./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1310445386 <...> Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. execve("./syz-executor1310445386", ["./syz-executor1310445386"], 0x7fff47c57f20 /* 10 vars */) = 0 brk(NULL) = 0x5555755fe000 brk(0x5555755fed00) = 0x5555755fed00 arch_prctl(ARCH_SET_FS, 0x5555755fe380) = 0 set_tid_address(0x5555755fe650) = 5840 set_robust_list(0x5555755fe660, 24) = 0 rseq(0x5555755feca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1310445386", 4096) = 28 getrandom("\x37\x40\x4d\x03\x15\xd7\xb6\x45", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555755fed00 brk(0x55557561fd00) = 0x55557561fd00 brk(0x555575620000) = 0x555575620000 mprotect(0x7f256ee8a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.jxVtQs", 0700) = 0 chmod("./syzkaller.jxVtQs", 0777) = 0 chdir("./syzkaller.jxVtQs") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x5555755fe650) = 5842 [pid 5842] set_robust_list(0x5555755fe660, 24) = 0 [pid 5842] chdir("./0") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5842] write(1, "executing program\n", 18) = 18 [pid 5842] memfd_create("syzkaller", 0) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5842] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5842] munmap(0x7f2566800000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./file0", 0777) = 0 [ 76.072362][ T5842] loop0: detected capacity change from 0 to 128 [ 76.091395][ T5842] ======================================================= [ 76.091395][ T5842] WARNING: The mand mount option has been deprecated and [ 76.091395][ T5842] and is ignored by this kernel. Remove the mand [ 76.091395][ T5842] option from the mount to silence this warning. [ 76.091395][ T5842] ======================================================= [ 76.129966][ T5842] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 76.141820][ T5842] hpfs: filesystem error: improperly stopped [ 76.148332][ T5842] hpfs: You really don't want any checks? You are crazy... [ 76.156434][ T5842] hpfs: hpfs_map_sector(): read error [ 76.161812][ T5842] hpfs: code page support is disabled [pid 5842] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file0") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] exit_group(0) = ? [pid 5842] +++ exited with 0 +++ [ 76.167827][ T5842] hpfs: hpfs_map_sector(): read error [ 76.173854][ T5842] hpfs: hpfs_map_sector(): read error [ 76.179221][ T5842] hpfs: hpfs_map_sector(): read error [ 76.184646][ T5842] hpfs: hpfs_map_sector(): read error [ 76.190024][ T5842] hpfs: hpfs_map_4sectors(): unaligned read [ 76.196013][ T5842] hpfs: hpfs_map_4sectors(): unaligned read [ 76.201905][ T5842] hpfs: filesystem error: unable to find root dir --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached , child_tidptr=0x5555755fe650) = 5843 [pid 5843] set_robust_list(0x5555755fe660, 24) = 0 [pid 5843] chdir("./1") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5843] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5843] munmap(0x7f2566800000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [ 76.473307][ T5843] loop0: detected capacity change from 0 to 128 [ 76.495333][ T5843] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 76.507376][ T5843] hpfs: filesystem error: improperly stopped [ 76.513499][ T5843] hpfs: You really don't want any checks? You are crazy... [pid 5843] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [ 76.521125][ T5843] hpfs: hpfs_map_sector(): read error [ 76.527672][ T5843] hpfs: code page support is disabled [ 76.533810][ T5843] hpfs: hpfs_map_sector(): read error [ 76.539185][ T5843] hpfs: hpfs_map_sector(): read error [ 76.544621][ T5843] hpfs: hpfs_map_sector(): read error [ 76.550001][ T5843] hpfs: hpfs_map_sector(): read error [ 76.555493][ T5843] hpfs: hpfs_map_4sectors(): unaligned read [ 76.561407][ T5843] hpfs: hpfs_map_4sectors(): unaligned read [ 76.567328][ T5843] hpfs: filesystem error: unable to find root dir [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached [pid 5844] set_robust_list(0x5555755fe660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5844 [pid 5844] chdir("./2") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5844] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5844] munmap(0x7f2566800000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file0", 0777) = 0 [ 76.719771][ T5844] loop0: detected capacity change from 0 to 128 [ 76.732473][ T5844] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 76.745024][ T5844] hpfs: filesystem error: improperly stopped [ 76.751135][ T5844] hpfs: You really don't want any checks? You are crazy... [ 76.759576][ T5844] hpfs: hpfs_map_sector(): read error [pid 5844] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file0") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5844] exit_group(0) = ? [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 76.765291][ T5844] hpfs: code page support is disabled [ 76.771058][ T5844] hpfs: hpfs_map_sector(): read error [ 76.776875][ T5844] hpfs: hpfs_map_sector(): read error [ 76.782446][ T5844] hpfs: hpfs_map_sector(): read error [ 76.788335][ T5844] hpfs: hpfs_map_sector(): read error [ 76.794034][ T5844] hpfs: hpfs_map_4sectors(): unaligned read [ 76.799997][ T5844] hpfs: hpfs_map_4sectors(): unaligned read [ 76.806184][ T5844] hpfs: filesystem error: unable to find root dir restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached [pid 5845] set_robust_list(0x5555755fe660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5845 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5845] chdir("./3") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5845] write(1, "executing program\n", 18) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5845] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5845] munmap(0x7f2566800000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file0", 0777) = 0 [ 76.953686][ T5845] loop0: detected capacity change from 0 to 128 [ 76.980922][ T5845] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 76.992779][ T5845] hpfs: filesystem error: improperly stopped [ 76.998773][ T5845] hpfs: You really don't want any checks? You are crazy... [ 77.006307][ T5845] hpfs: hpfs_map_sector(): read error [ 77.011672][ T5845] hpfs: code page support is disabled [ 77.017956][ T5845] hpfs: hpfs_map_sector(): read error [ 77.024073][ T5845] hpfs: hpfs_map_sector(): read error [ 77.029463][ T5845] hpfs: hpfs_map_sector(): read error [ 77.035303][ T5845] hpfs: hpfs_map_sector(): read error [ 77.040694][ T5845] hpfs: hpfs_map_4sectors(): unaligned read [ 77.046949][ T5845] hpfs: hpfs_map_4sectors(): unaligned read [pid 5845] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file0") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 77.053158][ T5845] hpfs: filesystem error: unable to find root dir umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached , child_tidptr=0x5555755fe650) = 5846 [pid 5846] set_robust_list(0x5555755fe660, 24) = 0 [pid 5846] chdir("./4") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5846] write(1, "executing program\n", 18) = 18 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5846] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5846] munmap(0x7f2566800000, 138412032) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [ 77.489555][ T5846] loop0: detected capacity change from 0 to 128 [ 77.522508][ T5846] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 77.534260][ T5846] hpfs: filesystem error: improperly stopped [ 77.540252][ T5846] hpfs: You really don't want any checks? You are crazy... [ 77.547915][ T5846] hpfs: hpfs_map_sector(): read error [ 77.553323][ T5846] hpfs: code page support is disabled [ 77.559370][ T5846] hpfs: hpfs_map_sector(): read error [ 77.564807][ T5846] hpfs: hpfs_map_sector(): read error [ 77.570186][ T5846] hpfs: hpfs_map_sector(): read error [ 77.575785][ T5846] hpfs: hpfs_map_sector(): read error [ 77.581142][ T5846] hpfs: hpfs_map_4sectors(): unaligned read [pid 5846] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./file0") = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5846] exit_group(0) = ? [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 77.587085][ T5846] hpfs: hpfs_map_4sectors(): unaligned read [ 77.593021][ T5846] hpfs: filesystem error: unable to find root dir restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x5555755fe650) = 5847 [pid 5847] set_robust_list(0x5555755fe660, 24) = 0 [pid 5847] chdir("./5") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] write(1, "executing program\n", 18executing program ) = 18 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5847] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5847] munmap(0x7f2566800000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("./file0", 0777) = 0 [ 78.051258][ T5847] loop0: detected capacity change from 0 to 128 [ 78.108058][ T5847] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 78.120333][ T5847] hpfs: filesystem error: improperly stopped [ 78.126786][ T5847] hpfs: You really don't want any checks? You are crazy... [ 78.134240][ T5847] hpfs: hpfs_map_sector(): read error [ 78.139602][ T5847] hpfs: code page support is disabled [ 78.145619][ T5847] hpfs: hpfs_map_sector(): read error [ 78.151005][ T5847] hpfs: hpfs_map_sector(): read error [pid 5847] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./file0") = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.156454][ T5847] hpfs: hpfs_map_sector(): read error [ 78.161835][ T5847] hpfs: hpfs_map_sector(): read error [ 78.167315][ T5847] hpfs: hpfs_map_4sectors(): unaligned read [ 78.173292][ T5847] hpfs: hpfs_map_4sectors(): unaligned read [ 78.179202][ T5847] hpfs: filesystem error: unable to find root dir [pid 5847] exit_group(0) = ? [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x5555755fe660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5848 [pid 5848] chdir("./6") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] write(1, "executing program\n", 18executing program ) = 18 [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5848] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5848] munmap(0x7f2566800000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file0", 0777) = 0 [ 78.518586][ T5848] loop0: detected capacity change from 0 to 128 [ 78.549635][ T5848] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 78.567237][ T5848] hpfs: filesystem error: improperly stopped [ 78.573715][ T5848] hpfs: You really don't want any checks? You are crazy... [ 78.581503][ T5848] hpfs: hpfs_map_sector(): read error [ 78.587006][ T5848] hpfs: code page support is disabled [ 78.592981][ T5848] hpfs: hpfs_map_sector(): read error [ 78.598371][ T5848] hpfs: hpfs_map_sector(): read error [ 78.603821][ T5848] hpfs: hpfs_map_sector(): read error [ 78.609202][ T5848] hpfs: hpfs_map_sector(): read error [pid 5848] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./file0") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] exit_group(0) = ? [pid 5848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.614640][ T5848] hpfs: hpfs_map_4sectors(): unaligned read [ 78.620555][ T5848] hpfs: hpfs_map_4sectors(): unaligned read [ 78.626497][ T5848] hpfs: filesystem error: unable to find root dir openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x5555755fe660, 24 [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5849 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5849] chdir("./7") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5849] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5849] munmap(0x7f2566800000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./file0", 0777) = 0 [ 78.972461][ T5849] loop0: detected capacity change from 0 to 128 [ 78.999315][ T5849] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 79.011374][ T5849] hpfs: filesystem error: improperly stopped [ 79.017616][ T5849] hpfs: You really don't want any checks? You are crazy... [ 79.026279][ T5849] hpfs: hpfs_map_sector(): read error [ 79.031639][ T5849] hpfs: code page support is disabled [ 79.037480][ T5849] hpfs: hpfs_map_sector(): read error [ 79.043164][ T5849] hpfs: hpfs_map_sector(): read error [ 79.048542][ T5849] hpfs: hpfs_map_sector(): read error [ 79.054518][ T5849] hpfs: hpfs_map_sector(): read error [ 79.059889][ T5849] hpfs: hpfs_map_4sectors(): unaligned read [ 79.065824][ T5849] hpfs: hpfs_map_4sectors(): unaligned read [pid 5849] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file0") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5849] exit_group(0) = ? [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 79.071722][ T5849] hpfs: filesystem error: unable to find root dir newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x5555755fe660, 24) = 0 [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5850 [pid 5850] chdir("./8") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5850] write(1, "executing program\n", 18) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5850] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5850] munmap(0x7f2566800000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 79.453629][ T5850] loop0: detected capacity change from 0 to 128 [ 79.490283][ T5850] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 79.502876][ T5850] hpfs: filesystem error: improperly stopped [ 79.508906][ T5850] hpfs: You really don't want any checks? You are crazy... [ 79.518310][ T5850] hpfs: hpfs_map_sector(): read error [ 79.523746][ T5850] hpfs: code page support is disabled [ 79.529518][ T5850] hpfs: hpfs_map_sector(): read error [ 79.535006][ T5850] hpfs: hpfs_map_sector(): read error [ 79.540419][ T5850] hpfs: hpfs_map_sector(): read error [ 79.545859][ T5850] hpfs: hpfs_map_sector(): read error [pid 5850] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,errors=remount-ro,uid=0x0000000000000000,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 79.551231][ T5850] hpfs: hpfs_map_4sectors(): unaligned read [ 79.557171][ T5850] hpfs: hpfs_map_4sectors(): unaligned read [ 79.563108][ T5850] hpfs: filesystem error: unable to find root dir newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555755ff6f0 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555575607730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555575607730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555755ff6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x5555755fe660, 24) = 0 [pid 5851] chdir("./9" [pid 5840] <... clone resumed>, child_tidptr=0x5555755fe650) = 5851 [pid 5851] <... chdir resumed>) = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5851] write(1, "executing program\n", 18) = 18 [pid 5851] memfd_create("syzkaller", 0) = 3 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2566800000 [pid 5851] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5851] munmap(0x7f2566800000, 138412032) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] close(3) = 0 [pid 5851] close(4) = 0 [pid 5851] mkdir("./file0", 0777) = 0 [ 79.971495][ T5851] loop0: detected capacity change from 0 to 128 [ 79.997607][ T5851] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 80.009499][ T5851] hpfs: filesystem error: improperly stopped [ 80.016271][ T5851] hpfs: You really don't want any checks? You are crazy... [ 80.023969][ T5851] hpfs: hpfs_map_sector(): read error [ 80.029349][ T5851] hpfs: code page support is disabled [ 80.034999][ T5851] ================================================================== [ 80.043071][ T5851] BUG: KASAN: use-after-free in strcmp+0x6f/0xc0 [ 80.049402][ T5851] Read of size 1 at addr ffff8880121f78a6 by task syz-executor131/5851 [ 80.057618][ T5851] [ 80.059941][ T5851] CPU: 1 UID: 0 PID: 5851 Comm: syz-executor131 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 80.059954][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 80.059965][ T5851] Call Trace: [ 80.059973][ T5851] [ 80.059977][ T5851] dump_stack_lvl+0x189/0x250 [ 80.059990][ T5851] ? __virt_addr_valid+0x1c8/0x5c0 [ 80.060003][ T5851] ? rcu_is_watching+0x15/0xb0 [ 80.060013][ T5851] ? __kasan_check_byte+0x12/0x40 [ 80.060027][ T5851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.060037][ T5851] ? rcu_is_watching+0x15/0xb0 [ 80.060047][ T5851] ? lock_release+0x4b/0x3e0 [ 80.060057][ T5851] ? __virt_addr_valid+0x1c8/0x5c0 [ 80.060068][ T5851] ? __virt_addr_valid+0x4a5/0x5c0 [ 80.060079][ T5851] print_report+0xca/0x240 [ 80.060095][ T5851] ? strcmp+0x6f/0xc0 [ 80.060106][ T5851] kasan_report+0x118/0x150 [ 80.060116][ T5851] ? strcmp+0x6f/0xc0 [ 80.060129][ T5851] strcmp+0x6f/0xc0 [ 80.060140][ T5851] hpfs_get_ea+0x114/0xdb0 [ 80.060154][ T5851] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 80.060167][ T5851] ? __pfx_hpfs_get_ea+0x10/0x10 [ 80.060182][ T5851] ? __bread_gfp+0x2ff/0x3c0 [ 80.060194][ T5851] ? hpfs_map_sector+0x14f/0x380 [ 80.060205][ T5851] ? hpfs_map_fnode+0x27e/0x6a0 [ 80.060218][ T5851] ? set_normalized_timespec64+0xf0/0x1a0 [ 80.060233][ T5851] ? __lock_acquire+0xab9/0xd20 [ 80.060242][ T5851] hpfs_read_inode+0x19d/0x1010 [ 80.060257][ T5851] ? __pfx_hpfs_read_inode+0x10/0x10 [ 80.060269][ T5851] ? inode_set_ctime_to_ts+0x126/0x2f0 [ 80.060283][ T5851] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 80.060297][ T5851] ? do_raw_spin_unlock+0x122/0x240 [ 80.060311][ T5851] ? hpfs_init_inode+0x216/0x350 [ 80.060324][ T5851] hpfs_fill_super+0x12bd/0x2070 [ 80.060344][ T5851] ? __pfx_hpfs_fill_super+0x10/0x10 [ 80.060359][ T5851] ? __pfx_snprintf+0x10/0x10 [ 80.060372][ T5851] ? set_blocksize+0x21e/0x500 [ 80.060385][ T5851] ? sb_set_blocksize+0x104/0x180 [ 80.060396][ T5851] ? setup_bdev_super+0x4c1/0x5b0 [ 80.060406][ T5851] get_tree_bdev_flags+0x40e/0x4d0 [ 80.060417][ T5851] ? __pfx_hpfs_fill_super+0x10/0x10 [ 80.060432][ T5851] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 80.060440][ T5851] ? cap_capable+0x11f/0x460 [ 80.060450][ T5851] ? safesetid_security_capable+0xa9/0x1a0 [ 80.060463][ T5851] vfs_get_tree+0x92/0x2b0 [ 80.060472][ T5851] do_new_mount+0x24a/0xa40 [ 80.060484][ T5851] __se_sys_mount+0x317/0x410 [ 80.060496][ T5851] ? __pfx___se_sys_mount+0x10/0x10 [ 80.060506][ T5851] ? rcu_is_watching+0x15/0xb0 [ 80.060517][ T5851] ? __x64_sys_mount+0x20/0xc0 [ 80.060528][ T5851] do_syscall_64+0xfa/0x3b0 [ 80.060539][ T5851] ? lockdep_hardirqs_on+0x9c/0x150 [ 80.060548][ T5851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.060558][ T5851] ? clear_bhb_loop+0x60/0xb0 [ 80.060569][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.060578][ T5851] RIP: 0033:0x7f256ee0e5ea [ 80.060590][ T5851] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.060599][ T5851] RSP: 002b:00007fff486f3358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 80.060610][ T5851] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f256ee0e5ea [ 80.060618][ T5851] RDX: 0000200000009e80 RSI: 0000200000009ec0 RDI: 00007fff486f33a0 [ 80.060625][ T5851] RBP: 0000000000000004 R08: 00007fff486f33e0 R09: 0000000000009dff [ 80.060631][ T5851] R10: 0000000000000041 R11: 0000000000000202 R12: 0000200000009ec0 [ 80.060637][ T5851] R13: 00007fff486f33e0 R14: 0000000000010000 R15: 0000000000000003 [ 80.060647][ T5851] [ 80.060651][ T5851] [ 80.413230][ T5851] The buggy address belongs to the physical page: [ 80.419641][ T5851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f12b113e pfn:0x121f7 [ 80.429090][ T5851] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 80.436204][ T5851] raw: 00fff00000000000 ffffea0000487fc8 ffffea000048ab08 0000000000000000 [ 80.444781][ T5851] raw: 00000007f12b113e 0000000000000000 00000000ffffffff 0000000000000000 [ 80.453354][ T5851] page dumped because: kasan: bad access detected [ 80.459761][ T5851] page_owner tracks the page as freed [ 80.465120][ T5851] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 5828, tgid 5828 (sshd-session), ts 68725182243, free_ts 68768339503 [ 80.483782][ T5851] post_alloc_hook+0x240/0x2a0 [ 80.488545][ T5851] get_page_from_freelist+0x21d5/0x22b0 [ 80.494088][ T5851] __alloc_frozen_pages_noprof+0x181/0x370 [ 80.499985][ T5851] alloc_pages_mpol+0x232/0x4a0 [ 80.505005][ T5851] vma_alloc_folio_noprof+0xe4/0x200 [ 80.510282][ T5851] folio_prealloc+0x30/0x180 [ 80.514864][ T5851] __handle_mm_fault+0x2c88/0x5620 [ 80.519982][ T5851] handle_mm_fault+0x2d5/0x7f0 [ 80.524750][ T5851] do_user_addr_fault+0xa81/0x1390 [ 80.529873][ T5851] exc_page_fault+0x76/0xf0 [ 80.534368][ T5851] asm_exc_page_fault+0x26/0x30 [ 80.539210][ T5851] page last free pid 5828 tgid 5828 stack trace: [ 80.545523][ T5851] free_unref_folios+0xcd2/0x1570 [ 80.550541][ T5851] folios_put_refs+0x559/0x640 [ 80.555298][ T5851] free_pages_and_swap_cache+0x277/0x520 [ 80.560927][ T5851] tlb_flush_mmu+0x3a0/0x680 [ 80.565513][ T5851] tlb_finish_mmu+0xc3/0x1d0 [ 80.570099][ T5851] vms_clear_ptes+0x42c/0x540 [ 80.574777][ T5851] vms_complete_munmap_vmas+0x206/0x8a0 [ 80.580318][ T5851] do_vmi_align_munmap+0x358/0x420 [ 80.585428][ T5851] do_vmi_munmap+0x253/0x2e0 [ 80.590013][ T5851] __vm_munmap+0x23b/0x3d0 [ 80.594427][ T5851] __x64_sys_munmap+0x60/0x70 [ 80.599098][ T5851] do_syscall_64+0xfa/0x3b0 [ 80.603595][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.609480][ T5851] [ 80.611796][ T5851] Memory state around the buggy address: [ 80.617414][ T5851] ffff8880121f7780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.625467][ T5851] ffff8880121f7800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.633516][ T5851] >ffff8880121f7880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.641565][ T5851] ^ [ 80.646665][ T5851] ffff8880121f7900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.654718][ T5851] ffff8880121f7980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 80.662770][ T5851] ================================================================== [ 80.671959][ T5851] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.679183][ T5851] CPU: 0 UID: 0 PID: 5851 Comm: syz-executor131 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) [ 80.691588][ T5851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 80.701642][ T5851] Call Trace: [ 80.704918][ T5851] [ 80.707842][ T5851] dump_stack_lvl+0x99/0x250 [ 80.712430][ T5851] ? __asan_memcpy+0x40/0x70 [ 80.717021][ T5851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.722213][ T5851] ? __pfx__printk+0x10/0x10 [ 80.726807][ T5851] panic+0x2db/0x790 [ 80.730707][ T5851] ? __pfx_preempt_schedule+0x10/0x10 [ 80.736077][ T5851] ? __pfx_panic+0x10/0x10 [ 80.740490][ T5851] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 80.746388][ T5851] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 80.752723][ T5851] ? strcmp+0x6f/0xc0 [ 80.756706][ T5851] check_panic_on_warn+0x89/0xb0 [ 80.761646][ T5851] ? strcmp+0x6f/0xc0 [ 80.765625][ T5851] end_report+0x78/0x160 [ 80.769864][ T5851] kasan_report+0x129/0x150 [ 80.774362][ T5851] ? strcmp+0x6f/0xc0 [ 80.778343][ T5851] strcmp+0x6f/0xc0 [ 80.782150][ T5851] hpfs_get_ea+0x114/0xdb0 [ 80.786565][ T5851] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 80.792721][ T5851] ? __pfx_hpfs_get_ea+0x10/0x10 [ 80.797663][ T5851] ? __bread_gfp+0x2ff/0x3c0 [ 80.802253][ T5851] ? hpfs_map_sector+0x14f/0x380 [ 80.807190][ T5851] ? hpfs_map_fnode+0x27e/0x6a0 [ 80.812039][ T5851] ? set_normalized_timespec64+0xf0/0x1a0 [ 80.817758][ T5851] ? __lock_acquire+0xab9/0xd20 [ 80.822605][ T5851] hpfs_read_inode+0x19d/0x1010 [ 80.827457][ T5851] ? __pfx_hpfs_read_inode+0x10/0x10 [ 80.832741][ T5851] ? inode_set_ctime_to_ts+0x126/0x2f0 [ 80.838200][ T5851] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 80.844009][ T5851] ? do_raw_spin_unlock+0x122/0x240 [ 80.849214][ T5851] ? hpfs_init_inode+0x216/0x350 [ 80.854152][ T5851] hpfs_fill_super+0x12bd/0x2070 [ 80.859102][ T5851] ? __pfx_hpfs_fill_super+0x10/0x10 [ 80.864391][ T5851] ? __pfx_snprintf+0x10/0x10 [ 80.869069][ T5851] ? set_blocksize+0x21e/0x500 [ 80.873832][ T5851] ? sb_set_blocksize+0x104/0x180 [ 80.878856][ T5851] ? setup_bdev_super+0x4c1/0x5b0 [ 80.883876][ T5851] get_tree_bdev_flags+0x40e/0x4d0 [ 80.888980][ T5851] ? __pfx_hpfs_fill_super+0x10/0x10 [ 80.894265][ T5851] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 80.899889][ T5851] ? cap_capable+0x11f/0x460 [ 80.904477][ T5851] ? safesetid_security_capable+0xa9/0x1a0 [ 80.910281][ T5851] vfs_get_tree+0x92/0x2b0 [ 80.914697][ T5851] do_new_mount+0x24a/0xa40 [ 80.919201][ T5851] __se_sys_mount+0x317/0x410 [ 80.923876][ T5851] ? __pfx___se_sys_mount+0x10/0x10 [ 80.929067][ T5851] ? rcu_is_watching+0x15/0xb0 [ 80.933831][ T5851] ? __x64_sys_mount+0x20/0xc0 [ 80.938594][ T5851] do_syscall_64+0xfa/0x3b0 [ 80.943099][ T5851] ? lockdep_hardirqs_on+0x9c/0x150 [ 80.948291][ T5851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.954352][ T5851] ? clear_bhb_loop+0x60/0xb0 [ 80.959024][ T5851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.964915][ T5851] RIP: 0033:0x7f256ee0e5ea [ 80.969324][ T5851] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.988925][ T5851] RSP: 002b:00007fff486f3358 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 80.997337][ T5851] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f256ee0e5ea [ 81.005311][ T5851] RDX: 0000200000009e80 RSI: 0000200000009ec0 RDI: 00007fff486f33a0 [ 81.013285][ T5851] RBP: 0000000000000004 R08: 00007fff486f33e0 R09: 0000000000009dff [ 81.021256][ T5851] R10: 0000000000000041 R11: 0000000000000202 R12: 0000200000009ec0 [ 81.029224][ T5851] R13: 00007fff486f33e0 R14: 0000000000010000 R15: 0000000000000003 [ 81.037204][ T5851] [ 81.040439][ T5851] Kernel Offset: disabled [ 81.044754][ T5851] Rebooting in 86400 seconds..