./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2836192144 <...> Warning: Permanently added '10.128.1.101' (ED25519) to the list of known hosts. execve("./syz-executor2836192144", ["./syz-executor2836192144"], 0x7fff605d4040 /* 10 vars */) = 0 brk(NULL) = 0x55556781a000 brk(0x55556781ad00) = 0x55556781ad00 arch_prctl(ARCH_SET_FS, 0x55556781a380) = 0 set_tid_address(0x55556781a650) = 5217 set_robust_list(0x55556781a660, 24) = 0 rseq(0x55556781aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2836192144", 4096) = 28 getrandom("\x68\x1f\x2b\x4b\x8b\x76\xe4\x29", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556781ad00 brk(0x55556783bd00) = 0x55556783bd00 brk(0x55556783c000) = 0x55556783c000 mprotect(0x7f51045f8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.k5AnFe", 0700) = 0 chmod("./syzkaller.k5AnFe", 0777) = 0 chdir("./syzkaller.k5AnFe") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x55556781a660, 24) = 0 [pid 5219] chdir("./0" [pid 5217] <... clone resumed>, child_tidptr=0x55556781a650) = 5219 [pid 5219] <... chdir resumed>) = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] write(1, "executing program\n", 18executing program ) = 18 [pid 5219] mknod("./file0", 000) = 0 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50fc000000 [pid 5219] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5219] munmap(0x7f50fc000000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5219] mount("/dev/loop0", "./file0", "sysv", MS_NOSUID|MS_SYNCHRONOUS|MS_NOATIME|MS_LAZYTIME, "\xc9\x81\xcf\xe2\x16\x4f\xbd\x78\x80\x85\xfc\x45\xfd\x1d\x59\xeb\x1f\x35\x7d\x51\xcb\xdc\x98\x6d\x70\xa7\xd5\xc5\x30\x95\x61\x12\x23\x78\xf2\xd0\xd7\x7c\x36\x0b\x22\x09\x96\xcd\x4b\x7b\xff\xe1\x0b\xbe\x06\xb7\x57\x78\xd6\x0c\x3e\x43\xf5\x85\x83\x2b\x1a\x3e\x27\x1e\xd3\x9a\x06\x0a\xb6\xc5\x17\x9d\x66\xa8\x9d\x79\x2b\x97\xba\x43\xed\x5e\xe9\xcc\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff") = 0 [pid 5219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory) [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f50fc000000 [pid 5219] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5219] munmap(0x7f50fc000000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5219] close(3) = 0 [ 58.217057][ T5219] loop0: detected capacity change from 0 to 128 [ 58.241343][ T5219] VFS: Found a Xenix FS (block size = 512) on device loop0 [pid 5219] creat("./bus", 000) = 3 [pid 5219] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5219] open("./bus", O_RDONLY) = 4 [pid 5219] ioctl(4, LOOP_SET_STATUS, {lo_number=0, lo_offset=0x2c6575, lo_encrypt_type=0x1a37ee8e /* LO_CRYPT_??? */, lo_encrypt_key_size=645265316, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO|0xb0d98de0, lo_name="\x8d\x64\x12\x75\x79\xdc\xb5\x50\x04\x30\xe2\xd3\xb3\x7d\xdc\xbf\x2e\x63\x0f\x2b\x95\xd8\x99\xd8\x23\x86\xe9\x33\x66\x4e\x7e\xd6\xcc\x1c\xad\x9f\xe9\x1d\x8c\x80\x20\x60\x84\xe8\x32\x21\xde\x24\x8d\xd3\xe3\x92\x1e\x1d\xc6\x3f\xc0\x29\x09\x34\x0d\x4e\x03"..., lo_encrypt_key="\xd7\xe0\x54\x61\x90\xe0\x53\x1c\x6d\x5c\x64\x57\xed\xd7\x91\xed\x75\x89\x4f\x68\x0e\x9b\x34\xf2\xb8\xa2\x35\xa0\xde\x9a\x0c\x66", ...}) = 0 [pid 5219] exit_group(0) = ? [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556781b6f0 /* 5 entries */, 32768) = 136 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 58.353512][ T5219] loop0: detected capacity change from 128 to 0 [ 58.398630][ T5217] sysv_free_block: trying to free block not in datazone [ 58.406216][ T5217] syz-executor283: attempt to access beyond end of device [ 58.406216][ T5217] loop0: rw=0, sector=13662976, nr_sectors = 1 limit=0 [ 58.420780][ T5217] syz-executor283: attempt to access beyond end of device [ 58.420780][ T5217] loop0: rw=0, sector=8073605, nr_sectors = 1 limit=0 [ 58.435310][ T5217] syz-executor283: attempt to access beyond end of device [ 58.435310][ T5217] loop0: rw=0, sector=3245521, nr_sectors = 1 limit=0 [ 58.449253][ T5217] syz-executor283: attempt to access beyond end of device [ 58.449253][ T5217] loop0: rw=2049, sector=2, nr_sectors = 1 limit=0 [ 58.462909][ T5217] Buffer I/O error on dev loop0, logical block 2, lost sync page write [ 58.471200][ T5217] IO error syncing sysv inode [loop0:00000002] [ 58.477413][ T5217] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 58.486472][ T5217] ------------[ cut here ]------------ [ 58.491931][ T5217] WARNING: CPU: 0 PID: 5217 at fs/buffer.c:1181 mark_buffer_dirty+0x2c6/0x500 [ 58.500899][ T5217] Modules linked in: [ 58.504991][ T5217] CPU: 0 UID: 0 PID: 5217 Comm: syz-executor283 Not tainted 6.11.0-rc3-syzkaller-00036-g9d5906799f7d #0 [ 58.516125][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 58.526210][ T5217] RIP: 0010:mark_buffer_dirty+0x2c6/0x500 [ 58.531924][ T5217] Code: 74 08 48 89 df e8 aa 6d dd ff 48 8b 3b be 04 00 00 00 5b 41 5e 41 5f 5d e9 97 f0 fb ff e8 32 4e 79 ff eb 91 e8 2b 4e 79 ff 90 <0f> 0b 90 e9 80 fd ff ff e8 1d 4e 79 ff 90 0f 0b 90 e9 a7 fd ff ff [ 58.551617][ T5217] RSP: 0018:ffffc90003367ba8 EFLAGS: 00010293 [ 58.557725][ T5217] RAX: ffffffff821a2aa5 RBX: 1ffff11004154601 RCX: ffff888061df0000 [ 58.565782][ T5217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 58.573794][ T5217] RBP: 0000000000000000 R08: ffffffff821a2821 R09: 1ffff1100c850fb3 [ 58.581754][ T5217] R10: dffffc0000000000 R11: ffffed100c850fb4 R12: dffffc0000000000 [ 58.589804][ T5217] R13: dffffc0000000000 R14: ffff888064287d98 R15: ffff888020aa3038 [ 58.597811][ T5217] FS: 000055556781a380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 58.606797][ T5217] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.613447][ T5217] CR2: 00007ffe85244fe8 CR3: 000000007ec18000 CR4: 00000000003506f0 [ 58.621430][ T5217] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.629480][ T5217] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.637576][ T5217] Call Trace: [ 58.640848][ T5217] [ 58.643808][ T5217] ? __warn+0x163/0x4e0 [ 58.647985][ T5217] ? mark_buffer_dirty+0x2c6/0x500 [ 58.653088][ T5217] ? report_bug+0x2b3/0x500 [ 58.657639][ T5217] ? mark_buffer_dirty+0x2c6/0x500 [ 58.662762][ T5217] ? handle_bug+0x3e/0x70 [ 58.667124][ T5217] ? exc_invalid_op+0x1a/0x50 [ 58.671806][ T5217] ? asm_exc_invalid_op+0x1a/0x20 [ 58.676883][ T5217] ? mark_buffer_dirty+0x41/0x500 [ 58.681915][ T5217] ? mark_buffer_dirty+0x2c5/0x500 [ 58.687077][ T5217] ? mark_buffer_dirty+0x2c6/0x500 [ 58.692200][ T5217] ? mark_buffer_dirty+0x2c5/0x500 [ 58.697361][ T5217] sysv_put_super+0x93/0x180 [ 58.701964][ T5217] ? __pfx_sysv_put_super+0x10/0x10 [ 58.707202][ T5217] generic_shutdown_super+0x136/0x2d0 [ 58.712584][ T5217] kill_block_super+0x44/0x90 [ 58.717301][ T5217] deactivate_locked_super+0xc4/0x130 [ 58.722682][ T5217] cleanup_mnt+0x41f/0x4b0 [ 58.727154][ T5217] ? lockdep_hardirqs_on+0x99/0x150 [ 58.732360][ T5217] task_work_run+0x24f/0x310 [ 58.736987][ T5217] ? __pfx_task_work_run+0x10/0x10 [ 58.742099][ T5217] ? path_umount+0x284/0xf70 [ 58.746768][ T5217] ptrace_notify+0x2d2/0x380 [ 58.751376][ T5217] ? __pfx_path_umount+0x10/0x10 [ 58.756367][ T5217] ? __pfx_ptrace_notify+0x10/0x10 [ 58.761500][ T5217] ? __x64_sys_umount+0x123/0x170 [ 58.766571][ T5217] ? __pfx___x64_sys_umount+0x10/0x10 [ 58.771950][ T5217] syscall_exit_work+0xc6/0x190 [ 58.776841][ T5217] syscall_exit_to_user_mode+0x279/0x370 [ 58.782490][ T5217] do_syscall_64+0x100/0x230 [ 58.787118][ T5217] ? clear_bhb_loop+0x35/0x90 [ 58.791804][ T5217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.797738][ T5217] RIP: 0033:0x7f510457a647 [ 58.802173][ T5217] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 58.821885][ T5217] RSP: 002b:00007ffe852451b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 58.830355][ T5217] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f510457a647 [ 58.838364][ T5217] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe85245270 [ 58.846372][ T5217] RBP: 00007ffe85245270 R08: 0000000000000000 R09: 0000000000000000 [ 58.854413][ T5217] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe852462e0 [ 58.862473][ T5217] R13: 000055556781b6c0 R14: 431bde82d7b634db R15: 00007ffe85246300 [ 58.870499][ T5217] [ 58.873577][ T5217] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 58.880851][ T5217] CPU: 0 UID: 0 PID: 5217 Comm: syz-executor283 Not tainted 6.11.0-rc3-syzkaller-00036-g9d5906799f7d #0 [ 58.891945][ T5217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 58.901987][ T5217] Call Trace: [ 58.905254][ T5217] [ 58.908172][ T5217] dump_stack_lvl+0x241/0x360 [ 58.912843][ T5217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.918030][ T5217] ? __pfx__printk+0x10/0x10 [ 58.922620][ T5217] ? vscnprintf+0x5d/0x90 [ 58.926941][ T5217] panic+0x349/0x860 [ 58.930831][ T5217] ? __warn+0x172/0x4e0 [ 58.934977][ T5217] ? __pfx_panic+0x10/0x10 [ 58.939402][ T5217] __warn+0x346/0x4e0 [ 58.943372][ T5217] ? mark_buffer_dirty+0x2c6/0x500 [ 58.948484][ T5217] report_bug+0x2b3/0x500 [ 58.952807][ T5217] ? mark_buffer_dirty+0x2c6/0x500 [ 58.957914][ T5217] handle_bug+0x3e/0x70 [ 58.962060][ T5217] exc_invalid_op+0x1a/0x50 [ 58.966549][ T5217] asm_exc_invalid_op+0x1a/0x20 [ 58.971387][ T5217] RIP: 0010:mark_buffer_dirty+0x2c6/0x500 [ 58.977103][ T5217] Code: 74 08 48 89 df e8 aa 6d dd ff 48 8b 3b be 04 00 00 00 5b 41 5e 41 5f 5d e9 97 f0 fb ff e8 32 4e 79 ff eb 91 e8 2b 4e 79 ff 90 <0f> 0b 90 e9 80 fd ff ff e8 1d 4e 79 ff 90 0f 0b 90 e9 a7 fd ff ff [ 58.996787][ T5217] RSP: 0018:ffffc90003367ba8 EFLAGS: 00010293 [ 59.002845][ T5217] RAX: ffffffff821a2aa5 RBX: 1ffff11004154601 RCX: ffff888061df0000 [ 59.010804][ T5217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 59.018762][ T5217] RBP: 0000000000000000 R08: ffffffff821a2821 R09: 1ffff1100c850fb3 [ 59.026722][ T5217] R10: dffffc0000000000 R11: ffffed100c850fb4 R12: dffffc0000000000 [ 59.034681][ T5217] R13: dffffc0000000000 R14: ffff888064287d98 R15: ffff888020aa3038 [ 59.042645][ T5217] ? mark_buffer_dirty+0x41/0x500 [ 59.047673][ T5217] ? mark_buffer_dirty+0x2c5/0x500 [ 59.052784][ T5217] ? mark_buffer_dirty+0x2c5/0x500 [ 59.057889][ T5217] sysv_put_super+0x93/0x180 [ 59.062465][ T5217] ? __pfx_sysv_put_super+0x10/0x10 [ 59.067653][ T5217] generic_shutdown_super+0x136/0x2d0 [ 59.073025][ T5217] kill_block_super+0x44/0x90 [ 59.077693][ T5217] deactivate_locked_super+0xc4/0x130 [ 59.083057][ T5217] cleanup_mnt+0x41f/0x4b0 [ 59.087465][ T5217] ? lockdep_hardirqs_on+0x99/0x150 [ 59.092656][ T5217] task_work_run+0x24f/0x310 [ 59.097237][ T5217] ? __pfx_task_work_run+0x10/0x10 [ 59.102332][ T5217] ? path_umount+0x284/0xf70 [ 59.106922][ T5217] ptrace_notify+0x2d2/0x380 [ 59.111502][ T5217] ? __pfx_path_umount+0x10/0x10 [ 59.116433][ T5217] ? __pfx_ptrace_notify+0x10/0x10 [ 59.121534][ T5217] ? __x64_sys_umount+0x123/0x170 [ 59.126543][ T5217] ? __pfx___x64_sys_umount+0x10/0x10 [ 59.131905][ T5217] syscall_exit_work+0xc6/0x190 [ 59.136745][ T5217] syscall_exit_to_user_mode+0x279/0x370 [ 59.142377][ T5217] do_syscall_64+0x100/0x230 [ 59.146956][ T5217] ? clear_bhb_loop+0x35/0x90 [ 59.151622][ T5217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.157502][ T5217] RIP: 0033:0x7f510457a647 [ 59.161904][ T5217] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 59.181495][ T5217] RSP: 002b:00007ffe852451b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 59.189899][ T5217] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f510457a647 [ 59.197895][ T5217] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe85245270 [ 59.205853][ T5217] RBP: 00007ffe85245270 R08: 0000000000000000 R09: 0000000000000000 [ 59.213810][ T5217] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe852462e0 [ 59.221769][ T5217] R13: 000055556781b6c0 R14: 431bde82d7b634db R15: 00007ffe85246300 [ 59.229740][ T5217] [ 59.232967][ T5217] Kernel Offset: disabled [ 59.237318][ T5217] Rebooting in 86400 seconds..