./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1352177593 <...> forked to background, child pid 3186 no interfaces have a carrier [ 23.177959][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.189729][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. execve("./syz-executor1352177593", ["./syz-executor1352177593"], 0x7ffece9597b0 /* 10 vars */) = 0 brk(NULL) = 0x555555f38000 brk(0x555555f38c40) = 0x555555f38c40 arch_prctl(ARCH_SET_FS, 0x555555f38300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555f385d0) = 3614 set_robust_list(0x555555f385e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fd6319fbb30, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fd6319fc200}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fd6319fbbd0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd6319fc200}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1352177593", 4096) = 28 brk(0x555555f59c40) = 0x555555f59c40 brk(0x555555f5a000) = 0x555555f5a000 mprotect(0x7fd631abd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3614 mkdir("./syzkaller.462iIr", 0700) = 0 chmod("./syzkaller.462iIr", 0777) = 0 chdir("./syzkaller.462iIr") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f385d0) = 3615 ./strace-static-x86_64: Process 3615 attached [pid 3615] set_robust_list(0x555555f385e0, 24) = 0 [pid 3615] chdir("./0") = 0 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3615] futex(0x7fd631ac34ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd6319cb000 [pid 3615] mprotect(0x7fd6319cc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3615] clone(child_stack=0x7fd6319eb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3617], tls=0x7fd6319eb700, child_tidptr=0x7fd6319eb9d0) = 3617 [pid 3615] futex(0x7fd631ac34a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7fd631ac34ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000}./strace-static-x86_64: Process 3617 attached [pid 3617] set_robust_list(0x7fd6319eb9e0, 24) = 0 [pid 3617] memfd_create("syzkaller", 0) = 3 [pid 3617] ftruncate(3, 33077) = 0 [pid 3617] pwrite64(3, "\x60\x1c\x6d\x6b\x64\x6f\x73\x66\x90\xe6\xb1\x00\x08\x01\x01\x00\x04\x40\x00\x20\x00\xf8\x01\x00\x10\x00\x02\x00\x03\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x7d\x92\xd6\xcb\xe5\xd9\x15\x00\x7b\xf7\xd7\xef\xdf\x73\x0c\x3d\x67\xac\x38\x9a\x1c\xda\x44\x0a\x25\xe1\xc3\x0c\x10\xfc\xd6\xdc", 88, 0) = 88 [pid 3617] pwrite64(3, "\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x08\x00\x00\x07\x60\x2c\x55\x2c\x55\x00\x00\x15\x60\x2c\x55\x00\x00\x00\x00\x00\x00\x41\x66\x00\x69\x00\x6c\x00\x65\x00\x30\x80\x0f\x00\xfc\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xdf\xf2\xff\x46\x49\x4c\x45\x30\x20\x20\x20\x20\x20\x20\x10\x00\x7f\x15\x60\x2c\x55\x2c\x55\x00\x00\x15\x60\x2c\x55\x03\x00\x00\x00\x00\x00\x6f\x7a\x00\x69"..., 798, 10240) = 798 [pid 3617] pwrite64(3, "\x00\xba\x1f\x9d\xf7\x25\x7e\xb9\x87", 9, 16384) = 9 [pid 3617] pwrite64(3, "\xf8\xff\x07\x00\xf0\xff\x4f\xc4\xfe\x26\x80\x00\x09\xa0\x00\xc8\xa6\x00", 18, 16393) = 18 [pid 3617] pwrite64(3, "\x73\xc0\xd2\x8b\xde\xef\xe2\x35\x25\x97\x75\xdb\xad\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\x61\x6c\xec\x65\x72\x65\x72\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x6a\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\xb6\x6c\x65\x72\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x53\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\xee\x82\xc1\x1b\x5a\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\x62\x6c\x6c\xdf\xd0\x57"..., 306, 32771) = 306 [pid 3617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3617] mkdir("./file0", 0777) = 0 [pid 3617] mount("/dev/loop0", "./file0", "vfat", MS_SYNCHRONOUS|MS_SILENT, "nfs,errors=continue,shortname=winnt,") = 0 [pid 3617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3617] chdir("./file0") = 0 [pid 3617] ioctl(4, LOOP_CLR_FD) = 0 [pid 3617] close(4) = 0 [pid 3617] close(3) = 0 [pid 3617] futex(0x7fd631ac34ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3617] futex(0x7fd631ac34a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3615] futex(0x7fd631ac34a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3615] <... futex resumed>) = 0 [pid 3617] mkdir("./file1", 000 [pid 3615] futex(0x7fd631ac34ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3617] <... mkdir resumed>) = 0 [pid 3617] futex(0x7fd631ac34ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 3615] <... futex resumed>) = 0 [pid 3615] futex(0x7fd631ac34a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7fd631ac34bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3617] <... futex resumed>) = 1 [pid 3615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 3617] mkdir("./file1/file0", 000 [pid 3615] <... mmap resumed>) = 0x7fd6319aa000 [pid 3615] mprotect(0x7fd6319ab000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3615] clone(child_stack=0x7fd6319ca3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3618 attached , parent_tid=[3618], tls=0x7fd6319ca700, child_tidptr=0x7fd6319ca9d0) = 3618 [pid 3615] futex(0x7fd631ac34b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3615] futex(0x7fd631ac34bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3618] set_robust_list(0x7fd6319ca9e0, 24 [pid 3617] <... mkdir resumed>) = 0 [pid 3618] <... set_robust_list resumed>) = 0 [pid 3617] mkdir("./file1/file0", 000 [pid 3618] rmdir("./file0/file0" [pid 3617] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000) = 0 [pid 3617] mkdir("./file1/file0", 000) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000) = -1 EEXIST (File exists) [pid 3618] <... rmdir resumed>) = 0 [pid 3617] mkdir("./file1/file0", 000 [pid 3618] rmdir("./file0/file0" [pid 3617] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 3617] mkdir("./file1/file0", 000 [pid 3618] <... rmdir resumed>) = 0 [pid 3618] rmdir("./file0/file0" [pid 3617] <... mkdir resumed>) = 0 [pid 3617] mkdir("./file1/file0", 000 [pid 3618] <... rmdir resumed>) = 0 [pid 3618] rmdir("./file0/file0" [pid 3617] <... mkdir resumed>) = 0 syzkaller login: [ 47.529246][ T3617] loop0: detected capacity change from 0 to 64 [pid 3617] mkdir("./file1/file0", 000 [pid 3615] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3615] futex(0x7fd631ac34bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3615] futex(0x7fd631ac34bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 47.585424][ T3618] ------------[ cut here ]------------ [ 47.591056][ T3618] WARNING: CPU: 0 PID: 3618 at fs/inode.c:330 drop_nlink+0xb7/0x110 [ 47.599445][ T3618] Modules linked in: [ 47.603369][ T3618] CPU: 0 PID: 3618 Comm: syz-executor135 Not tainted 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 [ 47.614111][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 47.625809][ T3618] RIP: 0010:drop_nlink+0xb7/0x110 [ 47.630847][ T3618] Code: 28 be 08 00 00 00 48 8d bb c0 07 00 00 e8 11 72 ea ff f0 48 ff 83 c0 07 00 00 5b 5d 41 5c 41 5d e9 0e 1a 9e ff e8 09 1a 9e ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 [ 47.651298][ T3618] RSP: 0018:ffffc90003c6fca8 EFLAGS: 00010293 [ 47.657773][ T3618] RAX: 0000000000000000 RBX: ffff888072c7a0d0 RCX: 0000000000000000 [ 47.665999][ T3618] RDX: ffff888020158000 RSI: ffffffff81de9277 RDI: 0000000000000005 [ 47.673979][ T3618] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 47.682212][ T3618] R10: 0000000000000000 R11: 1ffffffff17f2619 R12: 00000000ffffffff [ 47.690372][ T3618] R13: ffff888072c7a118 R14: ffff888072c7a0d0 R15: ffff88801c5e2000 [ 47.698540][ T3618] FS: 00007fd6319ca700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 47.707891][ T3618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.714488][ T3618] CR2: 00007fd6319ec000 CR3: 000000006fd20000 CR4: 0000000000350ef0 [ 47.722772][ T3618] Call Trace: [ 47.726261][ T3618] [ 47.729193][ T3618] vfat_rmdir+0x2ec/0x4a0 [pid 3615] exit_group(0) = ? [ 47.733525][ T3618] ? vfat_unlink+0x480/0x480 [ 47.738543][ T3618] ? down_write_killable_nested+0x250/0x250 [ 47.744494][ T3618] vfs_rmdir.part.0+0x1b0/0x5a0 [ 47.749591][ T3618] do_rmdir+0x3a6/0x430 [ 47.754055][ T3618] ? __ia32_sys_mkdir+0x140/0x140 [ 47.759331][ T3618] ? getname_flags.part.0+0x1dd/0x4f0 [ 47.764701][ T3618] __x64_sys_rmdir+0xc6/0x110 [ 47.769619][ T3618] do_syscall_64+0x35/0xb0 [ 47.774048][ T3618] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.780251][ T3618] RIP: 0033:0x7fd631a3ec09 [ 47.784682][ T3618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 47.804470][ T3618] RSP: 002b:00007fd6319ca2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 47.812943][ T3618] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00007fd631a3ec09 [ 47.820972][ T3618] RDX: 00007fd631a3ec09 RSI: 00007fd631a3ec09 RDI: 0000000020000300 [ 47.829016][ T3618] RBP: 00007fd631ac34b8 R08: 0000000000000000 R09: 0000000000000000 [ 47.837037][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd631ac34b0 [ 47.845372][ T3618] R13: 0030656c69662f2e R14: 2f30656c69662f2e R15: 2f31656c69662f2e [ 47.853365][ T3618] [ 47.856449][ T3618] Kernel panic - not syncing: panic_on_warn set ... [ 47.863039][ T3618] CPU: 0 PID: 3618 Comm: syz-executor135 Not tainted 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 [ 47.873459][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 47.883503][ T3618] Call Trace: [ 47.886768][ T3618] [ 47.889691][ T3618] dump_stack_lvl+0xcd/0x134 [ 47.894283][ T3618] panic+0x2c8/0x622 [ 47.898168][ T3618] ? panic_print_sys_info.part.0+0x110/0x110 [ 47.904148][ T3618] ? __warn.cold+0x24b/0x350 [ 47.909087][ T3618] ? drop_nlink+0xb7/0x110 [ 47.913503][ T3618] __warn.cold+0x25c/0x350 [ 47.917905][ T3618] ? drop_nlink+0xb7/0x110 [ 47.922309][ T3618] report_bug+0x1bc/0x210 [ 47.926638][ T3618] handle_bug+0x3c/0x70 [ 47.930792][ T3618] exc_invalid_op+0x14/0x40 [ 47.935291][ T3618] asm_exc_invalid_op+0x16/0x20 [ 47.940156][ T3618] RIP: 0010:drop_nlink+0xb7/0x110 [ 47.945178][ T3618] Code: 28 be 08 00 00 00 48 8d bb c0 07 00 00 e8 11 72 ea ff f0 48 ff 83 c0 07 00 00 5b 5d 41 5c 41 5d e9 0e 1a 9e ff e8 09 1a 9e ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 [ 47.964796][ T3618] RSP: 0018:ffffc90003c6fca8 EFLAGS: 00010293 [ 47.970872][ T3618] RAX: 0000000000000000 RBX: ffff888072c7a0d0 RCX: 0000000000000000 [ 47.978834][ T3618] RDX: ffff888020158000 RSI: ffffffff81de9277 RDI: 0000000000000005 [ 47.986799][ T3618] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 47.994755][ T3618] R10: 0000000000000000 R11: 1ffffffff17f2619 R12: 00000000ffffffff [ 48.002712][ T3618] R13: ffff888072c7a118 R14: ffff888072c7a0d0 R15: ffff88801c5e2000 [ 48.010769][ T3618] ? drop_nlink+0xb7/0x110 [ 48.015286][ T3618] ? drop_nlink+0xb7/0x110 [ 48.019688][ T3618] vfat_rmdir+0x2ec/0x4a0 [ 48.024019][ T3618] ? vfat_unlink+0x480/0x480 [ 48.028609][ T3618] ? down_write_killable_nested+0x250/0x250 [ 48.034499][ T3618] vfs_rmdir.part.0+0x1b0/0x5a0 [ 48.039340][ T3618] do_rmdir+0x3a6/0x430 [ 48.043488][ T3618] ? __ia32_sys_mkdir+0x140/0x140 [ 48.048526][ T3618] ? getname_flags.part.0+0x1dd/0x4f0 [ 48.053890][ T3618] __x64_sys_rmdir+0xc6/0x110 [ 48.058558][ T3618] do_syscall_64+0x35/0xb0 [ 48.062971][ T3618] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.068856][ T3618] RIP: 0033:0x7fd631a3ec09 [ 48.073258][ T3618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.092861][ T3618] RSP: 002b:00007fd6319ca2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 48.101264][ T3618] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00007fd631a3ec09 [ 48.109227][ T3618] RDX: 00007fd631a3ec09 RSI: 00007fd631a3ec09 RDI: 0000000020000300 [ 48.117188][ T3618] RBP: 00007fd631ac34b8 R08: 0000000000000000 R09: 0000000000000000 [ 48.125150][ T3618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd631ac34b0 [ 48.133112][ T3618] R13: 0030656c69662f2e R14: 2f30656c69662f2e R15: 2f31656c69662f2e [ 48.141099][ T3618] [ 48.144828][ T3618] Kernel Offset: disabled [ 48.149206][ T3618] Rebooting in 86400 seconds..