./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1302754014
<...>
Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts.
execve("./syz-executor1302754014", ["./syz-executor1302754014"], 0x7ffc46664c10 /* 10 vars */) = 0
brk(NULL) = 0x55558a5f5000
brk(0x55558a5f5d00) = 0x55558a5f5d00
arch_prctl(ARCH_SET_FS, 0x55558a5f5380) = 0
set_tid_address(0x55558a5f5650) = 297
set_robust_list(0x55558a5f5660, 24) = 0
rseq(0x55558a5f5ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented)
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1302754014", 4096) = 28
getrandom("\x5e\xce\x05\xc5\x79\x51\x31\xad", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55558a5f5d00
brk(0x55558a616d00) = 0x55558a616d00
brk(0x55558a617000) = 0x55558a617000
mprotect(0x7fbac530d000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
mkdir("./syzkaller.rnYRre", 0700) = 0
chmod("./syzkaller.rnYRre", 0777) = 0
chdir("./syzkaller.rnYRre") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 299
./strace-static-x86_64: Process 299 attached
[pid 299] set_robust_list(0x55558a5f5660, 24) = 0
[pid 299] chdir("./0") = 0
[pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 299] setpgid(0, 0) = 0
[pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 299] write(3, "1000", 4) = 4
[pid 299] close(3) = 0
[pid 299] symlink("/dev/binderfs", "./binderfs") = 0
[pid 299] write(1, "executing program\n", 18executing program
) = 18
[pid 299] memfd_create("syzkaller", 0) = 3
[pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 299] munmap(0x7fbabce5a000, 138412032) = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 299] close(3) = 0
[ 30.724698][ T24] audit: type=1400 audit(1742159757.450:66): avc: denied { execmem } for pid=297 comm="syz-executor130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 30.733549][ T24] audit: type=1400 audit(1742159757.460:67): avc: denied { read write } for pid=297 comm="syz-executor130" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 30.740851][ T24] audit: type=1400 audit(1742159757.460:68): avc: denied { open } for pid=297 comm="syz-executor130" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 299] close(4) = 0
[pid 299] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 30.752315][ T24] audit: type=1400 audit(1742159757.470:69): avc: denied { ioctl } for pid=297 comm="syz-executor130" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 30.797404][ T24] audit: type=1400 audit(1742159757.530:70): avc: denied { mounton } for pid=299 comm="syz-executor130" path=2F726F6F742F73797A6B616C6C65722E726E595272652F302FE91F7189591E9233614B dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 30.826819][ T299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[pid 299] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 299] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 299] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 299] ioctl(4, LOOP_CLR_FD) = 0
[pid 299] close(4) = 0
[pid 299] chdir("./file0") = 0
[pid 299] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 299] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 299] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 299] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 299] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 299] exit_group(0) = ?
[pid 299] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 30.840703][ T299] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 30.853367][ T299] EXT4-fs (loop0): 1 orphan inode deleted
[ 30.858926][ T299] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
[ 30.877664][ T24] audit: type=1400 audit(1742159757.610:71): avc: denied { mount } for pid=299 comm="syz-executor130" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 30.899598][ T24] audit: type=1400 audit(1742159757.610:72): avc: denied { write } for pid=299 comm="syz-executor130" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 30.921733][ T24] audit: type=1400 audit(1742159757.610:73): avc: denied { add_name } for pid=299 comm="syz-executor130" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 30.943410][ T24] audit: type=1400 audit(1742159757.610:74): avc: denied { create } for pid=299 comm="syz-executor130" name="net_prio.prioidx" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 30.964553][ T24] audit: type=1400 audit(1742159757.610:75): avc: denied { read append open } for pid=299 comm="syz-executor130" path=2F726F6F742F73797A6B616C6C65722E726E595272652F302FE91F7189591E9233614B2F66696C65302F6E65745F7072696F2E7072696F696478 dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
ioctl(3, LOOP_CLR_FDexecuting program
) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 303
./strace-static-x86_64: Process 303 attached
[pid 303] set_robust_list(0x55558a5f5660, 24) = 0
[pid 303] chdir("./1") = 0
[pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 303] setpgid(0, 0) = 0
[pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 303] write(3, "1000", 4) = 4
[pid 303] close(3) = 0
[pid 303] symlink("/dev/binderfs", "./binderfs") = 0
[pid 303] write(1, "executing program\n", 18) = 18
[pid 303] memfd_create("syzkaller", 0) = 3
[pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 303] munmap(0x7fbabce5a000, 138412032) = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 303] close(3) = 0
[pid 303] close(4) = 0
[pid 303] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 31.070583][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 31.084656][ T303] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 31.097366][ T303] EXT4-fs (loop0): 1 orphan inode deleted
[pid 303] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 303] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 303] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 303] ioctl(4, LOOP_CLR_FD) = 0
[pid 303] close(4) = 0
[pid 303] chdir("./file0") = 0
[pid 303] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 303] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 303] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 303] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[ 31.102978][ T303] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
[ 31.125418][ T303] ==================================================================
[ 31.133337][ T303] BUG: KASAN: use-after-free in ext4_insert_dentry+0x392/0x710
[ 31.140803][ T303] Write of size 250 at addr ffff888120fabf18 by task syz-executor130/303
[ 31.149193][ T303]
[ 31.151371][ T303] CPU: 1 PID: 303 Comm: syz-executor130 Not tainted 5.10.234-syzkaller-00031-gfc9aa81462ee #0
[ 31.161430][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 31.171328][ T303] Call Trace:
[ 31.174457][ T303] dump_stack_lvl+0x1e2/0x24b
[ 31.178965][ T303] ? bfq_pos_tree_add_move+0x43b/0x43b
[ 31.184259][ T303] ? panic+0x812/0x812
[ 31.188168][ T303] ? __ext4_handle_dirty_metadata+0x2de/0x810
[ 31.194070][ T303] print_address_description+0x81/0x3b0
[ 31.199541][ T303] kasan_report+0x179/0x1c0
[ 31.203878][ T303] ? ext4_insert_dentry+0x392/0x710
[ 31.209088][ T303] ? ext4_insert_dentry+0x392/0x710
[ 31.214120][ T303] kasan_check_range+0x293/0x2a0
[ 31.218894][ T303] ? ext4_insert_dentry+0x392/0x710
[ 31.224068][ T303] memcpy+0x44/0x70
[ 31.227853][ T303] ext4_insert_dentry+0x392/0x710
[ 31.232712][ T303] add_dirent_to_buf+0x3ac/0x780
[ 31.237510][ T303] ? ext4_dx_add_entry+0x1600/0x1600
[ 31.242601][ T303] ? ext4_handle_dirty_dx_node+0x41c/0x580
[ 31.248243][ T303] make_indexed_dir+0xe9f/0x1500
[ 31.253019][ T303] ? add_dirent_to_buf+0x780/0x780
[ 31.258051][ T303] ? add_dirent_to_buf+0x36f/0x780
[ 31.263003][ T303] ? ext4_dx_add_entry+0x1600/0x1600
[ 31.268119][ T303] ? __kasan_check_read+0x11/0x20
[ 31.272979][ T303] ? __ext4_read_dirblock+0x4d8/0x8c0
[ 31.278188][ T303] ext4_add_entry+0xdcf/0x1280
[ 31.282789][ T303] ? ext4_inc_count+0x190/0x190
[ 31.287477][ T303] ? ext4_init_new_dir+0x7c8/0xa20
[ 31.292424][ T303] ? ext4_init_dot_dotdot+0x500/0x500
[ 31.297641][ T303] ext4_mkdir+0x4d2/0xba0
[ 31.301797][ T303] ? ext4_symlink+0xe40/0xe40
[ 31.306326][ T303] ? selinux_inode_mkdir+0x22/0x30
[ 31.311258][ T303] ? security_inode_mkdir+0xbc/0x100
[ 31.316470][ T303] vfs_mkdir+0x4cf/0x6c0
[ 31.320552][ T303] do_mkdirat+0x1a6/0x2c0
[ 31.324712][ T303] ? do_mknodat+0x450/0x450
[ 31.329056][ T303] ? fpu__clear_all+0x20/0x20
[ 31.333570][ T303] __x64_sys_mkdirat+0x7b/0x90
[ 31.338183][ T303] do_syscall_64+0x34/0x70
[ 31.342427][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.348154][ T303] RIP: 0033:0x7fbac52993a9
[ 31.352401][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 31.371856][ T303] RSP: 002b:00007ffe1caf64c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[ 31.380263][ T303] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fbac52993a9
[ 31.388075][ T303] RDX: 0000000000000000 RSI: 00004000000005c0 RDI: 00000000ffffff9c
[ 31.395894][ T303] RBP: 0000400000000180 R08: 00007ffe1caf6500 R09: 00007ffe1caf6500
[ 31.403701][ T303] R10: 00007ffe1caf6500 R11: 0000000000000246 R12: 00007ffe1caf64ec
[ 31.411656][ T303] R13: 0000000000000001 R14: 431bde82d7b634db R15: 00007ffe1caf6520
[ 31.419451][ T303]
[ 31.421619][ T303] The buggy address belongs to the page:
[ 31.427096][ T303] page:ffffea000483eac0 refcount:3 mapcount:0 mapping:ffff8881091a2d10 index:0x3f pfn:0x120fab
[ 31.437344][ T303] aops:def_blk_aops ino:0
[ 31.441495][ T303] flags: 0x400000000000202a(referenced|dirty|active|private)
[ 31.448708][ T303] raw: 400000000000202a dead000000000100 dead000000000122 ffff8881091a2d10
[ 31.457349][ T303] raw: 000000000000003f ffff88811bfb93f0 00000003ffffffff ffff888100138000
[ 31.465845][ T303] page dumped because: kasan: bad access detected
[ 31.472086][ T303] page->mem_cgroup:ffff888100138000
[ 31.477115][ T303] page_owner tracks the page as allocated
[ 31.482691][ T303] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 303, ts 31125282958, free_ts 31027097412
[ 31.499525][ T303] prep_new_page+0x166/0x180
[ 31.504037][ T303] get_page_from_freelist+0x2d8c/0x2f30
[ 31.509412][ T303] __alloc_pages_nodemask+0x435/0xaf0
[ 31.514636][ T303] pagecache_get_page+0x669/0x950
[ 31.519484][ T303] __getblk_gfp+0x221/0x7e0
[ 31.523822][ T303] ext4_getblk+0x259/0x660
[ 31.528083][ T303] ext4_bread+0x2f/0x1b0
[ 31.532159][ T303] ext4_append+0x29a/0x4d0
[ 31.536420][ T303] make_indexed_dir+0x505/0x1500
[ 31.541194][ T303] ext4_add_entry+0xdcf/0x1280
[ 31.545787][ T303] ext4_mkdir+0x4d2/0xba0
[ 31.550033][ T303] vfs_mkdir+0x4cf/0x6c0
[ 31.554115][ T303] do_mkdirat+0x1a6/0x2c0
[ 31.558276][ T303] __x64_sys_mkdirat+0x7b/0x90
[ 31.562876][ T303] do_syscall_64+0x34/0x70
[ 31.567143][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.572858][ T303] page last free stack trace:
[ 31.577389][ T303] free_unref_page_prepare+0x2ae/0x2d0
[ 31.582679][ T303] free_unref_page_list+0x122/0xb20
[ 31.587714][ T303] release_pages+0xea0/0xef0
[ 31.592133][ T303] free_pages_and_swap_cache+0x8a/0xa0
[ 31.597430][ T303] tlb_finish_mmu+0x177/0x320
[ 31.601943][ T303] unmap_region+0x31c/0x370
[ 31.606275][ T303] __do_munmap+0x699/0x8c0
[ 31.610615][ T303] __se_sys_munmap+0x120/0x1a0
[ 31.615229][ T303] __x64_sys_munmap+0x5b/0x70
[ 31.619740][ T303] do_syscall_64+0x34/0x70
[ 31.623986][ T303] entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 31.629710][ T303]
[ 31.631876][ T303] Memory state around the buggy address:
[ 31.637386][ T303] ffff888120fabf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 31.645257][ T303] ffff888120fabf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 31.653152][ T303] >ffff888120fac000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 31.661043][ T303] ^
[ 31.664963][ T303] ffff888120fac080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[pid 303] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 303] exit_group(0) = ?
[pid 303] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 31.673350][ T303] ffff888120fac100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 31.681188][ T303] ==================================================================
[ 31.689079][ T303] Disabling lock debugging due to kernel taint
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 307
./strace-static-x86_64: Process 307 attached
[pid 307] set_robust_list(0x55558a5f5660, 24) = 0
[pid 307] chdir("./2") = 0
[pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 307] setpgid(0, 0) = 0
[pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 307] write(3, "1000", 4) = 4
[pid 307] close(3) = 0
[pid 307] symlink("/dev/binderfs", "./binderfs") = 0
[pid 307] write(1, "executing program\n", 18executing program
) = 18
[pid 307] memfd_create("syzkaller", 0) = 3
[pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 307] munmap(0x7fbabce5a000, 138412032) = 0
[pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 307] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 307] close(3) = 0
[pid 307] close(4) = 0
[pid 307] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 31.808613][ T307] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 31.822654][ T307] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 31.835454][ T307] EXT4-fs (loop0): 1 orphan inode deleted
[pid 307] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 307] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 307] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 307] ioctl(4, LOOP_CLR_FD) = 0
[pid 307] close(4) = 0
[pid 307] chdir("./file0") = 0
[pid 307] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 307] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 307] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 307] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 307] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 307] exit_group(0) = ?
[pid 307] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 31.841580][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 310
./strace-static-x86_64: Process 310 attached
[pid 310] set_robust_list(0x55558a5f5660, 24) = 0
[pid 310] chdir("./3") = 0
[pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 310] setpgid(0, 0) = 0
[pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 310] write(3, "1000", 4) = 4
[pid 310] close(3) = 0
[pid 310] symlink("/dev/binderfs", "./binderfs") = 0
[pid 310] write(1, "executing program\n", 18) = 18
[pid 310] memfd_create("syzkaller", 0) = 3
[pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 310] munmap(0x7fbabce5a000, 138412032) = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 310] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 310] close(3) = 0
[pid 310] close(4) = 0
[pid 310] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.006627][ T310] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.020704][ T310] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.033543][ T310] EXT4-fs (loop0): 1 orphan inode deleted
[pid 310] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 310] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 310] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 310] ioctl(4, LOOP_CLR_FD) = 0
[pid 310] close(4) = 0
[pid 310] chdir("./file0") = 0
[pid 310] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 310] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 310] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 310] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 310] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 310] exit_group(0) = ?
[pid 310] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 32.039420][ T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 313
./strace-static-x86_64: Process 313 attached
[pid 313] set_robust_list(0x55558a5f5660, 24) = 0
[pid 313] chdir("./4") = 0
[pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 313] setpgid(0, 0) = 0
[pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 313] write(3, "1000", 4) = 4
[pid 313] close(3) = 0
[pid 313] symlink("/dev/binderfs", "./binderfs") = 0
[pid 313] write(1, "executing program\n", 18) = 18
[pid 313] memfd_create("syzkaller", 0) = 3
[pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 313] munmap(0x7fbabce5a000, 138412032) = 0
[pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 313] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 313] close(3) = 0
[pid 313] close(4) = 0
[pid 313] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.195752][ T313] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.210189][ T313] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.222924][ T313] EXT4-fs (loop0): 1 orphan inode deleted
[pid 313] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 313] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 313] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 313] ioctl(4, LOOP_CLR_FD) = 0
[pid 313] close(4) = 0
[pid 313] chdir("./file0") = 0
[pid 313] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 313] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 313] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 313] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 313] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 313] exit_group(0) = ?
[pid 313] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 32.228504][ T313] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 316 attached
, child_tidptr=0x55558a5f5650) = 316
[pid 316] set_robust_list(0x55558a5f5660, 24) = 0
[pid 316] chdir("./5") = 0
[pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 316] setpgid(0, 0) = 0
[pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 316] write(3, "1000", 4) = 4
[pid 316] close(3) = 0
[pid 316] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 316] write(1, "executing program\n", 18) = 18
[pid 316] memfd_create("syzkaller", 0) = 3
[pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 316] munmap(0x7fbabce5a000, 138412032) = 0
[pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 316] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 316] close(3) = 0
[pid 316] close(4) = 0
[pid 316] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.438421][ T316] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.452510][ T316] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.465300][ T316] EXT4-fs (loop0): 1 orphan inode deleted
[pid 316] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 316] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 316] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 316] ioctl(4, LOOP_CLR_FD) = 0
[pid 316] close(4) = 0
[pid 316] chdir("./file0") = 0
[pid 316] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 316] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 316] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 316] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 316] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 316] exit_group(0) = ?
[pid 316] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 32.470960][ T316] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 319
./strace-static-x86_64: Process 319 attached
[pid 319] set_robust_list(0x55558a5f5660, 24) = 0
[pid 319] chdir("./6") = 0
[pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 319] setpgid(0, 0) = 0
[pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 319] write(3, "1000", 4) = 4
[pid 319] close(3) = 0
[pid 319] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 319] write(1, "executing program\n", 18) = 18
[pid 319] memfd_create("syzkaller", 0) = 3
[pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 319] munmap(0x7fbabce5a000, 138412032) = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 319] close(3) = 0
[pid 319] close(4) = 0
[pid 319] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.638221][ T319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.652070][ T319] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.664707][ T319] EXT4-fs (loop0): 1 orphan inode deleted
[pid 319] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 319] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 319] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 319] ioctl(4, LOOP_CLR_FD) = 0
[pid 319] close(4) = 0
[pid 319] chdir("./file0") = 0
[pid 319] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 319] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 319] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 319] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 319] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 319] exit_group(0) = ?
[pid 319] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 32.670256][ T319] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 323
./strace-static-x86_64: Process 323 attached
[pid 323] set_robust_list(0x55558a5f5660, 24) = 0
[pid 323] chdir("./7") = 0
[pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 323] setpgid(0, 0) = 0
[pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 323] write(3, "1000", 4) = 4
[pid 323] close(3) = 0
[pid 323] symlink("/dev/binderfs", "./binderfs") = 0
[pid 323] write(1, "executing program\n", 18) = 18
[pid 323] memfd_create("syzkaller", 0) = 3
[pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 323] munmap(0x7fbabce5a000, 138412032) = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 323] close(3) = 0
[pid 323] close(4) = 0
[pid 323] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.770446][ T323] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.784341][ T323] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.797117][ T323] EXT4-fs (loop0): 1 orphan inode deleted
[pid 323] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 323] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 323] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 323] ioctl(4, LOOP_CLR_FD) = 0
[pid 323] close(4) = 0
[pid 323] chdir("./file0") = 0
[pid 323] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 323] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 323] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 323] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 323] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 323] exit_group(0) = ?
[pid 323] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 32.802763][ T323] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 326
./strace-static-x86_64: Process 326 attached
[pid 326] set_robust_list(0x55558a5f5660, 24) = 0
[pid 326] chdir("./8") = 0
[pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 326] setpgid(0, 0) = 0
[pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 326] write(3, "1000", 4) = 4
[pid 326] close(3) = 0
[pid 326] symlink("/dev/binderfs", "./binderfs") = 0
[pid 326] write(1, "executing program\n", 18) = 18
[pid 326] memfd_create("syzkaller", 0) = 3
[pid 326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 326] munmap(0x7fbabce5a000, 138412032) = 0
[pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 326] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 326] close(3) = 0
[pid 326] close(4) = 0
[pid 326] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 32.949480][ T326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 32.963332][ T326] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 32.976026][ T326] EXT4-fs (loop0): 1 orphan inode deleted
[pid 326] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 326] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 326] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 326] ioctl(4, LOOP_CLR_FD) = 0
[pid 326] close(4) = 0
[pid 326] chdir("./file0") = 0
[pid 326] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 326] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 326] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 326] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 326] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 326] exit_group(0) = ?
[pid 326] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=326, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 32.981763][ T326] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 329
./strace-static-x86_64: Process 329 attached
[pid 329] set_robust_list(0x55558a5f5660, 24) = 0
[pid 329] chdir("./9") = 0
[pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 329] setpgid(0, 0) = 0
[pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 329] write(3, "1000", 4) = 4
[pid 329] close(3) = 0
[pid 329] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 329] write(1, "executing program\n", 18) = 18
[pid 329] memfd_create("syzkaller", 0) = 3
[pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 329] munmap(0x7fbabce5a000, 138412032) = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 329] close(3) = 0
[pid 329] close(4) = 0
[pid 329] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.120083][ T329] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 33.133942][ T329] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 33.146728][ T329] EXT4-fs (loop0): 1 orphan inode deleted
[pid 329] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 329] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 329] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 329] ioctl(4, LOOP_CLR_FD) = 0
[pid 329] close(4) = 0
[pid 329] chdir("./file0") = 0
[pid 329] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 329] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 329] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 329] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 329] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 329] exit_group(0) = ?
[pid 329] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 33.152341][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 332 attached
<unfinished ...>
[pid 332] set_robust_list(0x55558a5f5660, 24) = 0
[pid 297] <... clone resumed>, child_tidptr=0x55558a5f5650) = 332
[pid 332] chdir("./10") = 0
[pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 332] setpgid(0, 0) = 0
executing program
[pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 332] write(3, "1000", 4) = 4
[pid 332] close(3) = 0
[pid 332] symlink("/dev/binderfs", "./binderfs") = 0
[pid 332] write(1, "executing program\n", 18) = 18
[pid 332] memfd_create("syzkaller", 0) = 3
[pid 332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 332] munmap(0x7fbabce5a000, 138412032) = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 332] close(3) = 0
[pid 332] close(4) = 0
[pid 332] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.285682][ T332] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 33.299559][ T332] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 33.312255][ T332] EXT4-fs (loop0): 1 orphan inode deleted
[pid 332] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 332] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 332] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 332] ioctl(4, LOOP_CLR_FD) = 0
[pid 332] close(4) = 0
[pid 332] chdir("./file0") = 0
[pid 332] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 332] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 332] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 332] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 332] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 332] exit_group(0) = ?
[pid 332] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 33.318007][ T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 335
./strace-static-x86_64: Process 335 attached
[pid 335] set_robust_list(0x55558a5f5660, 24) = 0
[pid 335] chdir("./11") = 0
[pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 335] setpgid(0, 0) = 0
[pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 335] write(3, "1000", 4) = 4
[pid 335] close(3) = 0
[pid 335] symlink("/dev/binderfs", "./binderfs") = 0
[pid 335] write(1, "executing program\n", 18executing program
) = 18
[pid 335] memfd_create("syzkaller", 0) = 3
[pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 335] munmap(0x7fbabce5a000, 138412032) = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 335] close(3) = 0
[pid 335] close(4) = 0
[pid 335] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.528568][ T335] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 33.542451][ T335] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 33.555184][ T335] EXT4-fs (loop0): 1 orphan inode deleted
[pid 335] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 335] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 335] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 335] ioctl(4, LOOP_CLR_FD) = 0
[pid 335] close(4) = 0
[pid 335] chdir("./file0") = 0
[pid 335] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 335] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 335] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 335] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 335] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 335] exit_group(0) = ?
[pid 335] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
[ 33.560854][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 338
./strace-static-x86_64: Process 338 attached
[pid 338] set_robust_list(0x55558a5f5660, 24) = 0
[pid 338] chdir("./12") = 0
[pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 338] setpgid(0, 0) = 0
[pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 338] write(3, "1000", 4) = 4
[pid 338] close(3) = 0
[pid 338] symlink("/dev/binderfs", "./binderfs") = 0
[pid 338] write(1, "executing program\n", 18) = 18
[pid 338] memfd_create("syzkaller", 0) = 3
[pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 338] munmap(0x7fbabce5a000, 138412032) = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 338] close(3) = 0
[pid 338] close(4) = 0
[pid 338] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.721948][ T338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 33.736209][ T338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 33.749033][ T338] EXT4-fs (loop0): 1 orphan inode deleted
[pid 338] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 338] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 338] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 338] ioctl(4, LOOP_CLR_FD) = 0
[pid 338] close(4) = 0
[pid 338] chdir("./file0") = 0
[pid 338] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 338] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 338] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 338] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 338] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 338] exit_group(0) = ?
[pid 338] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
[ 33.754556][ T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 342
./strace-static-x86_64: Process 342 attached
[pid 342] set_robust_list(0x55558a5f5660, 24) = 0
[pid 342] chdir("./13") = 0
[pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 342] setpgid(0, 0) = 0
[pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 342] write(3, "1000", 4) = 4
[pid 342] close(3) = 0
[pid 342] symlink("/dev/binderfs", "./binderfs") = 0
[pid 342] write(1, "executing program\n", 18) = 18
[pid 342] memfd_create("syzkaller", 0) = 3
[pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 342] munmap(0x7fbabce5a000, 138412032) = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 342] close(3) = 0
[pid 342] close(4) = 0
[pid 342] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 33.892509][ T342] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 33.906399][ T342] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 33.919303][ T342] EXT4-fs (loop0): 1 orphan inode deleted
[pid 342] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 342] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 342] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 342] ioctl(4, LOOP_CLR_FD) = 0
[pid 342] close(4) = 0
[pid 342] chdir("./file0") = 0
[pid 342] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 342] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 342] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 342] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 342] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 342] exit_group(0) = ?
[pid 342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 33.924830][ T342] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 345
./strace-static-x86_64: Process 345 attached
[pid 345] set_robust_list(0x55558a5f5660, 24) = 0
[pid 345] chdir("./14") = 0
[pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 345] setpgid(0, 0) = 0
[pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 345] write(3, "1000", 4) = 4
[pid 345] close(3) = 0
[pid 345] symlink("/dev/binderfs", "./binderfs") = 0
[pid 345] write(1, "executing program\n", 18executing program
) = 18
[pid 345] memfd_create("syzkaller", 0) = 3
[pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 345] munmap(0x7fbabce5a000, 138412032) = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 345] close(3) = 0
[pid 345] close(4) = 0
[pid 345] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 34.032544][ T345] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.046499][ T345] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.059166][ T345] EXT4-fs (loop0): 1 orphan inode deleted
[pid 345] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 345] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 345] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 345] ioctl(4, LOOP_CLR_FD) = 0
[pid 345] close(4) = 0
[pid 345] chdir("./file0") = 0
[pid 345] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 345] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 345] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 345] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 345] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 345] exit_group(0) = ?
[pid 345] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 348
./strace-static-x86_64: Process 348 attached
[pid 348] set_robust_list(0x55558a5f5660, 24) = 0
[pid 348] chdir("./15") = 0
[pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 348] setpgid(0, 0) = 0
[pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 348] write(3, "1000", 4) = 4
[pid 348] close(3) = 0
[pid 348] symlink("/dev/binderfs", "./binderfs") = 0
[pid 348] write(1, "executing program\n", 18executing program
) = 18
[pid 348] memfd_create("syzkaller", 0) = 3
[pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[ 34.064690][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
[pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 348] munmap(0x7fbabce5a000, 138412032) = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 348] close(3) = 0
[pid 348] close(4) = 0
[pid 348] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 34.152463][ T348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.166402][ T348] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.179171][ T348] EXT4-fs (loop0): 1 orphan inode deleted
[pid 348] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 348] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 348] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 348] ioctl(4, LOOP_CLR_FD) = 0
[pid 348] close(4) = 0
[pid 348] chdir("./file0") = 0
[pid 348] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 348] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 348] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 348] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 348] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 348] exit_group(0) = ?
[pid 348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
[ 34.184781][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 351
./strace-static-x86_64: Process 351 attached
[pid 351] set_robust_list(0x55558a5f5660, 24) = 0
[pid 351] chdir("./16") = 0
[pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 351] setpgid(0, 0) = 0
[pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 351] write(3, "1000", 4) = 4
[pid 351] close(3) = 0
[pid 351] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 351] write(1, "executing program\n", 18) = 18
[pid 351] memfd_create("syzkaller", 0) = 3
[pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 351] munmap(0x7fbabce5a000, 138412032) = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 351] close(3) = 0
[pid 351] close(4) = 0
[pid 351] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 34.330734][ T351] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.344784][ T351] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.357628][ T351] EXT4-fs (loop0): 1 orphan inode deleted
[pid 351] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 351] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 351] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 351] ioctl(4, LOOP_CLR_FD) = 0
[pid 351] close(4) = 0
[pid 351] chdir("./file0") = 0
[pid 351] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 351] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 351] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 351] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 351] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 351] exit_group(0) = ?
[pid 351] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
[ 34.363172][ T351] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 354
./strace-static-x86_64: Process 354 attached
[pid 354] set_robust_list(0x55558a5f5660, 24) = 0
[pid 354] chdir("./17") = 0
[pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 354] setpgid(0, 0) = 0
[pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 354] write(3, "1000", 4) = 4
[pid 354] close(3) = 0
[pid 354] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 354] write(1, "executing program\n", 18) = 18
[pid 354] memfd_create("syzkaller", 0) = 3
[pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 354] munmap(0x7fbabce5a000, 138412032) = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 354] close(3) = 0
[pid 354] close(4) = 0
[pid 354] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 354] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[ 34.521756][ T354] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.535734][ T354] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.548579][ T354] EXT4-fs (loop0): 1 orphan inode deleted
[pid 354] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 354] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 354] ioctl(4, LOOP_CLR_FD) = 0
[pid 354] close(4) = 0
[pid 354] chdir("./file0") = 0
[pid 354] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 354] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 354] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 354] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 354] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 354] exit_group(0) = ?
[pid 354] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
[ 34.554126][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 357
./strace-static-x86_64: Process 357 attached
[pid 357] set_robust_list(0x55558a5f5660, 24) = 0
[pid 357] chdir("./18") = 0
[pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 357] setpgid(0, 0) = 0
[pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 357] write(3, "1000", 4) = 4
[pid 357] close(3) = 0
[pid 357] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 357] write(1, "executing program\n", 18) = 18
[pid 357] memfd_create("syzkaller", 0) = 3
[pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 357] munmap(0x7fbabce5a000, 138412032) = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 357] close(3) = 0
[pid 357] close(4) = 0
[pid 357] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 34.729391][ T357] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.743284][ T357] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.755906][ T357] EXT4-fs (loop0): 1 orphan inode deleted
[pid 357] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 357] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 357] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 357] ioctl(4, LOOP_CLR_FD) = 0
[pid 357] close(4) = 0
[pid 357] chdir("./file0") = 0
[pid 357] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 357] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 357] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 357] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 357] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 357] exit_group(0) = ?
[pid 357] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
[ 34.761632][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 361
./strace-static-x86_64: Process 361 attached
[pid 361] set_robust_list(0x55558a5f5660, 24) = 0
[pid 361] chdir("./19") = 0
[pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 361] setpgid(0, 0) = 0
[pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 361] write(3, "1000", 4) = 4
[pid 361] close(3) = 0
[pid 361] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 361] write(1, "executing program\n", 18) = 18
[pid 361] memfd_create("syzkaller", 0) = 3
[pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 361] munmap(0x7fbabce5a000, 138412032) = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 361] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 361] close(3) = 0
[pid 361] close(4) = 0
[pid 361] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 361] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[ 34.928537][ T361] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 34.942376][ T361] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 34.954995][ T361] EXT4-fs (loop0): 1 orphan inode deleted
[pid 361] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 361] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 361] ioctl(4, LOOP_CLR_FD) = 0
[pid 361] close(4) = 0
[pid 361] chdir("./file0") = 0
[pid 361] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 361] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 361] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 361] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 361] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 361] exit_group(0) = ?
[pid 361] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
[ 34.960556][ T361] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x31\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 364
./strace-static-x86_64: Process 364 attached
[pid 364] set_robust_list(0x55558a5f5660, 24) = 0
[pid 364] chdir("./20") = 0
[pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 364] setpgid(0, 0) = 0
[pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 364] write(3, "1000", 4) = 4
[pid 364] close(3) = 0
[pid 364] symlink("/dev/binderfs", "./binderfs") = 0
[pid 364] write(1, "executing program\n", 18) = 18
[pid 364] memfd_create("syzkaller", 0) = 3
[pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 364] munmap(0x7fbabce5a000, 138412032) = 0
[pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 364] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 364] close(3) = 0
[pid 364] close(4) = 0
[pid 364] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.092920][ T364] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.107061][ T364] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.119762][ T364] EXT4-fs (loop0): 1 orphan inode deleted
[pid 364] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 364] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 364] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 364] ioctl(4, LOOP_CLR_FD) = 0
[pid 364] close(4) = 0
[pid 364] chdir("./file0") = 0
[pid 364] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 364] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 364] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 364] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 364] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 364] exit_group(0) = ?
[pid 364] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
[ 35.125285][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 367
./strace-static-x86_64: Process 367 attached
[pid 367] set_robust_list(0x55558a5f5660, 24) = 0
[pid 367] chdir("./21") = 0
[pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 367] setpgid(0, 0) = 0
[pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 367] write(3, "1000", 4) = 4
[pid 367] close(3) = 0
[pid 367] symlink("/dev/binderfs", "./binderfs") = 0
[pid 367] write(1, "executing program\n", 18executing program
) = 18
[pid 367] memfd_create("syzkaller", 0) = 3
[pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 367] munmap(0x7fbabce5a000, 138412032) = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 367] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 367] close(3) = 0
[pid 367] close(4) = 0
[pid 367] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.250833][ T367] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.264699][ T367] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.277594][ T367] EXT4-fs (loop0): 1 orphan inode deleted
[pid 367] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 367] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 367] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 367] ioctl(4, LOOP_CLR_FD) = 0
[pid 367] close(4) = 0
[pid 367] chdir("./file0") = 0
[pid 367] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 367] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 367] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 367] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 367] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 367] exit_group(0) = ?
[pid 367] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
[ 35.283135][ T367] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
./strace-static-x86_64: Process 370 attached
<unfinished ...>
[pid 370] set_robust_list(0x55558a5f5660, 24) = 0
[pid 370] chdir("./22") = 0
[pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 370] setpgid(0, 0) = 0
[pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 370] write(3, "1000", 4) = 4
[pid 370] close(3) = 0
[pid 370] symlink("/dev/binderfs", "./binderfs") = 0
[pid 370] write(1, "executing program\n", 18) = 18
[pid 370] memfd_create("syzkaller", 0) = 3
[pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 297] <... clone resumed>, child_tidptr=0x55558a5f5650) = 370
[pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 370] munmap(0x7fbabce5a000, 138412032) = 0
[pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 370] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 370] close(3) = 0
[pid 370] close(4) = 0
[pid 370] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.398747][ T370] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.412605][ T370] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.425360][ T370] EXT4-fs (loop0): 1 orphan inode deleted
[pid 370] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 370] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 370] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 370] ioctl(4, LOOP_CLR_FD) = 0
[pid 370] close(4) = 0
[pid 370] chdir("./file0") = 0
[pid 370] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 370] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 370] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 370] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 370] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 370] exit_group(0) = ?
[pid 370] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
[ 35.430931][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 373
./strace-static-x86_64: Process 373 attached
[pid 373] set_robust_list(0x55558a5f5660, 24) = 0
[pid 373] chdir("./23") = 0
[pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 373] setpgid(0, 0) = 0
[pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program
) = 3
[pid 373] write(3, "1000", 4) = 4
[pid 373] close(3) = 0
[pid 373] symlink("/dev/binderfs", "./binderfs") = 0
[pid 373] write(1, "executing program\n", 18) = 18
[pid 373] memfd_create("syzkaller", 0) = 3
[pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 373] munmap(0x7fbabce5a000, 138412032) = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 373] close(3) = 0
[pid 373] close(4) = 0
[pid 373] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.590806][ T373] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.604823][ T373] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.617767][ T373] EXT4-fs (loop0): 1 orphan inode deleted
[pid 373] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 373] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 373] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 373] ioctl(4, LOOP_CLR_FD) = 0
[pid 373] close(4) = 0
[pid 373] chdir("./file0") = 0
[pid 373] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 373] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 373] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 373] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 373] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 373] exit_group(0) = ?
[pid 373] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
[ 35.623293][ T373] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 377
./strace-static-x86_64: Process 377 attached
[pid 377] set_robust_list(0x55558a5f5660, 24) = 0
[pid 377] chdir("./24") = 0
[pid 377] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program
) = 0
[pid 377] setpgid(0, 0) = 0
[pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 377] write(3, "1000", 4) = 4
[pid 377] close(3) = 0
[pid 377] symlink("/dev/binderfs", "./binderfs") = 0
[pid 377] write(1, "executing program\n", 18) = 18
[pid 377] memfd_create("syzkaller", 0) = 3
[pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 377] munmap(0x7fbabce5a000, 138412032) = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 377] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 377] close(3) = 0
[pid 377] close(4) = 0
[pid 377] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.798404][ T377] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.812244][ T377] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.824882][ T377] EXT4-fs (loop0): 1 orphan inode deleted
[pid 377] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 377] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 377] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 377] ioctl(4, LOOP_CLR_FD) = 0
[pid 377] close(4) = 0
[pid 377] chdir("./file0") = 0
[pid 377] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 377] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 377] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 377] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 377] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 377] exit_group(0) = ?
[pid 377] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
[ 35.830449][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
close(4) = 0
rmdir("\x2e\x2f\x32\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 380
./strace-static-x86_64: Process 380 attached
[pid 380] set_robust_list(0x55558a5f5660, 24) = 0
[pid 380] chdir("./25") = 0
[pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 380] setpgid(0, 0) = 0
[pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 380] write(3, "1000", 4) = 4
[pid 380] close(3) = 0
[pid 380] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 380] write(1, "executing program\n", 18) = 18
[pid 380] memfd_create("syzkaller", 0) = 3
[pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 380] munmap(0x7fbabce5a000, 138412032) = 0
[pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 380] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 380] close(3) = 0
[pid 380] close(4) = 0
[pid 380] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 35.928164][ T380] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 35.942105][ T380] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 35.954770][ T380] EXT4-fs (loop0): 1 orphan inode deleted
[pid 380] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 380] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 380] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 380] ioctl(4, LOOP_CLR_FD) = 0
[pid 380] close(4) = 0
[pid 380] chdir("./file0") = 0
[pid 380] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 380] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 380] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 380] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 380] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 380] exit_group(0) = ?
[pid 380] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
[ 35.960337][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 383
./strace-static-x86_64: Process 383 attached
[pid 383] set_robust_list(0x55558a5f5660, 24) = 0
[pid 383] chdir("./26") = 0
[pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 383] setpgid(0, 0) = 0
[pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 383] write(3, "1000", 4) = 4
[pid 383] close(3) = 0
[pid 383] symlink("/dev/binderfs", "./binderfs") = 0
[pid 383] write(1, "executing program\n", 18executing program
) = 18
[pid 383] memfd_create("syzkaller", 0) = 3
[pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 383] munmap(0x7fbabce5a000, 138412032) = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 383] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 383] close(3) = 0
[pid 383] close(4) = 0
[pid 383] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 36.133454][ T383] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 36.147328][ T383] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 36.160075][ T383] EXT4-fs (loop0): 1 orphan inode deleted
[pid 383] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 383] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 383] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 383] ioctl(4, LOOP_CLR_FD) = 0
[pid 383] close(4) = 0
[pid 383] chdir("./file0") = 0
[pid 383] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 383] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 383] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 383] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 383] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 383] exit_group(0) = ?
[pid 383] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
[ 36.165599][ T383] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 386
./strace-static-x86_64: Process 386 attached
[pid 386] set_robust_list(0x55558a5f5660, 24) = 0
[pid 386] chdir("./27") = 0
[pid 386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 386] setpgid(0, 0) = 0
[pid 386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 386] write(3, "1000", 4) = 4
[pid 386] close(3) = 0
[pid 386] symlink("/dev/binderfs", "./binderfs") = 0
[pid 386] write(1, "executing program\n", 18) = 18
[pid 386] memfd_create("syzkaller", 0) = 3
[pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 386] munmap(0x7fbabce5a000, 138412032) = 0
[pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 386] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 386] close(3) = 0
[pid 386] close(4) = 0
[pid 386] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 386] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 386] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 386] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 386] ioctl(4, LOOP_CLR_FD) = 0
[ 36.291840][ T386] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 36.305786][ T386] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 36.318507][ T386] EXT4-fs (loop0): 1 orphan inode deleted
[pid 386] close(4) = 0
[pid 386] chdir("./file0") = 0
[pid 386] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 386] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 386] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 386] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 386] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 386] exit_group(0) = ?
[pid 386] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=386, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
[ 36.324042][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 389
./strace-static-x86_64: Process 389 attached
[pid 389] set_robust_list(0x55558a5f5660, 24) = 0
[pid 389] chdir("./28") = 0
[pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 389] setpgid(0, 0) = 0
[pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 389] write(3, "1000", 4) = 4
[pid 389] close(3) = 0
[pid 389] symlink("/dev/binderfs", "./binderfs") = 0
[pid 389] write(1, "executing program\n", 18) = 18
[pid 389] memfd_create("syzkaller", 0) = 3
[pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 389] munmap(0x7fbabce5a000, 138412032) = 0
[pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 389] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 389] close(3) = 0
[pid 389] close(4) = 0
[pid 389] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 36.450993][ T389] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 36.464980][ T389] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 36.477846][ T389] EXT4-fs (loop0): 1 orphan inode deleted
[pid 389] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 389] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 389] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 389] ioctl(4, LOOP_CLR_FD) = 0
[pid 389] close(4) = 0
[pid 389] chdir("./file0") = 0
[pid 389] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 389] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 389] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 389] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 389] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 389] exit_group(0) = ?
[pid 389] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
[ 36.483617][ T389] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 392
executing program
./strace-static-x86_64: Process 392 attached
[pid 392] set_robust_list(0x55558a5f5660, 24) = 0
[pid 392] chdir("./29") = 0
[pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 392] setpgid(0, 0) = 0
[pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 392] write(3, "1000", 4) = 4
[pid 392] close(3) = 0
[pid 392] symlink("/dev/binderfs", "./binderfs") = 0
[pid 392] write(1, "executing program\n", 18) = 18
[pid 392] memfd_create("syzkaller", 0) = 3
[pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 392] munmap(0x7fbabce5a000, 138412032) = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 392] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 392] close(3) = 0
[pid 392] close(4) = 0
[pid 392] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 36.731159][ T392] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 36.745183][ T392] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 36.757911][ T392] EXT4-fs (loop0): 1 orphan inode deleted
[pid 392] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 392] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 392] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 392] ioctl(4, LOOP_CLR_FD) = 0
[pid 392] close(4) = 0
[pid 392] chdir("./file0") = 0
[pid 392] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 392] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 392] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 392] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 392] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 392] exit_group(0) = ?
[pid 392] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
[ 36.763454][ T392] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x32\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 396 attached
<unfinished ...>
[pid 396] set_robust_list(0x55558a5f5660, 24) = 0
[pid 396] chdir("./30" <unfinished ...>
[pid 297] <... clone resumed>, child_tidptr=0x55558a5f5650) = 396
[pid 396] <... chdir resumed>) = 0
[pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 396] setpgid(0, 0) = 0
[pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 396] write(3, "1000", 4) = 4
[pid 396] close(3) = 0
[pid 396] symlink("/dev/binderfs", "./binderfs") = 0
[pid 396] write(1, "executing program\n", 18executing program
) = 18
[pid 396] memfd_create("syzkaller", 0) = 3
[pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 396] munmap(0x7fbabce5a000, 138412032) = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 396] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 396] close(3) = 0
[pid 396] close(4) = 0
[pid 396] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 36.867834][ T396] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 36.881723][ T396] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 36.894367][ T396] EXT4-fs (loop0): 1 orphan inode deleted
[pid 396] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 396] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 396] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 396] ioctl(4, LOOP_CLR_FD) = 0
[pid 396] close(4) = 0
[pid 396] chdir("./file0") = 0
[pid 396] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 396] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 396] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 396] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 396] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 396] exit_group(0) = ?
[pid 396] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
[ 36.900332][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 399
./strace-static-x86_64: Process 399 attached
[pid 399] set_robust_list(0x55558a5f5660, 24) = 0
[pid 399] chdir("./31") = 0
[pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 399] setpgid(0, 0) = 0
[pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 399] write(3, "1000", 4) = 4
[pid 399] close(3) = 0
[pid 399] symlink("/dev/binderfs", "./binderfs") = 0
[pid 399] write(1, "executing program\n", 18) = 18
[pid 399] memfd_create("syzkaller", 0) = 3
[pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 399] munmap(0x7fbabce5a000, 138412032) = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 399] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 399] close(3) = 0
[pid 399] close(4) = 0
[pid 399] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.089359][ T399] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.103244][ T399] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.115914][ T399] EXT4-fs (loop0): 1 orphan inode deleted
[pid 399] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 399] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 399] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 399] ioctl(4, LOOP_CLR_FD) = 0
[pid 399] close(4) = 0
[pid 399] chdir("./file0") = 0
[pid 399] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 399] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 399] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 399] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 399] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 399] exit_group(0) = ?
[pid 399] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
[ 37.121466][ T399] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 402
./strace-static-x86_64: Process 402 attached
[pid 402] set_robust_list(0x55558a5f5660, 24) = 0
[pid 402] chdir("./32") = 0
[pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 402] setpgid(0, 0) = 0
[pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 402] write(3, "1000", 4) = 4
[pid 402] close(3) = 0
[pid 402] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 402] write(1, "executing program\n", 18) = 18
[pid 402] memfd_create("syzkaller", 0) = 3
[pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 402] munmap(0x7fbabce5a000, 138412032) = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 402] close(3) = 0
[pid 402] close(4) = 0
[pid 402] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.289126][ T402] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.303049][ T402] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.316046][ T402] EXT4-fs (loop0): 1 orphan inode deleted
[pid 402] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 402] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 402] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 402] ioctl(4, LOOP_CLR_FD) = 0
[pid 402] close(4) = 0
[pid 402] chdir("./file0") = 0
[pid 402] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 402] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 402] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 402] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 402] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 402] exit_group(0) = ?
[pid 402] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
[ 37.321654][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program
) = 0
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 405
./strace-static-x86_64: Process 405 attached
[pid 405] set_robust_list(0x55558a5f5660, 24) = 0
[pid 405] chdir("./33") = 0
[pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 405] setpgid(0, 0) = 0
[pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 405] write(3, "1000", 4) = 4
[pid 405] close(3) = 0
[pid 405] symlink("/dev/binderfs", "./binderfs") = 0
[pid 405] write(1, "executing program\n", 18) = 18
[pid 405] memfd_create("syzkaller", 0) = 3
[pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 405] munmap(0x7fbabce5a000, 138412032) = 0
[pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 405] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 405] close(3) = 0
[pid 405] close(4) = 0
[pid 405] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.447994][ T405] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.462158][ T405] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.475374][ T405] EXT4-fs (loop0): 1 orphan inode deleted
[pid 405] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 405] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 405] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 405] ioctl(4, LOOP_CLR_FD) = 0
[pid 405] close(4) = 0
[pid 405] chdir("./file0") = 0
[pid 405] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 405] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 405] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 405] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 405] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 405] exit_group(0) = ?
[pid 405] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 408 attached
<unfinished ...>
[pid 408] set_robust_list(0x55558a5f5660, 24) = 0
[pid 408] chdir("./34") = 0
[pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid 297] <... clone resumed>, child_tidptr=0x55558a5f5650) = 408
[pid 408] <... prctl resumed>) = 0
[pid 408] setpgid(0, 0) = 0
[pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 408] write(3, "1000", 4) = 4
[ 37.480941][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
executing program
[pid 408] close(3) = 0
[pid 408] symlink("/dev/binderfs", "./binderfs") = 0
[pid 408] write(1, "executing program\n", 18) = 18
[pid 408] memfd_create("syzkaller", 0) = 3
[pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 408] munmap(0x7fbabce5a000, 138412032) = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 408] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 408] close(3) = 0
[pid 408] close(4) = 0
[pid 408] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.572210][ T408] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.586159][ T408] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.598764][ T408] EXT4-fs (loop0): 1 orphan inode deleted
[pid 408] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 408] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 408] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 408] ioctl(4, LOOP_CLR_FD) = 0
[pid 408] close(4) = 0
[pid 408] chdir("./file0") = 0
[pid 408] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 408] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 408] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 408] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 408] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 408] exit_group(0) = ?
[pid 408] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
[ 37.604376][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 412
./strace-static-x86_64: Process 412 attached
[pid 412] set_robust_list(0x55558a5f5660, 24) = 0
[pid 412] chdir("./35") = 0
[pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 412] setpgid(0, 0) = 0
[pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 412] write(3, "1000", 4) = 4
executing program
[pid 412] close(3) = 0
[pid 412] symlink("/dev/binderfs", "./binderfs") = 0
[pid 412] write(1, "executing program\n", 18) = 18
[pid 412] memfd_create("syzkaller", 0) = 3
[pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 412] munmap(0x7fbabce5a000, 138412032) = 0
[pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 412] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 412] close(3) = 0
[pid 412] close(4) = 0
[pid 412] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.795239][ T412] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.809221][ T412] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.821863][ T412] EXT4-fs (loop0): 1 orphan inode deleted
[pid 412] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 412] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 412] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 412] ioctl(4, LOOP_CLR_FD) = 0
[pid 412] close(4) = 0
[pid 412] chdir("./file0") = 0
[pid 412] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 412] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 412] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 412] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 412] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 412] exit_group(0) = ?
[pid 412] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
[ 37.827421][ T412] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 415
./strace-static-x86_64: Process 415 attached
[pid 415] set_robust_list(0x55558a5f5660, 24) = 0
[pid 415] chdir("./36") = 0
[pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 415] setpgid(0, 0) = 0
[pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 415] write(3, "1000", 4) = 4
[pid 415] close(3) = 0
[pid 415] symlink("/dev/binderfs", "./binderfs") = 0
[pid 415] write(1, "executing program\n", 18) = 18
[pid 415] memfd_create("syzkaller", 0) = 3
[pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 415] munmap(0x7fbabce5a000, 138412032) = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 415] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 415] close(3) = 0
[pid 415] close(4) = 0
[pid 415] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 37.968096][ T415] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 37.982175][ T415] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 37.994833][ T415] EXT4-fs (loop0): 1 orphan inode deleted
[pid 415] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 415] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 415] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 415] ioctl(4, LOOP_CLR_FD) = 0
[pid 415] close(4) = 0
[pid 415] chdir("./file0") = 0
[pid 415] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 415] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 415] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 415] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 415] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 415] exit_group(0) = ?
[pid 415] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
[ 38.000398][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 418
./strace-static-x86_64: Process 418 attached
[pid 418] set_robust_list(0x55558a5f5660, 24) = 0
[pid 418] chdir("./37") = 0
[pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 418] setpgid(0, 0) = 0
[pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 418] write(3, "1000", 4) = 4
[pid 418] close(3) = 0
[pid 418] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 418] write(1, "executing program\n", 18) = 18
[pid 418] memfd_create("syzkaller", 0) = 3
[pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 418] munmap(0x7fbabce5a000, 138412032) = 0
[pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 418] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 418] close(3) = 0
[pid 418] close(4) = 0
[pid 418] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 38.160894][ T418] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 38.174772][ T418] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 38.187518][ T418] EXT4-fs (loop0): 1 orphan inode deleted
[pid 418] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 418] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 418] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 418] ioctl(4, LOOP_CLR_FD) = 0
[pid 418] close(4) = 0
[pid 418] chdir("./file0") = 0
[pid 418] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 418] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 418] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 418] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 418] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 418] exit_group(0) = ?
[pid 418] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
[ 38.193050][ T418] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 421
./strace-static-x86_64: Process 421 attached
[pid 421] set_robust_list(0x55558a5f5660, 24) = 0
[pid 421] chdir("./38") = 0
[pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 421] setpgid(0, 0) = 0
[pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 421] write(3, "1000", 4) = 4
[pid 421] close(3executing program
) = 0
[pid 421] symlink("/dev/binderfs", "./binderfs") = 0
[pid 421] write(1, "executing program\n", 18) = 18
[pid 421] memfd_create("syzkaller", 0) = 3
[pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 421] munmap(0x7fbabce5a000, 138412032) = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 421] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 421] close(3) = 0
[pid 421] close(4) = 0
[pid 421] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 38.390242][ T421] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 38.404097][ T421] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 38.419287][ T421] EXT4-fs (loop0): 1 orphan inode deleted
[pid 421] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 421] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 421] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 421] ioctl(4, LOOP_CLR_FD) = 0
[pid 421] close(4) = 0
[pid 421] chdir("./file0") = 0
[pid 421] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 421] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 421] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 421] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 421] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 421] exit_group(0) = ?
[pid 421] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
[ 38.424815][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 424
./strace-static-x86_64: Process 424 attached
[pid 424] set_robust_list(0x55558a5f5660, 24) = 0
[pid 424] chdir("./39") = 0
[pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 424] setpgid(0, 0) = 0
[pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 424] write(3, "1000", 4) = 4
[pid 424] close(3) = 0
[pid 424] symlink("/dev/binderfs", "./binderfs") = 0
[pid 424] write(1, "executing program\n", 18) = 18
[pid 424] memfd_create("syzkaller", 0) = 3
[pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 424] munmap(0x7fbabce5a000, 138412032) = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 424] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 424] close(3) = 0
[pid 424] close(4) = 0
[pid 424] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 38.612174][ T424] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 38.626155][ T424] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 38.638869][ T424] EXT4-fs (loop0): 1 orphan inode deleted
[pid 424] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 424] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 424] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 424] ioctl(4, LOOP_CLR_FD) = 0
[pid 424] close(4) = 0
[pid 424] chdir("./file0") = 0
[pid 424] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 424] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 424] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 424] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 424] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 424] exit_group(0) = ?
[pid 424] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x33\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
[ 38.644397][ T424] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 428
./strace-static-x86_64: Process 428 attached
[pid 428] set_robust_list(0x55558a5f5660, 24) = 0
[pid 428] chdir("./40") = 0
[pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 428] setpgid(0, 0) = 0
[pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 428] write(3, "1000", 4) = 4
[pid 428] close(3) = 0
[pid 428] symlink("/dev/binderfs", "./binderfs") = 0
[pid 428] write(1, "executing program\n", 18executing program
) = 18
[pid 428] memfd_create("syzkaller", 0) = 3
[pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 428] munmap(0x7fbabce5a000, 138412032) = 0
[pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 428] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 428] close(3) = 0
[pid 428] close(4) = 0
[pid 428] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[pid 428] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 428] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 428] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[ 38.778914][ T428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 38.793009][ T428] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 38.805637][ T428] EXT4-fs (loop0): 1 orphan inode deleted
[pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 428] ioctl(4, LOOP_CLR_FD) = 0
[pid 428] close(4) = 0
[pid 428] chdir("./file0") = 0
[pid 428] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 428] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 428] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 428] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 428] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 428] exit_group(0) = ?
[pid 428] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
[ 38.811210][ T428] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
executing program
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 431
./strace-static-x86_64: Process 431 attached
[pid 431] set_robust_list(0x55558a5f5660, 24) = 0
[pid 431] chdir("./41") = 0
[pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 431] setpgid(0, 0) = 0
[pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 431] write(3, "1000", 4) = 4
[pid 431] close(3) = 0
[pid 431] symlink("/dev/binderfs", "./binderfs") = 0
[pid 431] write(1, "executing program\n", 18) = 18
[pid 431] memfd_create("syzkaller", 0) = 3
[pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 431] munmap(0x7fbabce5a000, 138412032) = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 431] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 431] close(3) = 0
[pid 431] close(4) = 0
[pid 431] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 38.978545][ T431] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 38.992492][ T431] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.005383][ T431] EXT4-fs (loop0): 1 orphan inode deleted
[pid 431] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 431] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 431] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 431] ioctl(4, LOOP_CLR_FD) = 0
[pid 431] close(4) = 0
[pid 431] chdir("./file0") = 0
[pid 431] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 431] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 431] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 431] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 431] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 431] exit_group(0) = ?
[pid 431] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
[ 39.011060][ T431] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 434
./strace-static-x86_64: Process 434 attached
[pid 434] set_robust_list(0x55558a5f5660, 24) = 0
[pid 434] chdir("./42") = 0
[pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 434] setpgid(0, 0) = 0
[pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 434] write(3, "1000", 4) = 4
[pid 434] close(3) = 0
[pid 434] symlink("/dev/binderfs", "./binderfs") = 0
[pid 434] write(1, "executing program\n", 18) = 18
[pid 434] memfd_create("syzkaller", 0) = 3
[pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 434] munmap(0x7fbabce5a000, 138412032) = 0
[pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 434] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 434] close(3) = 0
[pid 434] close(4) = 0
[pid 434] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 39.171630][ T434] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 39.185548][ T434] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.198319][ T434] EXT4-fs (loop0): 1 orphan inode deleted
[pid 434] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 434] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 434] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 434] ioctl(4, LOOP_CLR_FD) = 0
[pid 434] close(4) = 0
[pid 434] chdir("./file0") = 0
[pid 434] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 434] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 434] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 434] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 434] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 434] exit_group(0) = ?
[pid 434] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
[ 39.203866][ T434] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x32\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 437
./strace-static-x86_64: Process 437 attached
[pid 437] set_robust_list(0x55558a5f5660, 24) = 0
[pid 437] chdir("./43") = 0
[pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 437] setpgid(0, 0) = 0
[pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 437] write(3, "1000", 4) = 4
[pid 437] close(3) = 0
[pid 437] symlink("/dev/binderfs", "./binderfs") = 0
[pid 437] write(1, "executing program\n", 18executing program
) = 18
[pid 437] memfd_create("syzkaller", 0) = 3
[pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 437] munmap(0x7fbabce5a000, 138412032) = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 437] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 437] close(3) = 0
[pid 437] close(4) = 0
[pid 437] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 39.368383][ T437] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 39.382251][ T437] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.394952][ T437] EXT4-fs (loop0): 1 orphan inode deleted
[pid 437] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 437] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 437] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 437] ioctl(4, LOOP_CLR_FD) = 0
[pid 437] close(4) = 0
[pid 437] chdir("./file0") = 0
[pid 437] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 437] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 437] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 437] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 437] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 437] exit_group(0) = ?
[pid 437] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=437, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
[ 39.400572][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x33\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 440
./strace-static-x86_64: Process 440 attached
[pid 440] set_robust_list(0x55558a5f5660, 24) = 0
[pid 440] chdir("./44") = 0
[pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 440] setpgid(0, 0) = 0
[pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 440] write(3, "1000", 4) = 4
[pid 440] close(3) = 0
[pid 440] symlink("/dev/binderfs", "./binderfs") = 0
[pid 440] write(1, "executing program\n", 18) = 18
[pid 440] memfd_create("syzkaller", 0) = 3
[pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 440] munmap(0x7fbabce5a000, 138412032) = 0
[pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 440] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 440] close(3) = 0
[pid 440] close(4) = 0
[pid 440] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 39.530977][ T440] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 39.544849][ T440] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.557496][ T440] EXT4-fs (loop0): 1 orphan inode deleted
[pid 440] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 440] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 440] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 440] ioctl(4, LOOP_CLR_FD) = 0
[pid 440] close(4) = 0
[pid 440] chdir("./file0") = 0
[pid 440] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 440] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 440] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 440] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 440] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 440] exit_group(0) = ?
[pid 440] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
[ 39.563034][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x34\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3executing program
) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 443
./strace-static-x86_64: Process 443 attached
[pid 443] set_robust_list(0x55558a5f5660, 24) = 0
[pid 443] chdir("./45") = 0
[pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 443] setpgid(0, 0) = 0
[pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 443] write(3, "1000", 4) = 4
[pid 443] close(3) = 0
[pid 443] symlink("/dev/binderfs", "./binderfs") = 0
[pid 443] write(1, "executing program\n", 18) = 18
[pid 443] memfd_create("syzkaller", 0) = 3
[pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 443] munmap(0x7fbabce5a000, 138412032) = 0
[pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 443] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 443] close(3) = 0
[pid 443] close(4) = 0
[pid 443] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 39.729515][ T443] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 39.743409][ T443] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.756298][ T443] EXT4-fs (loop0): 1 orphan inode deleted
[pid 443] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 443] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 443] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 443] ioctl(4, LOOP_CLR_FD) = 0
[pid 443] close(4) = 0
[pid 443] chdir("./file0") = 0
[pid 443] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 443] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 443] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 443] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 443] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 443] exit_group(0) = ?
[pid 443] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=443, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
[ 39.761876][ T443] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x35\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 447
./strace-static-x86_64: Process 447 attached
[pid 447] set_robust_list(0x55558a5f5660, 24) = 0
[pid 447] chdir("./46") = 0
[pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 447] setpgid(0, 0) = 0
[pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 447] write(3, "1000", 4) = 4
[pid 447] close(3) = 0
[pid 447] symlink("/dev/binderfs", "./binderfs") = 0
[pid 447] write(1, "executing program\n", 18) = 18
[pid 447] memfd_create("syzkaller", 0) = 3
[pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 447] munmap(0x7fbabce5a000, 138412032) = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 447] close(3) = 0
[pid 447] close(4) = 0
[pid 447] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 39.890004][ T447] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 39.904100][ T447] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 39.916855][ T447] EXT4-fs (loop0): 1 orphan inode deleted
[pid 447] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 447] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 447] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 447] ioctl(4, LOOP_CLR_FD) = 0
[pid 447] close(4) = 0
[pid 447] chdir("./file0") = 0
[pid 447] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 447] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 447] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 447] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 447] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 447] exit_group(0) = ?
[pid 447] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
[ 39.922391][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x36\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 450
./strace-static-x86_64: Process 450 attached
[pid 450] set_robust_list(0x55558a5f5660, 24) = 0
[pid 450] chdir("./47") = 0
[pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 450] setpgid(0, 0) = 0
[pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 450] write(3, "1000", 4) = 4
[pid 450] close(3) = 0
[pid 450] symlink("/dev/binderfs", "./binderfs") = 0
[pid 450] write(1, "executing program\n", 18) = 18
[pid 450] memfd_create("syzkaller", 0) = 3
[pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 450] munmap(0x7fbabce5a000, 138412032) = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 450] close(3) = 0
[pid 450] close(4) = 0
[pid 450] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 40.047653][ T450] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 40.061996][ T450] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 40.074794][ T450] EXT4-fs (loop0): 1 orphan inode deleted
[pid 450] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 450] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 450] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 450] ioctl(4, LOOP_CLR_FD) = 0
[pid 450] close(4) = 0
[pid 450] chdir("./file0") = 0
[pid 450] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 450] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 450] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 450] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 450] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 450] exit_group(0) = ?
[pid 450] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
[ 40.080380][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x37\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 453
./strace-static-x86_64: Process 453 attached
[pid 453] set_robust_list(0x55558a5f5660, 24) = 0
[pid 453] chdir("./48") = 0
executing program
[pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 453] setpgid(0, 0) = 0
[pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 453] write(3, "1000", 4) = 4
[pid 453] close(3) = 0
[pid 453] symlink("/dev/binderfs", "./binderfs") = 0
[pid 453] write(1, "executing program\n", 18) = 18
[pid 453] memfd_create("syzkaller", 0) = 3
[pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 453] munmap(0x7fbabce5a000, 138412032) = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 453] close(3) = 0
[pid 453] close(4) = 0
[pid 453] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 40.241112][ T453] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 40.255118][ T453] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 40.267880][ T453] EXT4-fs (loop0): 1 orphan inode deleted
[pid 453] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 453] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 453] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 453] ioctl(4, LOOP_CLR_FD) = 0
[pid 453] close(4) = 0
[pid 453] chdir("./file0") = 0
[pid 453] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 453] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 453] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 453] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 453] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 453] exit_group(0) = ?
[pid 453] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
[ 40.273526][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x38\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 456
./strace-static-x86_64: Process 456 attached
[pid 456] set_robust_list(0x55558a5f5660, 24) = 0
[pid 456] chdir("./49") = 0
[pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 456] setpgid(0, 0) = 0
[pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 456] write(3, "1000", 4) = 4
[pid 456] close(3) = 0
[pid 456] symlink("/dev/binderfs", "./binderfs") = 0
[pid 456] write(1, "executing program\n", 18) = 18
[pid 456] memfd_create("syzkaller", 0) = 3
[pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 456] munmap(0x7fbabce5a000, 138412032) = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 456] close(3) = 0
[pid 456] close(4) = 0
[pid 456] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 40.488301][ T456] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 40.502388][ T456] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 40.515034][ T456] EXT4-fs (loop0): 1 orphan inode deleted
[pid 456] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 456] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 456] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 456] ioctl(4, LOOP_CLR_FD) = 0
[pid 456] close(4) = 0
[pid 456] chdir("./file0") = 0
[pid 456] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 456] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 456] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 456] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 456] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 456] exit_group(0) = ?
[pid 456] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
[ 40.520585][ T456] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x34\x39\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program
, child_tidptr=0x55558a5f5650) = 459
./strace-static-x86_64: Process 459 attached
[pid 459] set_robust_list(0x55558a5f5660, 24) = 0
[pid 459] chdir("./50") = 0
[pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 459] setpgid(0, 0) = 0
[pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 459] write(3, "1000", 4) = 4
[pid 459] close(3) = 0
[pid 459] symlink("/dev/binderfs", "./binderfs") = 0
[pid 459] write(1, "executing program\n", 18) = 18
[pid 459] memfd_create("syzkaller", 0) = 3
[pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 459] munmap(0x7fbabce5a000, 138412032) = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 459] close(3) = 0
[pid 459] close(4) = 0
[pid 459] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 40.718134][ T459] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 40.731998][ T459] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 40.744841][ T459] EXT4-fs (loop0): 1 orphan inode deleted
[pid 459] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 459] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 459] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 459] ioctl(4, LOOP_CLR_FD) = 0
[pid 459] close(4) = 0
[pid 459] chdir("./file0") = 0
[pid 459] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 459] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 459] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 459] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 459] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 459] exit_group(0) = ?
[pid 459] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./50/binderfs") = 0
[ 40.750439][ T459] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x30\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 463
./strace-static-x86_64: Process 463 attached
[pid 463] set_robust_list(0x55558a5f5660, 24) = 0
[pid 463] chdir("./51") = 0
[pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 463] setpgid(0, 0) = 0
[pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 463] write(3, "1000", 4) = 4
[pid 463] close(3) = 0
[pid 463] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid 463] write(1, "executing program\n", 18) = 18
[pid 463] memfd_create("syzkaller", 0) = 3
[pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 463] munmap(0x7fbabce5a000, 138412032) = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 463] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 463] close(3) = 0
[pid 463] close(4) = 0
[pid 463] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 40.859140][ T463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 40.873043][ T463] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 40.885879][ T463] EXT4-fs (loop0): 1 orphan inode deleted
[pid 463] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 463] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 463] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 463] ioctl(4, LOOP_CLR_FD) = 0
[pid 463] close(4) = 0
[pid 463] chdir("./file0") = 0
[pid 463] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 463] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 463] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 463] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 463] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 463] exit_group(0) = ?
[pid 463] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=463, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./51/binderfs") = 0
[ 40.891606][ T463] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55558a5fe730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55558a5fe730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("\x2e\x2f\x35\x31\x2f\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
getdents64(3, 0x55558a5f66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558a5f5650) = 466
./strace-static-x86_64: Process 466 attached
[pid 466] set_robust_list(0x55558a5f5660, 24) = 0
[pid 466] chdir("./52") = 0
[pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 466] setpgid(0, 0) = 0
[pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 466] write(3, "1000", 4) = 4
[pid 466] close(3) = 0
[pid 466] symlink("/dev/binderfs", "./binderfs") = 0
[pid 466] write(1, "executing program\n", 18executing program
) = 18
[pid 466] memfd_create("syzkaller", 0) = 3
[pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbabce5a000
[pid 466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 466] munmap(0x7fbabce5a000, 138412032) = 0
[pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 466] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 466] close(3) = 0
[pid 466] close(4) = 0
[pid 466] mkdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", 0777) = 0
[ 41.051851][ T466] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor130: inode #1: comm syz-executor130: iget: illegal inode #
[ 41.065770][ T466] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor130: error while reading EA inode 1 err=-117
[ 41.078506][ T466] EXT4-fs (loop0): 1 orphan inode deleted
[pid 466] mount("/dev/loop0", "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_I_VERSION|0x200, "journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroup"...) = 0
[pid 466] openat(AT_FDCWD, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b", O_RDONLY|O_DIRECTORY) = 3
[pid 466] chdir("\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b") = 0
[pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 466] ioctl(4, LOOP_CLR_FD) = 0
[pid 466] close(4) = 0
[pid 466] chdir("./file0") = 0
[pid 466] openat(AT_FDCWD, "net_prio.prioidx", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 466] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 005) = 0
[pid 466] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 5
[pid 466] symlink("./file0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 466] mkdirat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 466] exit_group(0) = ?
[pid 466] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=466, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55558a5f66f0 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./52/binderfs") = 0
[ 41.084135][ T466] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,nogrpid,block_validity,minixdf,resgid=0x0000000000000000,sysvgroups,usrjquota=,,errors=continue