./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2618746221 <...> Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. execve("./syz-executor2618746221", ["./syz-executor2618746221"], 0x7ffcb469bab0 /* 10 vars */) = 0 brk(NULL) = 0x555593a10000 brk(0x555593a10d00) = 0x555593a10d00 arch_prctl(ARCH_SET_FS, 0x555593a10380) = 0 set_tid_address(0x555593a10650) = 5827 set_robust_list(0x555593a10660, 24) = 0 rseq(0x555593a10ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2618746221", 4096) = 28 getrandom("\xca\xc9\x64\xe3\x7a\x58\xae\xf0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555593a10d00 brk(0x555593a31d00) = 0x555593a31d00 brk(0x555593a32000) = 0x555593a32000 mprotect(0x7f4ef8e6c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached , child_tidptr=0x555593a10650) = 5828 [pid 5828] set_robust_list(0x555593a10660, 24 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... set_robust_list resumed>) = 0 [pid 5828] mkdir("./syzkaller.kvjoIK", 0700./strace-static-x86_64: Process 5829 attached [pid 5827] <... clone resumed>, child_tidptr=0x555593a10650) = 5829 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x555593a10660, 24 [pid 5829] set_robust_list(0x555593a10660, 24 [pid 5827] <... clone resumed>, child_tidptr=0x555593a10650) = 5830 [pid 5828] <... mkdir resumed>) = 0 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] mkdir("./syzkaller.5V8TVs", 0700./strace-static-x86_64: Process 5831 attached [pid 5830] mkdir("./syzkaller.oGK3ra", 0700 [pid 5828] chmod("./syzkaller.kvjoIK", 0777 [pid 5827] <... clone resumed>, child_tidptr=0x555593a10650) = 5831 [pid 5831] set_robust_list(0x555593a10660, 24 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... chmod resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] <... mkdir resumed>) = 0 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5829] chmod("./syzkaller.5V8TVs", 0777 [pid 5828] chdir("./syzkaller.kvjoIK"./strace-static-x86_64: Process 5832 attached [pid 5827] <... clone resumed>, child_tidptr=0x555593a10650) = 5832 [pid 5831] mkdir("./syzkaller.8gFWlM", 0700 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] set_robust_list(0x555593a10660, 24) = 0 [pid 5830] chmod("./syzkaller.oGK3ra", 0777 [pid 5829] <... chmod resumed>) = 0 [pid 5828] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5833 attached [pid 5832] mkdir("./syzkaller.3njKwe", 0700 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... chmod resumed>) = 0 [pid 5828] mkdir("./0", 0777 [pid 5827] <... clone resumed>, child_tidptr=0x555593a10650) = 5833 [pid 5833] set_robust_list(0x555593a10660, 24 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] chmod("./syzkaller.8gFWlM", 0777 [pid 5830] chdir("./syzkaller.oGK3ra" [pid 5829] chdir("./syzkaller.5V8TVs" [pid 5828] <... mkdir resumed>) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5830] <... chdir resumed>) = 0 [pid 5832] chmod("./syzkaller.3njKwe", 0777 [pid 5831] <... chmod resumed>) = 0 [pid 5829] mkdir("./0", 0777 [pid 5832] <... chmod resumed>) = 0 [pid 5831] chdir("./syzkaller.8gFWlM" [pid 5833] mkdir("./syzkaller.CHwSEq", 0700 [pid 5831] <... chdir resumed>) = 0 [pid 5832] chdir("./syzkaller.3njKwe" [pid 5831] mkdir("./0", 0777 [pid 5830] mkdir("./0", 0777 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] <... chdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] mkdir("./0", 0777 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5833] chmod("./syzkaller.CHwSEq", 0777 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5833] <... chmod resumed>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 3 [pid 5833] chdir("./syzkaller.CHwSEq") = 0 [pid 5832] <... openat resumed>) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] mkdir("./0", 0777 [pid 5829] <... openat resumed>) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] close(3 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 5830] close(3 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... openat resumed>) = 3 [pid 5832] close(3 [pid 5830] <... close resumed>) = 0 [pid 5829] close(3 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... close resumed>) = 0 [pid 5833] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5833] close(3./strace-static-x86_64: Process 5836 attached ./strace-static-x86_64: Process 5835 attached ./strace-static-x86_64: Process 5834 attached [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... clone resumed>, child_tidptr=0x555593a10650) = 5834 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... close resumed>) = 0 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached [pid 5835] set_robust_list(0x555593a10660, 24 [pid 5837] set_robust_list(0x555593a10660, 24 [pid 5835] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5839 attached ./strace-static-x86_64: Process 5838 attached [pid 5835] chdir("./0" [pid 5837] <... set_robust_list resumed>) = 0 [pid 5839] set_robust_list(0x555593a10660, 24 [pid 5837] chdir("./0" [pid 5839] <... set_robust_list resumed>) = 0 [pid 5837] <... chdir resumed>) = 0 [pid 5835] <... chdir resumed>) = 0 [pid 5839] chdir("./0" [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] set_robust_list(0x555593a10660, 24 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] set_robust_list(0x555593a10660, 24 [pid 5833] <... clone resumed>, child_tidptr=0x555593a10650) = 5839 [pid 5830] <... clone resumed>, child_tidptr=0x555593a10650) = 5836 [pid 5828] <... clone resumed>, child_tidptr=0x555593a10650) = 5835 [pid 5838] set_robust_list(0x555593a10660, 24 [pid 5837] <... prctl resumed>) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] <... prctl resumed>) = 0 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x555593a10650) = 5837 [pid 5839] <... chdir resumed>) = 0 [pid 5837] setpgid(0, 0 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] chdir("./0" [pid 5835] setpgid(0, 0 [pid 5834] chdir("./0" [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] <... setpgid resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x555593a10650) = 5838 [pid 5839] <... prctl resumed>) = 0 [pid 5838] chdir("./0" [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... chdir resumed>) = 0 [pid 5835] <... setpgid resumed>) = 0 [pid 5834] <... chdir resumed>) = 0 [pid 5839] setpgid(0, 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... prctl resumed>) = 0 [pid 5836] <... prctl resumed>) = 0 [pid 5839] <... setpgid resumed>) = 0 [pid 5837] <... openat resumed>) = 3 [pid 5836] setpgid(0, 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] setpgid(0, 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] <... chdir resumed>) = 0 [pid 5836] <... setpgid resumed>) = 0 [pid 5834] <... setpgid resumed>) = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... openat resumed>) = 3 [pid 5838] <... prctl resumed>) = 0 [pid 5837] write(3, "1000", 4 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5835] <... openat resumed>) = 3 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] setpgid(0, 0 [pid 5837] <... write resumed>) = 4 [pid 5834] <... openat resumed>) = 3 [pid 5838] <... setpgid resumed>) = 0 [pid 5837] close(3 [pid 5836] <... openat resumed>) = 3 [pid 5835] write(3, "1000", 4 [pid 5834] write(3, "1000", 4 [pid 5839] write(3, "1000", 4 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] <... close resumed>) = 0 [pid 5836] write(3, "1000", 4 [pid 5835] <... write resumed>) = 4 [pid 5839] <... write resumed>) = 4 [pid 5838] <... openat resumed>) = 3 [pid 5837] symlink("/dev/binderfs", "./binderfs" [pid 5835] close(3 [pid 5834] <... write resumed>) = 4 [pid 5838] write(3, "1000", 4 [pid 5834] close(3 [pid 5836] <... write resumed>) = 4 [pid 5838] <... write resumed>) = 4 [pid 5836] close(3 [pid 5838] close(3 [pid 5836] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5838] symlink("/dev/binderfs", "./binderfs" [pid 5839] close(3 [pid 5838] <... symlink resumed>) = 0 [pid 5837] <... symlink resumed>) = 0 [pid 5835] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5837] write(1, "executing program\n", 18executing program [pid 5835] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... symlink resumed>) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs" [pid 5837] <... write resumed>) = 18 [pid 5835] <... symlink resumed>) = 0 executing program [pid 5839] <... symlink resumed>) = 0 [pid 5837] memfd_create("syzkaller", 0 [pid 5835] write(1, "executing program\n", 18 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5835] <... write resumed>) = 18 [pid 5839] memfd_create("syzkaller", 0 [pid 5835] memfd_create("syzkaller", 0 [pid 5837] <... memfd_create resumed>) = 3 executing program executing program [pid 5838] write(1, "executing program\n", 18 [pid 5836] <... symlink resumed>) = 0 [pid 5834] write(1, "executing program\n", 18 [pid 5839] <... memfd_create resumed>) = 3 [pid 5838] <... write resumed>) = 18 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] write(1, "executing program\n", 18 [pid 5835] <... memfd_create resumed>) = 3 [pid 5834] <... write resumed>) = 18 executing program [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] memfd_create("syzkaller", 0 [pid 5837] <... mmap resumed>) = 0x7f4ef0800000 [pid 5836] <... write resumed>) = 18 [pid 5838] <... memfd_create resumed>) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] memfd_create("syzkaller", 0 [pid 5839] <... mmap resumed>) = 0x7f4ef0800000 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ef0800000 [pid 5836] memfd_create("syzkaller", 0 [pid 5834] <... memfd_create resumed>) = 3 [pid 5835] <... mmap resumed>) = 0x7f4ef0800000 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] <... memfd_create resumed>) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4ef0800000 [pid 5834] <... mmap resumed>) = 0x7f4ef0800000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5835] <... write resumed>) = 16777216 [pid 5835] munmap(0x7f4ef0800000, 138412032 [pid 5834] <... write resumed>) = 16777216 [pid 5837] <... write resumed>) = 16777216 [pid 5839] <... write resumed>) = 16777216 [pid 5838] <... write resumed>) = 16777216 [pid 5837] munmap(0x7f4ef0800000, 138412032 [pid 5836] <... write resumed>) = 16777216 [pid 5835] <... munmap resumed>) = 0 [pid 5834] munmap(0x7f4ef0800000, 138412032 [pid 5839] munmap(0x7f4ef0800000, 138412032 [pid 5838] munmap(0x7f4ef0800000, 138412032 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3 [pid 5837] <... munmap resumed>) = 0 [pid 5835] <... ioctl resumed>) = 0 [pid 5836] munmap(0x7f4ef0800000, 138412032 [pid 5839] <... munmap resumed>) = 0 [pid 5838] <... munmap resumed>) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5835] close(3 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] <... openat resumed>) = 4 [pid 5839] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5838] <... openat resumed>) = 4 [pid 5837] ioctl(4, LOOP_SET_FD, 3 [pid 5835] <... close resumed>) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5834] <... munmap resumed>) = 0 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5838] ioctl(4, LOOP_SET_FD, 3 [pid 5837] <... ioctl resumed>) = 0 [pid 5835] close(4 [pid 5834] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5834] ioctl(4, LOOP_SET_FD, 3 [pid 5835] <... close resumed>) = 0 [ 76.254297][ T5835] loop0: detected capacity change from 0 to 32768 [ 76.273422][ T5837] loop4: detected capacity change from 0 to 32768 [ 76.285812][ T5838] loop1: detected capacity change from 0 to 32768 [ 76.286945][ T5834] loop3: detected capacity change from 0 to 32768 [pid 5837] close(3 [pid 5835] mkdir("./file0", 0777 [pid 5837] <... close resumed>) = 0 [pid 5835] <... mkdir resumed>) = 0 [pid 5837] close(4 [pid 5835] mount("/dev/loop0", "./file0", "jfs", MS_LAZYTIME, "" [pid 5838] <... ioctl resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5838] close(3 [pid 5837] mkdir("./file0", 0777 [pid 5838] <... close resumed>) = 0 [pid 5837] <... mkdir resumed>) = 0 [pid 5838] close(4 [pid 5837] mount("/dev/loop4", "./file0", "jfs", MS_LAZYTIME, "" [pid 5838] <... close resumed>) = 0 [pid 5836] <... munmap resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] close(3 [pid 5838] mkdir("./file0", 0777 [pid 5836] <... openat resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5836] ioctl(4, LOOP_SET_FD, 3 [pid 5834] close(4 [pid 5838] mount("/dev/loop1", "./file0", "jfs", MS_LAZYTIME, "" [pid 5834] <... close resumed>) = 0 [pid 5839] <... ioctl resumed>) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [pid 5839] mount("/dev/loop5", "./file0", "jfs", MS_LAZYTIME, "" [pid 5834] mkdir("./file0", 0777) = 0 [pid 5834] mount("/dev/loop3", "./file0", "jfs", MS_LAZYTIME, "" [pid 5835] <... mount resumed>) = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./file0") = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 76.293017][ T5839] loop5: detected capacity change from 0 to 32768 [ 76.321215][ T5835] [ 76.321215][ T5835] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.321215][ T5835] [ 76.335535][ T5837] [ 76.335535][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.335535][ T5837] [ 76.338946][ T5836] loop2: detected capacity change from 0 to 32768 [pid 5835] truncate("./file1", 24066 [pid 5836] <... ioctl resumed>) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file0", 0777) = 0 [ 76.366945][ T5839] [ 76.366945][ T5839] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.366945][ T5839] [ 76.380188][ T5835] [ 76.380188][ T5835] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.380188][ T5835] [ 76.393579][ T5835] [ 76.393579][ T5835] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.393579][ T5835] [ 76.404618][ T5838] [ 76.404618][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.404618][ T5838] [pid 5836] mount("/dev/loop2", "./file0", "jfs", MS_LAZYTIME, "" [pid 5839] <... mount resumed>) = 0 [pid 5838] <... mount resumed>) = 0 [pid 5837] <... mount resumed>) = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] <... openat resumed>) = 3 [pid 5838] chdir("./file0" [pid 5839] chdir("./file0" [pid 5838] <... chdir resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5839] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] <... openat resumed>) = 3 [pid 5839] truncate("./file1", 24066 [ 76.421601][ T5834] [ 76.421601][ T5834] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.421601][ T5834] [ 76.453548][ T5838] [ 76.453548][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.453548][ T5838] [ 76.460999][ T5837] [pid 5838] truncate("./file1", 24066 [pid 5837] chdir("./file0") = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] truncate("./file1", 24066 [pid 5834] <... mount resumed>) = 0 [pid 5834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("./file0") = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5835] <... truncate resumed>) = 0 [pid 5834] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5835] exit_group(0 [pid 5834] truncate("./file1", 24066 [pid 5835] <... exit_group resumed>) = ? [ 76.460999][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.460999][ T5837] [ 76.464751][ T5839] [ 76.464751][ T5839] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.464751][ T5839] [ 76.489591][ T5836] [ 76.489591][ T5836] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.489591][ T5836] [ 76.505903][ T5834] [ 76.505903][ T5834] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.505903][ T5834] [ 76.507131][ T5838] [pid 5835] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- [pid 5828] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x555593a116f0 /* 4 entries */, 32768) = 112 [ 76.507131][ T5838] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.507131][ T5838] [ 76.526085][ T5837] [ 76.526085][ T5837] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.526085][ T5837] [ 76.539758][ T113] [ 76.539758][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.539758][ T113] [ 76.556505][ T5839] [ 76.556505][ T5839] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.556505][ T5839] [ 76.564745][ T5834] [pid 5828] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5836] <... mount resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5838] <... truncate resumed>) = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5828] unlink("./0/binderfs") = 0 [pid 5828] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... truncate resumed>) = 0 [pid 5839] <... truncate resumed>) = 0 [pid 5838] exit_group(0 [pid 5836] <... openat resumed>) = 3 [pid 5834] <... truncate resumed>) = 0 [pid 5837] exit_group(0) = ? [pid 5837] +++ exited with 0 +++ [pid 5839] exit_group(0 [pid 5838] <... exit_group resumed>) = ? [pid 5836] chdir("./file0" [pid 5834] exit_group(0 [pid 5838] +++ exited with 0 +++ [pid 5836] <... chdir resumed>) = 0 [pid 5834] <... exit_group resumed>) = ? [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] +++ exited with 0 +++ [pid 5832] restart_syscall(<... resuming interrupted clone ...> [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- [pid 5839] <... exit_group resumed>) = ? [pid 5836] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] <... restart_syscall resumed>) = 0 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [ 76.564745][ T5834] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.564745][ T5834] [ 76.583564][ T114] [ 76.583564][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.583564][ T114] [ 76.594921][ T113] [ 76.594921][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.594921][ T113] [ 76.605120][ T63] [ 76.605120][ T63] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.605120][ T63] [pid 5839] +++ exited with 0 +++ [pid 5836] truncate("./file1", 24066 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] newfstatat(3, "", [pid 5831] newfstatat(3, "", [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5832] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5832] getdents64(3, [pid 5831] getdents64(3, [pid 5829] newfstatat(3, "", [pid 5832] <... getdents64 resumed>0x555593a116f0 /* 4 entries */, 32768) = 112 [pid 5831] <... getdents64 resumed>0x555593a116f0 /* 4 entries */, 32768) = 112 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 5833] <... restart_syscall resumed>) = 0 [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x555593a116f0 /* 4 entries */, 32768) = 112 [pid 5832] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] unlink("./0/binderfs" [pid 5831] unlink("./0/binderfs" [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5832] <... unlink resumed>) = 0 [pid 5831] <... unlink resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 76.624574][ T5836] [ 76.624574][ T5836] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.624574][ T5836] [ 76.635724][ T63] [ 76.635724][ T63] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.635724][ T63] [ 76.655050][ T114] [ 76.655050][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.655050][ T114] [ 76.655517][ T113] [ 76.655517][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [pid 5833] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] unlink("./0/binderfs" [pid 5833] <... openat resumed>) = 3 [ 76.655517][ T113] [ 76.673015][ T5828] [ 76.673015][ T5828] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.673015][ T5828] [ 76.677528][ T5836] [ 76.677528][ T5836] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.677528][ T5836] [ 76.689080][ T12] [ 76.689080][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.689080][ T12] [ 76.698625][ T51] [ 76.698625][ T51] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.698625][ T51] [ 76.713399][ T5828] [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... unlink resumed>) = 0 [pid 5836] <... truncate resumed>) = 0 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5833] getdents64(3, [pid 5830] <... restart_syscall resumed>) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... getdents64 resumed>0x555593a116f0 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5833] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] unlink("./0/binderfs") = 0 [ 76.713399][ T5828] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.713399][ T5828] [ 76.723606][ T51] [ 76.723606][ T51] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.723606][ T51] [ 76.731675][ T12] [ 76.731675][ T12] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.731675][ T12] [ 76.741366][ T113] [ 76.741366][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.741366][ T113] [ 76.757531][ T114] [ 76.757531][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.757531][ T114] [ 76.763826][ T5831] [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 76.763826][ T5831] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.763826][ T5831] [ 76.772245][ T114] [ 76.772245][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.772245][ T114] [ 76.783757][ T51] [ 76.783757][ T51] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.783757][ T51] [ 76.803281][ T11] [ 76.803281][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.803281][ T11] [ 76.803310][ T11] [ 76.803310][ T11] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.803310][ T11] [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 5828] <... umount2 resumed>) = 0 [pid 5831] <... umount2 resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 76.815833][ T113] [ 76.815833][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.815833][ T113] [ 76.836423][ T51] [ 76.836423][ T51] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.836423][ T51] [ 76.847973][ T5831] [ 76.847973][ T5831] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.847973][ T5831] [ 76.850115][ T5832] [ 76.850115][ T5832] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 76.850115][ T5832] [ 76.865652][ T113] ================================================================== [ 76.877122][ T113] BUG: KASAN: slab-use-after-free in txEnd+0x354/0x560 [ 76.884024][ T113] Write of size 8 at addr ffff88802774a040 by task jfsCommit/113 [ 76.891743][ T113] [ 76.894106][ T113] CPU: 1 UID: 0 PID: 113 Comm: jfsCommit Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0 [ 76.904268][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.914337][ T113] Call Trace: [ 76.917625][ T113] [ 76.920642][ T113] dump_stack_lvl+0x241/0x360 [ 76.925348][ T113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.930575][ T113] ? __pfx__printk+0x10/0x10 [ 76.935192][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.940853][ T113] ? _printk+0xd5/0x120 [ 76.945027][ T113] ? __virt_addr_valid+0x183/0x530 [ 76.950155][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.955808][ T113] print_report+0x169/0x550 [ 76.960336][ T113] ? __virt_addr_valid+0x183/0x530 [ 76.965476][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.971157][ T113] ? __virt_addr_valid+0x45f/0x530 [ 76.976298][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.981941][ T113] ? __phys_addr+0xba/0x170 [ 76.986456][ T113] ? txEnd+0x354/0x560 [ 76.990529][ T113] kasan_report+0x143/0x180 [ 76.995055][ T113] ? txEnd+0x354/0x560 [ 76.999132][ T113] kasan_check_range+0x282/0x290 [ 77.004091][ T113] txEnd+0x354/0x560 [ 77.007998][ T113] jfs_lazycommit+0x634/0xb80 [ 77.012692][ T113] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 77.018680][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.024315][ T113] ? lockdep_hardirqs_on+0x99/0x150 [ 77.029538][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.034748][ T113] ? __pfx_default_wake_function+0x10/0x10 [ 77.040575][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.046234][ T113] ? __kthread_parkme+0x169/0x1d0 [ 77.051261][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.056554][ T113] kthread+0x2f2/0x390 [ 77.060635][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.065840][ T113] ? __pfx_kthread+0x10/0x10 [ 77.070438][ T113] ret_from_fork+0x4d/0x80 [ 77.074881][ T113] ? __pfx_kthread+0x10/0x10 [ 77.079498][ T113] ret_from_fork_asm+0x1a/0x30 [ 77.084270][ T113] [ 77.087283][ T113] [ 77.089600][ T113] Allocated by task 5834: [ 77.093921][ T113] kasan_save_track+0x3f/0x80 [ 77.098605][ T113] __kasan_kmalloc+0x98/0xb0 [ 77.103207][ T113] __kmalloc_cache_noprof+0x243/0x390 [ 77.108591][ T113] lmLogOpen+0x320/0x1040 [ 77.112924][ T113] jfs_mount_rw+0xf1/0x6a0 [ 77.117340][ T113] jfs_fill_super+0x775/0xd90 [ 77.122026][ T113] get_tree_bdev_flags+0x48e/0x5c0 [ 77.127141][ T113] vfs_get_tree+0x92/0x2b0 [ 77.131560][ T113] do_new_mount+0x2be/0xb40 [ 77.136074][ T113] __se_sys_mount+0x2d6/0x3c0 [ 77.140762][ T113] do_syscall_64+0xf3/0x230 [ 77.145275][ T113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.151173][ T113] [ 77.153488][ T113] Freed by task 5831: [ 77.157455][ T113] kasan_save_track+0x3f/0x80 [ 77.162141][ T113] kasan_save_free_info+0x40/0x50 [ 77.167164][ T113] __kasan_slab_free+0x59/0x70 [ 77.171937][ T113] kfree+0x196/0x430 [ 77.175839][ T113] lmLogClose+0x2a1/0x530 [ 77.180167][ T113] jfs_umount+0x2ce/0x3a0 [ 77.184492][ T113] jfs_put_super+0x8a/0x190 [ 77.189001][ T113] generic_shutdown_super+0x13b/0x2d0 [ 77.194372][ T113] kill_block_super+0x44/0x90 [ 77.199051][ T113] deactivate_locked_super+0xc6/0x130 [ 77.204420][ T113] cleanup_mnt+0x41f/0x4b0 [ 77.208833][ T113] task_work_run+0x251/0x310 [ 77.213428][ T113] ptrace_notify+0x2d2/0x380 [ 77.218028][ T113] syscall_exit_work+0xc7/0x1d0 [ 77.222883][ T113] syscall_exit_to_user_mode+0x24a/0x340 [ 77.228519][ T113] do_syscall_64+0x100/0x230 [ 77.233119][ T113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.239016][ T113] [ 77.241331][ T113] The buggy address belongs to the object at ffff88802774a000 [ 77.241331][ T113] which belongs to the cache kmalloc-1k of size 1024 [ 77.255377][ T113] The buggy address is located 64 bytes inside of [ 77.255377][ T113] freed 1024-byte region [ffff88802774a000, ffff88802774a400) [ 77.269169][ T113] [ 77.271488][ T113] The buggy address belongs to the physical page: [ 77.277889][ T113] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27748 [ 77.286668][ T113] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.296221][ T113] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 77.303935][ T113] page_type: f5(slab) [ 77.307916][ T113] raw: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122 [ 77.316521][ T113] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 77.325106][ T113] head: 00fff00000000040 ffff88801ac41dc0 dead000000000100 dead000000000122 [ 77.333772][ T113] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 77.342439][ T113] head: 00fff00000000003 ffffea00009dd201 ffffffffffffffff 0000000000000000 [ 77.351279][ T113] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 77.359945][ T113] page dumped because: kasan: bad access detected [ 77.366353][ T113] page_owner tracks the page as allocated [ 77.372060][ T113] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 11, tgid 11 (kworker/u8:0), ts 9584572564, free_ts 0 [ 77.390559][ T113] post_alloc_hook+0x1f3/0x230 [ 77.395354][ T113] get_page_from_freelist+0x365c/0x37a0 [ 77.400991][ T113] __alloc_pages_noprof+0x292/0x710 [ 77.406212][ T113] alloc_slab_page+0x59/0x140 [ 77.411240][ T113] allocate_slab+0x5a/0x2f0 [ 77.415747][ T113] ___slab_alloc+0xcd1/0x14b0 [ 77.420512][ T113] __slab_alloc+0x58/0xa0 [ 77.424840][ T113] __kmalloc_cache_node_noprof+0x294/0x3a0 [ 77.430656][ T113] blk_mq_alloc_and_init_hctx+0x185/0xdc0 [ 77.436403][ T113] blk_mq_realloc_hw_ctxs+0x198/0x4a0 [ 77.441776][ T113] blk_mq_init_allocated_queue+0x3f6/0x14c0 [ 77.447689][ T113] blk_mq_alloc_queue+0x1d3/0x2f0 [ 77.452715][ T113] scsi_alloc_sdev+0x76c/0xb80 [ 77.457478][ T113] scsi_probe_and_add_lun+0x1d4/0x4bd0 [ 77.462935][ T113] __scsi_scan_target+0x205/0x1080 [ 77.468046][ T113] scsi_scan_host_selected+0x37e/0x690 [ 77.473503][ T113] page_owner free stack trace missing [ 77.478860][ T113] [ 77.481174][ T113] Memory state around the buggy address: [ 77.486884][ T113] ffff888027749f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.494942][ T113] ffff888027749f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.502998][ T113] >ffff88802774a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.511046][ T113] ^ [ 77.517190][ T113] ffff88802774a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5828] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5830] getdents64(3, [pid 5828] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 77.525247][ T113] ffff88802774a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.533300][ T113] ================================================================== [ 77.544041][ T114] [ 77.544041][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.544041][ T114] [ 77.552013][ T5833] [ 77.552013][ T5833] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.552013][ T5833] [ 77.562264][ T5829] [ 77.562264][ T5829] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.562264][ T5829] [ 77.566530][ T5832] [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... getdents64 resumed>0x555593a116f0 /* 4 entries */, 32768) = 112 [ 77.566530][ T5832] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.566530][ T5832] [ 77.576373][ T114] [ 77.576373][ T114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.576373][ T114] [ 77.597619][ T5829] [ 77.597619][ T5829] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 77.597619][ T5829] [ 77.602598][ T113] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.602616][ T113] CPU: 1 UID: 0 PID: 113 Comm: jfsCommit Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0 [ 77.602644][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 77.602660][ T113] Call Trace: [ 77.602670][ T113] [ 77.602680][ T113] dump_stack_lvl+0x241/0x360 [ 77.602723][ T113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.602758][ T113] ? __pfx__printk+0x10/0x10 [ 77.602791][ T113] ? preempt_schedule+0xe1/0xf0 [ 77.602825][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.602852][ T113] ? vscnprintf+0x5d/0x90 [ 77.602880][ T113] panic+0x349/0x880 [ 77.602912][ T113] ? check_panic_on_warn+0x21/0xb0 [ 77.602945][ T113] ? __pfx_panic+0x10/0x10 [ 77.602975][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.603003][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.603027][ T113] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 77.603061][ T113] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.603091][ T113] ? print_report+0x502/0x550 [ 77.603129][ T113] check_panic_on_warn+0x86/0xb0 [ 77.603160][ T113] ? txEnd+0x354/0x560 [ 77.603189][ T113] end_report+0x77/0x160 [ 77.603222][ T113] kasan_report+0x154/0x180 [ 77.603257][ T113] ? txEnd+0x354/0x560 [ 77.603289][ T113] kasan_check_range+0x282/0x290 [ 77.603326][ T113] txEnd+0x354/0x560 [ 77.603356][ T113] jfs_lazycommit+0x634/0xb80 [ 77.603387][ T113] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 77.603417][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.603441][ T113] ? lockdep_hardirqs_on+0x99/0x150 [ 77.603479][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.603510][ T113] ? __pfx_default_wake_function+0x10/0x10 [ 77.603550][ T113] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.603574][ T113] ? __kthread_parkme+0x169/0x1d0 [ 77.603610][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.603641][ T113] kthread+0x2f2/0x390 [ 77.603671][ T113] ? __pfx_jfs_lazycommit+0x10/0x10 [ 77.603702][ T113] ? __pfx_kthread+0x10/0x10 [ 77.603733][ T113] ret_from_fork+0x4d/0x80 [ 77.603759][ T113] ? __pfx_kthread+0x10/0x10 [ 77.603790][ T113] ret_from_fork_asm+0x1a/0x30 [ 77.603821][ T113] [ 77.608234][ T113] Kernel Offset: disabled