./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor729095671 <...> Warning: Permanently added '10.128.0.189' (ED25519) to the list of known hosts. execve("./syz-executor729095671", ["./syz-executor729095671"], 0x7ffdc82fe410 /* 10 vars */) = 0 brk(NULL) = 0x555571ff3000 brk(0x555571ff3d00) = 0x555571ff3d00 arch_prctl(ARCH_SET_FS, 0x555571ff3380) = 0 set_tid_address(0x555571ff3650) = 291 set_robust_list(0x555571ff3660, 24) = 0 rseq(0x555571ff3ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor729095671", 4096) = 27 getrandom("\x5b\x5e\x8a\x35\x25\x58\xba\x84", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555571ff3d00 brk(0x555572014d00) = 0x555572014d00 brk(0x555572015000) = 0x555572015000 mprotect(0x7f0e6a2ff000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.QkMVbB", 0700) = 0 chmod("./syzkaller.QkMVbB", 0777) = 0 chdir("./syzkaller.QkMVbB") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 292 ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x555571ff3660, 24) = 0 [pid 292] chdir("./0") = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 [pid 292] close(3) = 0 [pid 292] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 292] write(1, "executing program\n", 18) = 18 [pid 292] memfd_create("syzkaller", 0) = 3 [pid 292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 292] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 292] close(3) = 0 [pid 292] close(4) = 0 [pid 292] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 25.014628][ T24] audit: type=1400 audit(1740495101.100:66): avc: denied { execmem } for pid=291 comm="syz-executor729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.034141][ T24] audit: type=1400 audit(1740495101.120:67): avc: denied { read write } for pid=291 comm="syz-executor729" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.054155][ T292] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 25.059309][ T24] audit: type=1400 audit(1740495101.120:68): avc: denied { open } for pid=291 comm="syz-executor729" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.070612][ T292] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [pid 292] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 292] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 292] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 292] ioctl(4, LOOP_CLR_FD) = 0 [pid 292] close(4) = 0 [pid 292] chdir("./file0") = 0 [pid 292] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 292] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 292] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 292] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [ 25.094569][ T24] audit: type=1400 audit(1740495101.120:69): avc: denied { ioctl } for pid=291 comm="syz-executor729" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.106628][ T292] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.132209][ T24] audit: type=1400 audit(1740495101.120:70): avc: denied { mounton } for pid=292 comm="syz-executor729" path=2F726F6F742F73797A6B616C6C65722E516B4D5662422F302FE91F7189591E9233614B dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.159461][ T292] ================================================================== [ 25.168492][ T24] audit: type=1400 audit(1740495101.230:71): avc: denied { mount } for pid=292 comm="syz-executor729" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.175708][ T292] BUG: KASAN: use-after-free in ext4_insert_dentry+0x392/0x710 [ 25.197804][ T24] audit: type=1400 audit(1740495101.230:72): avc: denied { write } for pid=292 comm="syz-executor729" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.204841][ T292] Write of size 251 at addr ffff88811fb7cf14 by task syz-executor729/292 [ 25.227315][ T24] audit: type=1400 audit(1740495101.230:73): avc: denied { add_name } for pid=292 comm="syz-executor729" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.235126][ T292] [ 25.257176][ T24] audit: type=1400 audit(1740495101.230:74): avc: denied { create } for pid=292 comm="syz-executor729" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.258923][ T292] CPU: 1 PID: 292 Comm: syz-executor729 Not tainted 5.10.234-syzkaller-00023-g3f5f2283d684 #0 [ 25.280518][ T24] audit: type=1400 audit(1740495101.230:75): avc: denied { read append open } for pid=292 comm="syz-executor729" path=2F726F6F742F73797A6B616C6C65722E516B4D5662422F302FE91F7189591E9233614B2F66696C65302F6E65745F7072696F2E7072696F696478 dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 25.290151][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 25.290165][ T292] Call Trace: [ 25.290182][ T292] dump_stack_lvl+0x1e2/0x24b [ 25.290191][ T292] ? bfq_pos_tree_add_move+0x43b/0x43b [ 25.290198][ T292] ? panic+0x812/0x812 [ 25.290217][ T292] ? __ext4_handle_dirty_metadata+0x2de/0x810 [ 25.354997][ T292] print_address_description+0x81/0x3b0 [ 25.360371][ T292] kasan_report+0x179/0x1c0 [ 25.364711][ T292] ? ext4_insert_dentry+0x392/0x710 [ 25.369749][ T292] ? ext4_insert_dentry+0x392/0x710 [ 25.374776][ T292] kasan_check_range+0x293/0x2a0 [ 25.379551][ T292] ? ext4_insert_dentry+0x392/0x710 [ 25.384586][ T292] memcpy+0x44/0x70 [ 25.388231][ T292] ext4_insert_dentry+0x392/0x710 [ 25.393087][ T292] add_dirent_to_buf+0x3ac/0x780 [ 25.397881][ T292] ? ext4_dx_add_entry+0x1600/0x1600 [ 25.402983][ T292] ? ext4_handle_dirty_dx_node+0x41c/0x580 [ 25.408733][ T292] make_indexed_dir+0xe9f/0x1500 [ 25.413501][ T292] ? add_dirent_to_buf+0x780/0x780 [ 25.418444][ T292] ? add_dirent_to_buf+0x36f/0x780 [ 25.423399][ T292] ? ext4_dx_add_entry+0x1600/0x1600 [ 25.428516][ T292] ? __kasan_check_read+0x11/0x20 [ 25.433457][ T292] ? __ext4_read_dirblock+0x4d8/0x8c0 [ 25.438668][ T292] ext4_add_entry+0xdcf/0x1280 [ 25.443263][ T292] ? memcpy+0x56/0x70 [ 25.447083][ T292] ? ext4_inc_count+0x190/0x190 [ 25.451768][ T292] ? dquot_initialize+0x20/0x20 [ 25.456455][ T292] ext4_add_nondir+0x97/0x270 [ 25.460968][ T292] ? memcpy+0x56/0x70 [ 25.464783][ T292] ext4_symlink+0x911/0xe40 [ 25.469129][ T292] ? ext4_unlink+0x3f0/0x3f0 [ 25.473560][ T292] ? selinux_inode_symlink+0x22/0x30 [ 25.478677][ T292] ? security_inode_symlink+0xb8/0x100 [ 25.483965][ T292] vfs_symlink+0x367/0x4f0 [ 25.488222][ T292] do_symlinkat+0x19b/0x400 [ 25.492560][ T292] ? do_notify_parent+0xa10/0xa10 [ 25.497421][ T292] ? do_mkdirat+0x2c0/0x2c0 [ 25.501758][ T292] __x64_sys_symlink+0x60/0x70 [ 25.506361][ T292] do_syscall_64+0x34/0x70 [ 25.510615][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.516340][ T292] RIP: 0033:0x7f0e6a28b269 [ 25.520595][ T292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 25.540038][ T292] RSP: 002b:00007ffe8fba6c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 25.548283][ T292] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f0e6a28b269 [ 25.556091][ T292] RDX: 0000000000000000 RSI: 0000400000000cc0 RDI: 0000400000000dc0 [ 25.563902][ T292] RBP: 0000400000000180 R08: 00007ffe8fba6c50 R09: 00007ffe8fba6c50 [ 25.571717][ T292] R10: 00007ffe8fba6c50 R11: 0000000000000246 R12: 0000000000000001 [ 25.579526][ T292] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffe8fba6c70 [ 25.587336][ T292] [ 25.589516][ T292] The buggy address belongs to the page: [ 25.594993][ T292] page:ffffea00047edf00 refcount:3 mapcount:0 mapping:ffff88810919fe10 index:0x3f pfn:0x11fb7c [ 25.605137][ T292] aops:def_blk_aops ino:0 [ 25.609298][ T292] flags: 0x400000000000202a(referenced|dirty|active|private) [ 25.616510][ T292] raw: 400000000000202a dead000000000100 dead000000000122 ffff88810919fe10 [ 25.624921][ T292] raw: 000000000000003f ffff88811bbdf7e0 00000003ffffffff ffff88810013a000 [ 25.633338][ T292] page dumped because: kasan: bad access detected [ 25.639586][ T292] page->mem_cgroup:ffff88810013a000 [ 25.644628][ T292] page_owner tracks the page as allocated [ 25.650185][ T292] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 292, ts 25159342820, free_ts 19550221674 [ 25.667021][ T292] prep_new_page+0x166/0x180 [ 25.671441][ T292] get_page_from_freelist+0x2d8c/0x2f30 [ 25.676823][ T292] __alloc_pages_nodemask+0x435/0xaf0 [ 25.682033][ T292] pagecache_get_page+0x669/0x950 [ 25.686892][ T292] __getblk_gfp+0x221/0x7e0 [ 25.691232][ T292] ext4_getblk+0x259/0x660 [ 25.695484][ T292] ext4_bread+0x2f/0x1b0 [ 25.699563][ T292] ext4_append+0x29a/0x4d0 [ 25.703815][ T292] make_indexed_dir+0x505/0x1500 [ 25.708590][ T292] ext4_add_entry+0xdcf/0x1280 [ 25.713188][ T292] ext4_add_nondir+0x97/0x270 [ 25.717703][ T292] ext4_symlink+0x911/0xe40 [ 25.722042][ T292] vfs_symlink+0x367/0x4f0 [ 25.726295][ T292] do_symlinkat+0x19b/0x400 [ 25.730637][ T292] __x64_sys_symlink+0x60/0x70 [ 25.735232][ T292] do_syscall_64+0x34/0x70 [ 25.739484][ T292] page last free stack trace: [ 25.744003][ T292] free_unref_page_prepare+0x2ae/0x2d0 [ 25.749293][ T292] free_unref_page_list+0x122/0xb20 [ 25.754330][ T292] release_pages+0xea0/0xef0 [ 25.758757][ T292] free_pages_and_swap_cache+0x8a/0xa0 [ 25.764051][ T292] tlb_finish_mmu+0x177/0x320 [ 25.768564][ T292] unmap_region+0x31c/0x370 [ 25.772903][ T292] __do_munmap+0x699/0x8c0 [ 25.777157][ T292] __se_sys_munmap+0x120/0x1a0 [ 25.781756][ T292] __x64_sys_munmap+0x5b/0x70 [ 25.786269][ T292] do_syscall_64+0x34/0x70 [ 25.790522][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 25.796248][ T292] [ 25.798416][ T292] Memory state around the buggy address: [ 25.803890][ T292] ffff88811fb7cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [pid 292] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 292] exit_group(0) = ? [pid 292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 25.811786][ T292] ffff88811fb7cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.819698][ T292] >ffff88811fb7d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.827579][ T292] ^ [ 25.831488][ T292] ffff88811fb7d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.839386][ T292] ffff88811fb7d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 25.847368][ T292] ================================================================== [ 25.855265][ T292] Disabling lock debugging due to kernel taint umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 297 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555571ff3660, 24) = 0 [pid 297] chdir("./1") = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] write(1, "executing program\n", 18) = 18 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 297] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 297] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 297] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 297] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 297] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 297] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 297] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 297] exit_group(0) = ? [pid 297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 26.009548][ T297] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.021885][ T297] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.034143][ T297] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555571ff3660, 24) = 0 [pid 300] chdir("./2") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 300] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 300] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] chdir("./file0") = 0 [pid 300] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 300] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 300] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 300] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 300] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555571ff3660, 24) = 0 [pid 303] chdir("./3") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 303] write(1, "executing program\n", 18) = 18 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 303] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 26.159645][ T300] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.171952][ T300] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.184150][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 303] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 303] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 303] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 303] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 303] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 26.229828][ T303] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.242162][ T303] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.254448][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555571ff3660, 24) = 0 [pid 306] chdir("./4") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4executing program ) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 306] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] chdir("./file0") = 0 [pid 306] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 306] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 306] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 306] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 306] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 [ 26.377993][ T306] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.390484][ T306] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.402809][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555571ff3660, 24) = 0 [pid 309] chdir("./5") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] memfd_create("syzkaller", 0) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 309] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] close(3) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 309] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 309] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 309] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] close(4) = 0 [pid 309] chdir("./file0") = 0 [pid 309] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 309] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 309] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 309] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 309] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x555571ff3660, 24) = 0 [pid 312] chdir("./6") = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 312] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 312] close(3) = 0 [ 26.547701][ T309] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.560058][ T309] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.572380][ T309] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 312] close(4) = 0 [pid 312] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 312] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 312] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] chdir("./file0") = 0 [pid 312] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 312] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 312] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 312] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 312] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 312] exit_group(0) = ? [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 26.660305][ T312] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.672696][ T312] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.684940][ T312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555571ff3660, 24) = 0 [pid 315] chdir("./7") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18) = 18 [pid 315] memfd_create("syzkaller", 0) = 3 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 315] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 315] close(3) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 315] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 315] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_CLR_FD) = 0 [pid 315] close(4) = 0 [pid 315] chdir("./file0") = 0 [pid 315] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 315] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 315] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 315] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 315] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 315] exit_group(0) = ? [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555571ff3660, 24) = 0 [pid 319] chdir("./8") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 319] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 319] close(3) = 0 [ 26.847455][ T315] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 26.859807][ T315] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 26.872194][ T315] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 319] close(4) = 0 [pid 319] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 319] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 319] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [pid 319] close(4) = 0 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 319] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 319] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 319] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 319] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 319] exit_group(0) = ? [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 27.007471][ T319] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.019829][ T319] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.032034][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555571ff3660, 24) = 0 [pid 322] chdir("./9") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 322] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 322] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 322] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 322] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 322] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 322] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 322] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 27.138909][ T322] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.151340][ T322] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.163751][ T322] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555571ff3660, 24) = 0 [pid 325] chdir("./10") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] memfd_create("syzkaller", 0) = 3 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 325] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 325] close(3) = 0 [pid 325] close(4) = 0 [pid 325] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 325] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 325] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 325] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_CLR_FD) = 0 [pid 325] close(4) = 0 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 325] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 325] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 325] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 325] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 325] exit_group(0) = ? [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 27.340571][ T325] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.352888][ T325] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.365180][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555571ff3660, 24) = 0 [pid 328] chdir("./11") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 328] write(1, "executing program\n", 18) = 18 [pid 328] memfd_create("syzkaller", 0) = 3 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 328] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 328] close(3) = 0 [pid 328] close(4) = 0 [pid 328] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 328] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 328] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 328] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_CLR_FD) = 0 [pid 328] close(4) = 0 [pid 328] chdir("./file0") = 0 [pid 328] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 328] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 328] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 328] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 328] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 328] exit_group(0) = ? [pid 328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 27.549427][ T328] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.561794][ T328] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.574038][ T328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555571ff3660, 24) = 0 [pid 331] chdir("./12") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 331] write(1, "executing program\n", 18) = 18 [pid 331] memfd_create("syzkaller", 0) = 3 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 331] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 331] close(3) = 0 [pid 331] close(4) = 0 [pid 331] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 331] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 331] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 331] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_CLR_FD) = 0 [pid 331] close(4) = 0 [pid 331] chdir("./file0") = 0 [pid 331] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 331] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 331] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 331] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 331] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 331] exit_group(0) = ? [pid 331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555571ff3660, 24) = 0 [pid 334] chdir("./13") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 334] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [ 27.697079][ T331] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.709448][ T331] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.721758][ T331] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 334] close(4) = 0 [pid 334] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 334] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 334] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 334] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 334] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 334] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 334] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 27.810316][ T334] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.822634][ T334] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.834929][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x555571ff3660, 24) = 0 [pid 338] chdir("./14") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 338] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 338] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 338] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] chdir("./file0") = 0 [pid 338] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 338] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 338] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 338] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 338] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 338] exit_group(0) = ? [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 27.906403][ T338] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 27.918817][ T338] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 27.931015][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x555571ff3660, 24) = 0 [pid 341] chdir("./15") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] write(1, "executing program\n", 18executing program ) = 18 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 341] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 341] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 341] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] chdir("./file0") = 0 [pid 341] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 341] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 341] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 341] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 341] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 341] exit_group(0) = ? [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 28.063675][ T341] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.076117][ T341] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.088430][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555571ff3660, 24) = 0 [pid 344] chdir("./16") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18) = 18 executing program [pid 344] memfd_create("syzkaller", 0) = 3 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 344] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 344] close(3) = 0 [pid 344] close(4) = 0 [pid 344] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 344] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 344] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 344] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_CLR_FD) = 0 [pid 344] close(4) = 0 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 344] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 344] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 344] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 344] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 344] exit_group(0) = ? [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 28.309524][ T344] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.321853][ T344] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.334097][ T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555571ff3660, 24) = 0 [pid 347] chdir("./17") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 347] write(1, "executing program\n", 18executing program ) = 18 [pid 347] memfd_create("syzkaller", 0) = 3 [pid 347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 347] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 347] close(3) = 0 [pid 347] close(4) = 0 [pid 347] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 347] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 347] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 347] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 347] ioctl(4, LOOP_CLR_FD) = 0 [pid 347] close(4) = 0 [pid 347] chdir("./file0") = 0 [pid 347] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 347] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 347] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 347] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 347] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 347] exit_group(0) = ? [pid 347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555571ff3660, 24) = 0 [pid 350] chdir("./18") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] write(1, "executing program\n", 18) = 18 executing program [pid 350] memfd_create("syzkaller", 0) = 3 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 350] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 350] close(3) = 0 [pid 350] close(4) = 0 [pid 350] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 28.499525][ T347] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.511869][ T347] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.524160][ T347] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 350] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 350] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 350] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_CLR_FD) = 0 [pid 350] close(4) = 0 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 350] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 350] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 350] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 350] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 350] exit_group(0) = ? [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 353 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x555571ff3660, 24) = 0 [pid 353] chdir("./19") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 353] write(1, "executing program\n", 18) = 18 [pid 353] memfd_create("syzkaller", 0) = 3 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 353] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 353] close(3) = 0 [pid 353] close(4) = 0 [pid 353] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 28.575426][ T350] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.587879][ T350] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.600070][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 353] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 353] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 353] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 353] ioctl(4, LOOP_CLR_FD) = 0 [pid 353] close(4) = 0 [pid 353] chdir("./file0") = 0 [pid 353] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 353] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 353] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 353] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 353] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 353] exit_group(0) = ? [pid 353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 28.645485][ T353] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.657870][ T353] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.670223][ T353] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x555571ff3660, 24) = 0 [pid 356] chdir("./20") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 356] write(1, "executing program\n", 18) = 18 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 356] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 356] close(3) = 0 [pid 356] close(4) = 0 [pid 356] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 356] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 356] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_CLR_FD) = 0 [pid 356] close(4) = 0 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 356] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 356] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 356] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 356] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 356] exit_group(0) = ? [pid 356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 28.869655][ T356] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 28.882003][ T356] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 28.894192][ T356] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555571ff3660, 24) = 0 [pid 360] chdir("./21") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 360] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 360] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 360] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 360] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 360] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 29.016653][ T360] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.029086][ T360] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.041364][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x555571ff3660, 24) = 0 [pid 363] chdir("./22") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] memfd_create("syzkaller", 0) = 3 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 363] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 363] close(3) = 0 [pid 363] close(4) = 0 [pid 363] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 363] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 363] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 363] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_CLR_FD) = 0 [pid 363] close(4) = 0 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 363] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 363] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 363] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 363] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 363] exit_group(0) = ? [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 366 ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x555571ff3660, 24) = 0 [pid 366] chdir("./23") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 366] write(1, "executing program\n", 18) = 18 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 366] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [ 29.220456][ T363] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.232803][ T363] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.245098][ T363] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 366] close(4) = 0 [pid 366] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 366] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 366] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] chdir("./file0") = 0 [pid 366] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 366] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 366] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 366] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 366] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 29.367575][ T366] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.379901][ T366] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.392183][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555571ff3660, 24) = 0 [pid 369] chdir("./24") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] memfd_create("syzkaller", 0) = 3 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 369] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 369] close(3) = 0 [pid 369] close(4) = 0 [pid 369] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 369] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 369] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 369] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 369] ioctl(4, LOOP_CLR_FD) = 0 [pid 369] close(4) = 0 [pid 369] chdir("./file0") = 0 [pid 369] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 369] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 369] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 369] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 369] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 369] exit_group(0) = ? [pid 369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 29.587483][ T369] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.599791][ T369] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.611988][ T369] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555571ff3660, 24) = 0 [pid 372] chdir("./25") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 372] write(1, "executing program\n", 18) = 18 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 372] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 372] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 372] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 372] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 372] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 372] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 372] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 372] exit_group(0) = ? [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555571ff3660, 24) = 0 [pid 375] chdir("./26") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] write(1, "executing program\n", 18executing program ) = 18 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 375] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] close(4) = 0 [ 29.718166][ T372] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.730510][ T372] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.742807][ T372] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 375] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 375] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 375] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] chdir("./file0") = 0 [pid 375] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 375] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 375] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 375] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 375] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 29.801645][ T375] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.813954][ T375] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.826491][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555571ff3660, 24) = 0 [pid 379] chdir("./27") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18) = 18 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 379] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 379] close(3) = 0 [pid 379] close(4) = 0 [pid 379] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 379] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 379] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 379] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] chdir("./file0") = 0 [pid 379] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 379] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 379] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 379] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 379] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 379] exit_group(0) = ? [pid 379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 29.950765][ T379] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 29.963143][ T379] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 29.975459][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x555571ff3660, 24) = 0 [pid 382] chdir("./28") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] write(1, "executing program\n", 18executing program ) = 18 [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 382] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 382] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 382] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 382] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_CLR_FD) = 0 [pid 382] close(4) = 0 [pid 382] chdir("./file0") = 0 [pid 382] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 382] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 382] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 382] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 382] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 382] exit_group(0) = ? [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 30.148425][ T382] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.160738][ T382] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.173038][ T382] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555571ff3660, 24) = 0 [pid 385] chdir("./29") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18) = 18 [pid 385] memfd_create("syzkaller", 0) = 3 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 385] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 385] close(3) = 0 [pid 385] close(4) = 0 [pid 385] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 385] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 385] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 385] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_CLR_FD) = 0 [pid 385] close(4) = 0 [pid 385] chdir("./file0") = 0 [pid 385] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 385] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 385] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 385] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 385] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 385] exit_group(0) = ? [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x555571ff3660, 24) = 0 [pid 388] chdir("./30") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 388] write(1, "executing program\n", 18) = 18 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 388] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [ 30.329926][ T385] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.342342][ T385] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.354645][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 388] close(4) = 0 [pid 388] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 388] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 388] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 388] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 388] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 388] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 388] exit_group(0) = ? [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 30.440035][ T388] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.452421][ T388] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.464669][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555571ff3660, 24) = 0 [pid 391] chdir("./31") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18) = 18 [pid 391] memfd_create("syzkaller", 0) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 391] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 391] close(3) = 0 [pid 391] close(4) = 0 [pid 391] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 391] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 391] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 391] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_CLR_FD) = 0 [pid 391] close(4) = 0 [pid 391] chdir("./file0") = 0 [pid 391] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 391] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 391] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 391] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 391] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 391] exit_group(0) = ? [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 30.578748][ T391] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.591109][ T391] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.603423][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 394 ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x555571ff3660, 24) = 0 [pid 394] chdir("./32") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] write(1, "executing program\n", 18) = 18 [pid 394] memfd_create("syzkaller", 0) = 3 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 394] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 394] close(3) = 0 [pid 394] close(4) = 0 [pid 394] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 394] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 394] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 394] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 394] ioctl(4, LOOP_CLR_FD) = 0 [pid 394] close(4) = 0 [pid 394] chdir("./file0") = 0 [pid 394] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 394] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 394] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 394] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 394] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 394] exit_group(0) = ? [pid 394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 30.697539][ T394] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.709945][ T394] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.722161][ T394] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 397 ./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x555571ff3660, 24) = 0 [pid 397] chdir("./33") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18) = 18 executing program [pid 397] memfd_create("syzkaller", 0) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 397] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 397] close(3) = 0 [pid 397] close(4) = 0 [pid 397] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 397] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 397] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] chdir("./file0") = 0 [pid 397] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 397] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 397] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 397] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 397] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 397] exit_group(0) = ? [pid 397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=1, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 30.857914][ T397] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 30.870327][ T397] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 30.882565][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x555571ff3660, 24) = 0 [pid 401] chdir("./34") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3 [pid 291] <... clone resumed>, child_tidptr=0x555571ff3650) = 401 [pid 401] <... close resumed>) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 401] write(1, "executing program\n", 18) = 18 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 401] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 401] close(3) = 0 [pid 401] close(4) = 0 [pid 401] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 401] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 401] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] chdir("./file0") = 0 [pid 401] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 401] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 401] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 401] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 401] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 401] exit_group(0) = ? [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x555571ff3660, 24) = 0 [pid 404] chdir("./35") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [ 31.022551][ T401] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.034957][ T401] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.047208][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 404] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 404] close(3) = 0 [pid 404] close(4) = 0 [pid 404] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 404] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 404] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 404] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 404] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 404] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 404] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 404] exit_group(0) = ? [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 31.160066][ T404] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.172428][ T404] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.184666][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x555571ff3660, 24) = 0 [pid 407] chdir("./36") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] write(1, "executing program\n", 18) = 18 [pid 407] memfd_create("syzkaller", 0) = 3 [pid 407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 407] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 407] close(3) = 0 [pid 407] close(4) = 0 [pid 407] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 407] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 407] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 407] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 407] ioctl(4, LOOP_CLR_FD) = 0 [pid 407] close(4) = 0 [pid 407] chdir("./file0") = 0 [pid 407] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 407] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 407] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 407] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 407] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 407] exit_group(0) = ? [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 31.367456][ T407] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.379847][ T407] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.392064][ T407] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x555571ff3660, 24) = 0 [pid 410] chdir("./37") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] write(1, "executing program\n", 18) = 18 [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 410] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 410] close(3) = 0 [pid 410] close(4) = 0 [pid 410] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 410] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 410] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 410] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_CLR_FD) = 0 [pid 410] close(4) = 0 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 410] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 410] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 410] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 410] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 410] exit_group(0) = ? [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 31.529710][ T410] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.542082][ T410] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.554363][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x555571ff3660, 24) = 0 [pid 413] chdir("./38") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] write(1, "executing program\n", 18) = 18 executing program [pid 413] memfd_create("syzkaller", 0) = 3 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 413] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 413] close(3) = 0 [pid 413] close(4) = 0 [pid 413] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 413] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 413] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 413] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 413] ioctl(4, LOOP_CLR_FD) = 0 [pid 413] close(4) = 0 [pid 413] chdir("./file0") = 0 [pid 413] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 413] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 413] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 413] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 413] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 413] exit_group(0) = ? [pid 413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 31.700856][ T413] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.713166][ T413] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.725432][ T413] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x555571ff3660, 24) = 0 [pid 416] chdir("./39") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] write(1, "executing program\n", 18) = 18 [pid 416] memfd_create("syzkaller", 0) = 3 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 416] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 416] close(3) = 0 [pid 416] close(4) = 0 [pid 416] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 416] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 416] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 416] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 416] ioctl(4, LOOP_CLR_FD) = 0 [pid 416] close(4) = 0 [pid 416] chdir("./file0") = 0 [pid 416] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 416] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 416] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 416] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 416] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 416] exit_group(0) = ? [pid 416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 31.798309][ T416] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.810632][ T416] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.822846][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555571ff3660, 24) = 0 [pid 420] chdir("./40") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] write(1, "executing program\n", 18) = 18 [pid 420] memfd_create("syzkaller", 0) = 3 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 420] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 420] close(3) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 420] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 420] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 420] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_CLR_FD) = 0 [pid 420] close(4) = 0 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 420] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 420] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 420] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 420] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 420] exit_group(0) = ? [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 31.890201][ T420] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 31.902668][ T420] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 31.914912][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x555571ff3660, 24) = 0 [pid 423] chdir("./41") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] write(1, "executing program\n", 18) = 18 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 423] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 423] close(3) = 0 [pid 423] close(4) = 0 [pid 423] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 423] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 423] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 423] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 423] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 423] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 423] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 423] exit_group(0) = ? [pid 423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 32.041264][ T423] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.053623][ T423] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.065929][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 426 ./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x555571ff3660, 24) = 0 [pid 426] chdir("./42") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] write(1, "executing program\n", 18) = 18 [pid 426] memfd_create("syzkaller", 0) = 3 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 426] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 426] close(3) = 0 [pid 426] close(4) = 0 [pid 426] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 426] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 426] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 426] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_CLR_FD) = 0 [pid 426] close(4) = 0 [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 426] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 426] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 426] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 426] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 426] exit_group(0) = ? [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 32.209829][ T426] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.222201][ T426] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.234511][ T426] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x555571ff3660, 24) = 0 [pid 429] chdir("./43") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 429] write(1, "executing program\n", 18) = 18 [pid 429] memfd_create("syzkaller", 0) = 3 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 429] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 429] close(3) = 0 [pid 429] close(4) = 0 [pid 429] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 429] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 429] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 429] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_CLR_FD) = 0 [pid 429] close(4) = 0 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 429] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 429] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 429] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 429] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 429] exit_group(0) = ? [pid 429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=429, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 32.350144][ T429] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.362545][ T429] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.374745][ T429] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x555571ff3660, 24) = 0 [pid 432] chdir("./44") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 432] write(1, "executing program\n", 18) = 18 [pid 432] memfd_create("syzkaller", 0) = 3 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 432] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 432] close(3) = 0 [pid 432] close(4) = 0 [pid 432] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 432] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 432] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 432] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 432] ioctl(4, LOOP_CLR_FD) = 0 [pid 432] close(4) = 0 [pid 432] chdir("./file0") = 0 [pid 432] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 432] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 432] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 432] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 432] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 432] exit_group(0) = ? [pid 432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 32.495763][ T432] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.508131][ T432] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.520477][ T432] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555571ff3660, 24) = 0 [pid 435] chdir("./45") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 435] write(1, "executing program\n", 18) = 18 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 435] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 435] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 435] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 435] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 435] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 435] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 435] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 435] exit_group(0) = ? [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 32.655688][ T435] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.668174][ T435] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.680379][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 438 ./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x555571ff3660, 24) = 0 [pid 438] chdir("./46") = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 438] setpgid(0, 0) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 438] write(1, "executing program\n", 18) = 18 [pid 438] memfd_create("syzkaller", 0) = 3 [pid 438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 438] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 438] close(3) = 0 [pid 438] close(4) = 0 [pid 438] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 438] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 438] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 438] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 438] ioctl(4, LOOP_CLR_FD) = 0 [pid 438] close(4) = 0 [pid 438] chdir("./file0") = 0 [pid 438] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 438] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 438] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 438] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 438] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 438] exit_group(0) = ? [pid 438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 441 executing program ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555571ff3660, 24) = 0 [pid 441] chdir("./47") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] write(1, "executing program\n", 18) = 18 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 441] munmap(0x7f0e61e4c000, 138412032) = 0 [ 32.782061][ T438] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.794453][ T438] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.806777][ T438] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 441] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 441] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] chdir("./file0") = 0 [pid 441] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 441] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 441] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 441] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 441] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 441] exit_group(0) = ? [pid 441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555571ff3660, 24) = 0 [pid 445] chdir("./48") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18executing program ) = 18 [pid 445] memfd_create("syzkaller", 0) = 3 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [ 32.865150][ T441] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.877515][ T441] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.889911][ T441] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 445] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 445] close(3) = 0 [pid 445] close(4) = 0 [pid 445] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 445] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 445] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 445] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 445] ioctl(4, LOOP_CLR_FD) = 0 [pid 445] close(4) = 0 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 445] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 445] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 445] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 445] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 445] exit_group(0) = ? [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 448 ./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x555571ff3660, 24) = 0 [pid 448] chdir("./49") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] write(1, "executing program\n", 18) = 18 [pid 448] memfd_create("syzkaller", 0) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 448] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 448] close(3) = 0 [pid 448] close(4) = 0 [pid 448] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 32.952023][ T445] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 32.964352][ T445] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 32.976767][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 448] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 448] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_CLR_FD) = 0 [pid 448] close(4) = 0 [pid 448] chdir("./file0") = 0 [pid 448] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 448] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 448] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 448] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 448] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 448] exit_group(0) = ? [pid 448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 33.028683][ T448] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.040985][ T448] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.053286][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555571ff3660, 24) = 0 [pid 452] chdir("./50") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 452] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [pid 452] close(4) = 0 [pid 452] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 452] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 452] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 452] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_CLR_FD) = 0 [pid 452] close(4) = 0 [pid 452] chdir("./file0") = 0 [pid 452] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 452] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 452] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 452] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 452] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 452] exit_group(0) = ? [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 33.159049][ T452] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.171412][ T452] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.183633][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555571ff3660, 24) = 0 [pid 455] chdir("./51") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] memfd_create("syzkaller", 0) = 3 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 455] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 455] close(3) = 0 [pid 455] close(4) = 0 [pid 455] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 455] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 455] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 455] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_CLR_FD) = 0 [pid 455] close(4) = 0 [pid 455] chdir("./file0") = 0 [pid 455] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 455] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 455] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 455] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 455] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 455] exit_group(0) = ? [pid 455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x555571ff3660, 24) = 0 [pid 458] chdir("./52") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18) = 18 [pid 458] memfd_create("syzkaller", 0) = 3 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 458] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 458] close(3) = 0 [pid 458] close(4) = 0 [pid 458] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [ 33.330026][ T455] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.342448][ T455] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.354659][ T455] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 458] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 458] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 458] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_CLR_FD) = 0 [pid 458] close(4) = 0 [pid 458] chdir("./file0") = 0 [pid 458] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 458] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 458] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 458] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 458] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 458] exit_group(0) = ? [pid 458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=458, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 33.410835][ T458] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.423158][ T458] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.435591][ T458] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x555571ff3660, 24) = 0 [pid 461] chdir("./53") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 461] write(1, "executing program\n", 18) = 18 [pid 461] memfd_create("syzkaller", 0) = 3 [pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 461] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 461] close(3) = 0 [pid 461] close(4) = 0 [pid 461] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 461] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 461] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 461] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 461] ioctl(4, LOOP_CLR_FD) = 0 [pid 461] close(4) = 0 [pid 461] chdir("./file0") = 0 [pid 461] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 461] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 461] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 461] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 461] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 461] exit_group(0) = ? [pid 461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 33.496755][ T461] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.509085][ T461] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.521510][ T461] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x555571ff3660, 24) = 0 [pid 464] chdir("./54") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18) = 18 [pid 464] memfd_create("syzkaller", 0) = 3 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 464] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 464] close(3) = 0 [pid 464] close(4) = 0 [pid 464] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 464] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 464] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 464] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 464] ioctl(4, LOOP_CLR_FD) = 0 [pid 464] close(4) = 0 [pid 464] chdir("./file0") = 0 [pid 464] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 464] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 464] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 464] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 464] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 464] exit_group(0) = ? [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 467 ./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x555571ff3660, 24) = 0 [pid 467] chdir("./55") = 0 [pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 467] setpgid(0, 0) = 0 [pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 467] write(3, "1000", 4) = 4 [pid 467] close(3) = 0 [pid 467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 467] write(1, "executing program\n", 18executing program ) = 18 [pid 467] memfd_create("syzkaller", 0) = 3 [pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 467] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 467] close(3) = 0 [ 33.658324][ T464] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.670746][ T464] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.683116][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 467] close(4) = 0 [pid 467] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 467] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 467] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 467] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 467] ioctl(4, LOOP_CLR_FD) = 0 [pid 467] close(4) = 0 [pid 467] chdir("./file0") = 0 [pid 467] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 467] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 467] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 467] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 467] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 467] exit_group(0) = ? [pid 467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 33.779778][ T467] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.792111][ T467] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.804406][ T467] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x555571ff3660, 24) = 0 [pid 471] chdir("./56") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 471] write(1, "executing program\n", 18) = 18 [pid 471] memfd_create("syzkaller", 0) = 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 471] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 471] close(3) = 0 [pid 471] close(4) = 0 [pid 471] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 471] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 471] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 471] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_CLR_FD) = 0 [pid 471] close(4) = 0 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 471] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 471] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 471] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 471] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 471] exit_group(0) = ? [pid 471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 [ 33.949473][ T471] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 33.961795][ T471] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 33.974149][ T471] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x555571ff3660, 24) = 0 [pid 474] chdir("./57") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] write(1, "executing program\n", 18executing program ) = 18 [pid 474] memfd_create("syzkaller", 0) = 3 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 474] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 474] close(3) = 0 [pid 474] close(4) = 0 [pid 474] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 474] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 474] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 474] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_CLR_FD) = 0 [pid 474] close(4) = 0 [pid 474] chdir("./file0") = 0 [pid 474] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 474] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 474] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 474] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 474] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 474] exit_group(0) = ? [pid 474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 34.088887][ T474] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.101234][ T474] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.113548][ T474] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555571ff3650) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x555571ff3660, 24) = 0 [pid 477] chdir("./58") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] write(1, "executing program\n", 18) = 18 [pid 477] memfd_create("syzkaller", 0) = 3 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 477] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 477] close(3) = 0 [pid 477] close(4) = 0 [pid 477] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 477] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 477] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 477] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 477] ioctl(4, LOOP_CLR_FD) = 0 [pid 477] close(4) = 0 [pid 477] chdir("./file0") = 0 [pid 477] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 477] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 477] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 477] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 477] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 477] exit_group(0) = ? [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 34.247665][ T477] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.259999][ T477] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.272194][ T477] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555571ff3660, 24) = 0 [pid 480] chdir("./59") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] write(1, "executing program\n", 18) = 18 [pid 480] memfd_create("syzkaller", 0) = 3 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 480] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 480] close(3) = 0 [pid 480] close(4) = 0 [pid 480] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 480] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 480] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 480] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_CLR_FD) = 0 [pid 480] close(4) = 0 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 480] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 480] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 480] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 480] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 480] exit_group(0) = ? [pid 480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 34.438658][ T480] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.450992][ T480] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.463270][ T480] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x35\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x555571ff3660, 24) = 0 [pid 483] chdir("./60") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] write(1, "executing program\n", 18executing program ) = 18 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 483] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 483] close(3) = 0 [pid 483] close(4) = 0 [pid 483] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 483] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 483] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 483] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_CLR_FD) = 0 [pid 483] close(4) = 0 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 483] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 483] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 483] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 483] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 483] exit_group(0) = ? [pid 483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 34.620885][ T483] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.633227][ T483] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.645480][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 486 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x555571ff3660, 24) = 0 [pid 486] chdir("./61") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 486] write(3, "1000", 4) = 4 [pid 486] close(3) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 486] write(1, "executing program\n", 18) = 18 [pid 486] memfd_create("syzkaller", 0) = 3 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 486] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 486] close(3) = 0 [pid 486] close(4) = 0 [pid 486] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 486] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 486] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 486] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 486] ioctl(4, LOOP_CLR_FD) = 0 [pid 486] close(4) = 0 [pid 486] chdir("./file0") = 0 [pid 486] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 486] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 486] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 486] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 486] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 486] exit_group(0) = ? [pid 486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 34.810844][ T486] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.823212][ T486] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.835477][ T486] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555571ff3660, 24) = 0 [pid 490] chdir("./62") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 490] write(1, "executing program\n", 18) = 18 [pid 490] memfd_create("syzkaller", 0) = 3 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 490] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 490] close(3) = 0 [pid 490] close(4) = 0 [pid 490] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 490] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 490] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 490] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_CLR_FD) = 0 [pid 490] close(4) = 0 [pid 490] chdir("./file0") = 0 [pid 490] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 490] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 490] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 490] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 490] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 490] exit_group(0) = ? [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 34.947911][ T490] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 34.960298][ T490] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 34.972550][ T490] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555571ffc730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555571ffc730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("\x2e\x2f\x36\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 getdents64(3, 0x555571ff46f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555571ff3650) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x555571ff3660, 24) = 0 [pid 493] chdir("./63") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] write(1, "executing program\n", 18) = 18 [pid 493] memfd_create("syzkaller", 0) = 3 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e61e4c000 [pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 493] munmap(0x7f0e61e4c000, 138412032) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 493] close(3) = 0 [pid 493] close(4) = 0 [pid 493] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0 [pid 493] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, ",errors=continue") = 0 [pid 493] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3 [pid 493] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_CLR_FD) = 0 [pid 493] close(4) = 0 [pid 493] chdir("./file0") = 0 [pid 493] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 493] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0 [pid 493] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5 [pid 493] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0 [pid 493] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0 [pid 493] exit_group(0) = ? [pid 493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555571ff46f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 35.102676][ T493] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2210: inode #15: comm syz-executor729: corrupted in-inode xattr [ 35.115026][ T493] EXT4-fs error (device loop0): ext4_orphan_get:1400: comm syz-executor729: couldn't read orphan inode 15 (err -117) [ 35.127288][ T493] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue