process 493 attached
[pid 493] set_robust_list(0x555571ff3660, 24) = 0
[pid 493] chdir("./63") = 0
[pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 493] setpgid(0, 0) = 0
[pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 493] write(3, "1000", 4) = 4
[pid 493] close(3) = 0
[pid 493] symlink("/dev/binderfs", "./binderfs") = 0
[pid 493] write(1, "executing program\n", 18) = 18
[pid 493] memfd_create("syzkaller", 0) = 3
[pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000
[pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 493] munmap(0x7f0e61e4c000, 138412032) = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 493] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 493] close(3) = 0
[pid 493] close(4) = 0
[pid 493] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 493] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0
[pid 493] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 493] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 493] ioctl(4, LOOP_CLR_FD) = 0
[pid 493] close(4) = 0
[pid 493] chdir("./file0") = 0
[pid 493] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 493] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 493] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 493] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 493] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 493] exit_group(0) = ?
[pid 493] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./63/binderfs") = 0
[ 35.102676][ T493] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr
[ 35.115026][ T493] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117)
[ 35.127288][ T493] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue