./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1208874249 <...> Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. execve("./syz-executor1208874249", ["./syz-executor1208874249"], 0x7ffc8c66a650 /* 10 vars */) = 0 brk(NULL) = 0x555562cdd000 brk(0x555562cddd40) = 0x555562cddd40 arch_prctl(ARCH_SET_FS, 0x555562cdd3c0) = 0 set_tid_address(0x555562cdd690) = 5829 set_robust_list(0x555562cdd6a0, 24) = 0 rseq(0x555562cddce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1208874249", 4096) = 28 getrandom("\xc3\xb0\x5b\x75\xbc\x39\xd7\xeb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555562cddd40 brk(0x555562cfed40) = 0x555562cfed40 brk(0x555562cff000) = 0x555562cff000 mprotect(0x7fc65d882000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.2EjIQd", 0700) = 0 chmod("./syzkaller.2EjIQd", 0777) = 0 chdir("./syzkaller.2EjIQd") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x555562cdd6a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x555562cdd690) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] chdir("./0") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5831] write(1, "executing program\n", 18) = 18 [pid 5831] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] rt_sigaction(SIGRT_1, {sa_handler=0x7fc65d8210b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc65d812260}, NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc65d78f000 [pid 5831] mprotect(0x7fc65d790000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc65d7af990, parent_tid=0x7fc65d7af990, exit_signal=0, stack=0x7fc65d78f000, stack_size=0x20300, tls=0x7fc65d7af6c0}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7fc65d7affe0, 0x20, 0, 0x53053053 [pid 5831] <... clone3 resumed> => {parent_tid=[5832]}, 88) = 5832 [pid 5832] <... rseq resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] set_robust_list(0x7fc65d7af9a0, 24 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc655200000 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5832] munmap(0x7fc655200000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./file0", 0777) = 0 [pid 5832] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./file0") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 91.242301][ T5832] loop0: detected capacity change from 0 to 32768 [pid 5832] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... futex resumed>) = 1 [pid 5832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5832] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5832] futex(0x7fc65d8886c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5832] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5831] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5831] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc65d76e000 [pid 5831] mprotect(0x7fc65d76f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc65d78e990, parent_tid=0x7fc65d78e990, exit_signal=0, stack=0x7fc65d76e000, stack_size=0x20300, tls=0x7fc65d78e6c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7fc65d78efe0, 0x20, 0, 0x53053053) = 0 [pid 5831] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] futex(0x7fc65d8886d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] set_robust_list(0x7fc65d78e9a0, 24 [pid 5831] <... futex resumed>) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] futex(0x7fc65d8886dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5833] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5833] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5831] futex(0x7fc65d8886d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.439411][ T5833] ERROR: (device loop0): dtSearch: stack overrun! [ 91.439411][ T5833] [ 91.449912][ T5833] ERROR: (device loop0): remounting filesystem as read-only [ 91.459164][ T5833] btstack dump: [ 91.463600][ T5833] bn = 0, index = 0 [ 91.468639][ T5833] bn = 0, index = 0 [ 91.473152][ T5833] bn = 0, index = 0 [ 91.477015][ T5833] bn = 0, index = 0 [ 91.480953][ T5833] bn = 0, index = 0 [ 91.484941][ T5833] bn = 0, index = 0 [pid 5831] futex(0x7fc65d8886dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5833] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.488825][ T5833] bn = 0, index = 0 [ 91.493072][ T5833] bn = 0, index = 0 [ 91.496970][ T5833] jfs_rename did not expect dtDelete to return rc = -5 [ 91.504423][ T5833] ERROR: (device loop0): jfs_rename: [ 91.504423][ T5833] [pid 5833] futex(0x7fc65d8886d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] exit_group(0 [pid 5833] <... futex resumed>) = ? [pid 5832] <... write resumed>) = ? [pid 5831] <... exit_group resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=56 /* 0.56 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555562cde730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555562ce6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555562ce6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555562cde730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached , child_tidptr=0x555562cdd690) = 5834 [pid 5834] set_robust_list(0x555562cdd6a0, 24) = 0 [pid 5834] chdir("./1") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5834] write(1, "executing program\n", 18) = 18 [pid 5834] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7fc65d8210b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc65d812260}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc65d78f000 [pid 5834] mprotect(0x7fc65d790000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc65d7af990, parent_tid=0x7fc65d7af990, exit_signal=0, stack=0x7fc65d78f000, stack_size=0x20300, tls=0x7fc65d7af6c0}./strace-static-x86_64: Process 5835 attached [pid 5835] rseq(0x7fc65d7affe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5835]}, 88) = 5835 [pid 5835] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] set_robust_list(0x7fc65d7af9a0, 24 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc655200000 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5835] munmap(0x7fc655200000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./file0", 0777) = 0 [pid 5835] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./file0") = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5835] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7fc65d8886c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5834] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 4 [pid 5835] futex(0x7fc65d8886cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7fc65d8886c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fc65d8886c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [ 92.826331][ T5835] loop0: detected capacity change from 0 to 32768 [pid 5835] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5834] futex(0x7fc65d8886cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc65d76e000 [pid 5834] mprotect(0x7fc65d76f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fc65d78e990, parent_tid=0x7fc65d78e990, exit_signal=0, stack=0x7fc65d76e000, stack_size=0x20300, tls=0x7fc65d78e6c0}./strace-static-x86_64: Process 5836 attached => {parent_tid=[5836]}, 88) = 5836 [pid 5836] rseq(0x7fc65d78efe0, 0x20, 0, 0x53053053) = 0 [pid 5836] set_robust_list(0x7fc65d78e9a0, 24) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5836] futex(0x7fc65d8886d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] futex(0x7fc65d8886d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5836] open_tree(AT_FDCWD, "./file0", 0 [pid 5834] futex(0x7fc65d8886dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... open_tree resumed>) = 5 [pid 5836] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5836] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5834] futex(0x7fc65d8886d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7fc65d8886dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 92.974294][ T5836] ERROR: (device loop0): dtSearch: stack overrun! [ 92.974294][ T5836] [ 92.983934][ T5836] ERROR: (device loop0): remounting filesystem as read-only [ 92.991510][ T5836] btstack dump: [ 92.995043][ T5836] bn = 0, index = 0 [ 92.998951][ T5836] bn = 0, index = 0 [ 93.002890][ T5836] bn = 0, index = 0 [ 93.007004][ T5836] bn = 0, index = 0 [ 93.010881][ T5836] bn = 0, index = 0 [ 93.015316][ T5836] bn = 0, index = 0 [ 93.019580][ T5836] bn = 0, index = 0 [pid 5836] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5836] futex(0x7fc65d8886dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.024544][ T5836] bn = 0, index = 0 [ 93.028564][ T5836] jfs_rename did not expect dtDelete to return rc = -5 [ 93.036366][ T5836] ERROR: (device loop0): jfs_rename: [ 93.036366][ T5836] [pid 5836] futex(0x7fc65d8886d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] exit_group(0 [pid 5836] <... futex resumed>) = ? [pid 5834] <... exit_group resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5835] <... write resumed>) = ? [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=69 /* 0.69 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555562cde730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 93.683025][ T5829] ------------[ cut here ]------------ [ 93.689038][ T5829] kernel BUG at fs/jfs/inode.c:169! [ 93.694396][ T5829] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 93.700836][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor120 Not tainted 6.15.0-rc2-syzkaller #0 PREEMPT(full) [ 93.711624][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.721699][ T5829] RIP: 0010:jfs_evict_inode+0x437/0x440 [ 93.727263][ T5829] Code: df e8 dd e6 d2 fe e9 1d fe ff ff e8 73 3e 6b fe 48 c7 c7 40 f2 15 8f 4c 89 ee e8 84 db e0 01 e9 8f fd ff ff e8 5a 3e 6b fe 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 93.746882][ T5829] RSP: 0018:ffffc90003d4f958 EFLAGS: 00010293 [ 93.752967][ T5829] RAX: ffffffff83580616 RBX: ffff888076a32ed0 RCX: ffff88807e4c9e00 [ 93.760958][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888076a33248 [ 93.769042][ T5829] RBP: ffffc90003d4fad0 R08: ffffffff8261ae63 R09: 1ffffffff20bd6ee [ 93.777024][ T5829] R10: dffffc0000000000 R11: ffffffff8357e2c0 R12: ffff888076a33248 [ 93.784999][ T5829] R13: ffff888076a33248 R14: dffffc0000000000 R15: ffffc90003d4fa20 [ 93.792994][ T5829] FS: 0000555562cdd3c0(0000) GS:ffff888124fc9000(0000) knlGS:0000000000000000 [ 93.801970][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.808560][ T5829] CR2: 0000555562ce6738 CR3: 0000000079e52000 CR4: 00000000003526f0 [ 93.816543][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 93.824608][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 93.832684][ T5829] Call Trace: [ 93.835983][ T5829] [ 93.838930][ T5829] ? __pfx_jfs_evict_inode+0x10/0x10 [ 93.844265][ T5829] evict+0x4f9/0x9b0 [ 93.848205][ T5829] ? __pfx_evict+0x10/0x10 [ 93.852750][ T5829] ? do_raw_spin_unlock+0x13c/0x8b0 [ 93.858090][ T5829] evict_inodes+0x6f8/0x7a0 [ 93.862651][ T5829] ? __pfx_evict_inodes+0x10/0x10 [ 93.867688][ T5829] ? dput+0x37/0x2b0 [ 93.871596][ T5829] generic_shutdown_super+0xa0/0x2d0 [ 93.876900][ T5829] kill_block_super+0x44/0x90 [ 93.881594][ T5829] deactivate_locked_super+0xc4/0x130 [ 93.887001][ T5829] cleanup_mnt+0x422/0x4c0 [ 93.891462][ T5829] ? lockdep_hardirqs_on+0x9d/0x150 [ 93.896715][ T5829] task_work_run+0x251/0x310 [ 93.901431][ T5829] ? __pfx_task_work_run+0x10/0x10 [ 93.906566][ T5829] ? path_umount+0x251/0xfb0 [ 93.911189][ T5829] ptrace_notify+0x2dc/0x390 [ 93.915948][ T5829] ? __x64_sys_umount+0x122/0x170 [ 93.920994][ T5829] ? user_path_at+0x44/0x60 [ 93.925600][ T5829] ? __pfx_ptrace_notify+0x10/0x10 [ 93.930727][ T5829] ? kmem_cache_free+0x197/0x410 [ 93.935684][ T5829] ? __x64_sys_umount+0x122/0x170 [ 93.941028][ T5829] syscall_exit_work+0xc7/0x1d0 [ 93.945889][ T5829] syscall_exit_to_user_mode+0x24a/0x340 [ 93.951536][ T5829] do_syscall_64+0x100/0x230 [ 93.956157][ T5829] ? clear_bhb_loop+0x45/0xa0 [ 93.960851][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.966900][ T5829] RIP: 0033:0x7fc65d7fbef7 [ 93.971436][ T5829] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 93.991314][ T5829] RSP: 002b:00007ffd79e358e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 93.999826][ T5829] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fc65d7fbef7 [ 94.007812][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd79e359a0 [ 94.015899][ T5829] RBP: 00007ffd79e359a0 R08: 0000000000000000 R09: 0000000000000000 [ 94.023896][ T5829] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffd79e36a60 [ 94.032147][ T5829] R13: 0000555562cde700 R14: 431bde82d7b634db R15: 00007ffd79e36a04 [ 94.040307][ T5829] [ 94.043351][ T5829] Modules linked in: [ 94.047614][ T5829] ---[ end trace 0000000000000000 ]--- [ 94.053299][ T5829] RIP: 0010:jfs_evict_inode+0x437/0x440 [ 94.058897][ T5829] Code: df e8 dd e6 d2 fe e9 1d fe ff ff e8 73 3e 6b fe 48 c7 c7 40 f2 15 8f 4c 89 ee e8 84 db e0 01 e9 8f fd ff ff e8 5a 3e 6b fe 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 94.078912][ T5829] RSP: 0018:ffffc90003d4f958 EFLAGS: 00010293 [ 94.085624][ T5829] RAX: ffffffff83580616 RBX: ffff888076a32ed0 RCX: ffff88807e4c9e00 [ 94.093914][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888076a33248 [ 94.102132][ T5829] RBP: ffffc90003d4fad0 R08: ffffffff8261ae63 R09: 1ffffffff20bd6ee [ 94.110115][ T5829] R10: dffffc0000000000 R11: ffffffff8357e2c0 R12: ffff888076a33248 [ 94.118354][ T5829] R13: ffff888076a33248 R14: dffffc0000000000 R15: ffffc90003d4fa20 [ 94.126395][ T5829] FS: 0000555562cdd3c0(0000) GS:ffff888124fc9000(0000) knlGS:0000000000000000 [ 94.135390][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.142235][ T5829] CR2: 0000555562ce6738 CR3: 0000000079e52000 CR4: 00000000003526f0 [ 94.150335][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 94.158600][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 94.166678][ T5829] Kernel panic - not syncing: Fatal exception [ 94.173043][ T5829] Kernel Offset: disabled [ 94.177400][ T5829] Rebooting in 86400 seconds..