./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor828033560
<...>
syzkaller
syzkaller login: [ 46.490817][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 46.490833][ T26] audit: type=1400 audit(1687036460.083:77): avc: denied { transition } for pid=4842 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 46.520401][ T26] audit: type=1400 audit(1687036460.083:78): avc: denied { noatsecure } for pid=4842 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 46.540180][ T26] audit: type=1400 audit(1687036460.093:79): avc: denied { write } for pid=4842 comm="sh" path="pipe:[30042]" dev="pipefs" ino=30042 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 46.563370][ T26] audit: type=1400 audit(1687036460.093:80): avc: denied { rlimitinh } for pid=4842 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 46.582390][ T26] audit: type=1400 audit(1687036460.093:81): avc: denied { siginh } for pid=4842 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.474580][ T26] audit: type=1400 audit(1687036461.063:82): avc: denied { read } for pid=4429 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts.
execve("./syz-executor828033560", ["./syz-executor828033560"], 0x7ffcc3a45ed0 /* 10 vars */) = 0
brk(NULL) = 0x55555567f000
brk(0x55555567fc40) = 0x55555567fc40
arch_prctl(ARCH_SET_FS, 0x55555567f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor828033560", 4096) = 27
brk(0x5555556a0c40) = 0x5555556a0c40
brk(0x5555556a1000) = 0x5555556a1000
mprotect(0x7f7173e60000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
[ 63.037906][ T26] audit: type=1400 audit(1687036476.623:83): avc: denied { write } for pid=4989 comm="strace-static-x" path="pipe:[1714]" dev="pipefs" ino=1714 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4992
mkdir("./syzkaller.zDXuXF", 0700) = 0
chmod("./syzkaller.zDXuXF", 0777) = 0
chdir("./syzkaller.zDXuXF") = 0
mkdir("./0", 0777) = 0
[ 63.079382][ T26] audit: type=1400 audit(1687036476.663:84): avc: denied { execmem } for pid=4992 comm="syz-executor828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 63.104161][ T26] audit: type=1400 audit(1687036476.693:85): avc: denied { read write } for pid=4992 comm="syz-executor828" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555567f5d0) = 4993
./strace-static-x86_64: Process 4993 attached
[pid 4993] chdir("./0") = 0
[pid 4993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4993] setpgid(0, 0) = 0
[pid 4993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4993] write(3, "1000", 4) = 4
[pid 4993] close(3) = 0
[pid 4993] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4993] memfd_create("syzkaller", 0) = 3
[pid 4993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f716b99e000
[ 63.116327][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor828'
[ 63.147182][ T26] audit: type=1400 audit(1687036476.693:86): avc: denied { open } for pid=4992 comm="syz-executor828" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 63.172553][ T26] audit: type=1400 audit(1687036476.693:87): avc: denied { ioctl } for pid=4992 comm="syz-executor828" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 4993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4993] munmap(0x7f716b99e000, 16777216) = 0
[pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4993] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4993] close(3) = 0
[pid 4993] mkdir("./file0", 0777) = 0
[pid 4993] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_NOSUID|MS_REC|MS_SILENT, "") = 0
[pid 4993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4993] chdir("./file0") = 0
[pid 4993] ioctl(4, LOOP_CLR_FD) = 0
[pid 4993] close(4) = 0
[pid 4993] mount("./file0", "./file0", NULL, MS_NOSUID|MS_DIRSYNC|MS_BIND|MS_UNBINDABLE|MS_PRIVATE, NULL) = 0
[pid 4993] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 4993] write(4, "9", 1) = 1
[ 63.356676][ T4993] loop0: detected capacity change from 0 to 32768
[ 63.367791][ T26] audit: type=1400 audit(1687036476.953:88): avc: denied { mounton } for pid=4993 comm="syz-executor828" path="/root/syzkaller.zDXuXF/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 63.387212][ T4993] FAULT_INJECTION: forcing a failure.
[ 63.387212][ T4993] name failslab, interval 1, probability 0, space 0, times 1
[ 63.406313][ T4993] CPU: 1 PID: 4993 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 63.408323][ T26] audit: type=1400 audit(1687036476.953:89): avc: denied { mount } for pid=4993 comm="syz-executor828" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 63.416969][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 63.416989][ T4993] Call Trace:
[ 63.416998][ T4993]
[ 63.417005][ T4993] dump_stack_lvl+0x136/0x150
[ 63.417051][ T4993] should_fail_ex+0x4a3/0x5b0
[ 63.417085][ T4993] should_failslab+0x9/0x20
[ 63.417112][ T4993] __kmem_cache_alloc_node+0x5b/0x3f0
[ 63.417135][ T4993] kmalloc_trace+0x26/0xe0
[ 63.440351][ T26] audit: type=1400 audit(1687036476.953:90): avc: denied { mounton } for pid=4993 comm="syz-executor828" path="/root/syzkaller.zDXuXF/0/file0/file0" dev="loop0" ino=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 63.449695][ T4993] tomoyo_init_log+0x191/0x1f00
[ 63.449734][ T4993] ? kasan_save_stack+0x32/0x40
[ 63.449754][ T4993] ? kasan_save_stack+0x22/0x40
[ 63.449773][ T4993] ? kasan_set_track+0x25/0x30
[ 63.449792][ T4993] ? __kasan_kmalloc+0xa3/0xb0
[ 63.449811][ T4993] ? __kmalloc+0x5e/0x190
[ 63.465820][ T26] audit: type=1400 audit(1687036477.053:91): avc: denied { append } for pid=4429 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 63.469971][ T4993] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 63.470008][ T4993] ? vsnprintf+0x4df/0x1710
[ 63.470036][ T4993] ? common_lsm_audit+0x1ed0/0x1ed0
[ 63.470063][ T4993] ? tomoyo_profile+0x46/0x60
[ 63.475831][ T26] audit: type=1400 audit(1687036477.053:92): avc: denied { open } for pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 63.479830][ T4993] ? tomoyo_domain_quota_is_ok+0x300/0x580
[ 63.479866][ T4993] tomoyo_supervisor+0x34e/0xec0
[ 63.479897][ T4993] ? fs_reclaim_acquire+0xba/0x160
[ 63.479921][ T4993] ? tomoyo_profile+0x60/0x60
[ 63.479980][ T4993] ? mark_held_locks+0x9f/0xe0
[ 63.625895][ T4993] ? tomoyo_check_mount_acl+0x5e/0x1a0
[ 63.631404][ T4993] ? tomoyo_check_acl+0x328/0x440
[ 63.636443][ T4993] tomoyo_mount_acl+0x524/0x840
[ 63.641320][ T4993] ? tomoyo_check_mount_acl+0x1a0/0x1a0
[ 63.647012][ T4993] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.652998][ T4993] ? stack_trace_save+0x90/0xc0
[ 63.657853][ T4993] ? do_syscall_64+0x39/0xb0
[ 63.662458][ T4993] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.668538][ T4993] ? mntput+0x10/0x90
[ 63.672558][ T4993] ? terminate_walk+0x31e/0x680
[ 63.677440][ T4993] ? tomoyo_domain+0xbd/0x150
[ 63.682123][ T4993] ? tomoyo_profile+0x46/0x60
[ 63.686899][ T4993] tomoyo_mount_permission+0x166/0x410
[ 63.692423][ T4993] ? tomoyo_mount_permission+0xfe/0x410
[ 63.698013][ T4993] ? tomoyo_mount_acl+0x840/0x840
[ 63.703054][ T4993] ? debug_check_no_obj_freed+0x210/0x420
[ 63.708974][ T4993] security_sb_mount+0x6a/0xc0
[ 63.713951][ T4993] path_mount+0x133/0x1e40
[ 63.718476][ T4993] ? putname+0x102/0x140
[ 63.722768][ T4993] ? lockdep_hardirqs_on+0x7d/0x100
[ 63.728007][ T4993] ? finish_automount+0x9b0/0x9b0
[ 63.733132][ T4993] ? putname+0x102/0x140
[ 63.737469][ T4993] __x64_sys_mount+0x283/0x300
[ 63.742257][ T4993] ? copy_mnt_ns+0xb30/0xb30
[ 63.746946][ T4993] ? lockdep_hardirqs_on+0x7d/0x100
[ 63.752151][ T4993] ? _raw_spin_unlock_irq+0x2e/0x50
[ 63.757361][ T4993] ? ptrace_notify+0xfe/0x140
[ 63.762148][ T4993] do_syscall_64+0x39/0xb0
[ 63.766584][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.772480][ T4993] RIP: 0033:0x7f7173deba09
[ 63.776920][ T4993] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.797065][ T4993] RSP: 002b:00007ffed89ccdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[pid 4993] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_I_VERSION, NULL) = 0
[pid 4993] exit_group(0) = ?
[pid 4993] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4993, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555680620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 63.806916][ T4993] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7173deba09
[ 63.815011][ T4993] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000
[ 63.823021][ T4993] RBP: 00007ffed89cce20 R08: 0000000000000000 R09: 00007ffed89cce30
[ 63.831007][ T4993] R10: 0000000000800020 R11: 0000000000000246 R12: 0000000000000004
[ 63.839052][ T4993] R13: 00007ffed89cce60 R14: 00007ffed89cce40 R15: 0000000000000000
[ 63.847042][ T4993]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555688660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555688660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555680620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555567f5d0) = 4995
./strace-static-x86_64: Process 4995 attached
[pid 4995] chdir("./1") = 0
[pid 4995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4995] setpgid(0, 0) = 0
[pid 4995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4995] write(3, "1000", 4) = 4
[pid 4995] close(3) = 0
[pid 4995] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4995] memfd_create("syzkaller", 0) = 3
[pid 4995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f716b99e000
[pid 4995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4995] munmap(0x7f716b99e000, 16777216) = 0
[pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4995] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4995] close(3) = 0
[pid 4995] mkdir("./file0", 0777) = 0
[pid 4995] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_NOSUID|MS_REC|MS_SILENT, "") = 0
[pid 4995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4995] chdir("./file0") = 0
[pid 4995] ioctl(4, LOOP_CLR_FD) = 0
[pid 4995] close(4) = 0
[pid 4995] mount("./file0", "./file0", NULL, MS_NOSUID|MS_DIRSYNC|MS_BIND|MS_UNBINDABLE|MS_PRIVATE, NULL) = 0
[pid 4995] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 4995] write(4, "9", 1) = 1
[ 64.189814][ T4995] loop0: detected capacity change from 0 to 32768
[ 64.220796][ T4995] FAULT_INJECTION: forcing a failure.
[ 64.220796][ T4995] name failslab, interval 1, probability 0, space 0, times 0
[ 64.234614][ T4995] CPU: 0 PID: 4995 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 64.245253][ T4995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 64.255404][ T4995] Call Trace:
[ 64.258678][ T4995]
[ 64.261866][ T4995] dump_stack_lvl+0x136/0x150
[ 64.266543][ T4995] should_fail_ex+0x4a3/0x5b0
[ 64.271232][ T4995] should_failslab+0x9/0x20
[ 64.275990][ T4995] __kmem_cache_alloc_node+0x5b/0x3f0
[ 64.281408][ T4995] ? from_kuid+0x89/0xc0
[ 64.285665][ T4995] ? tomoyo_init_log+0x1290/0x1f00
[ 64.290814][ T4995] __kmalloc+0x4e/0x190
[ 64.294996][ T4995] tomoyo_init_log+0x1290/0x1f00
[ 64.299981][ T4995] ? common_lsm_audit+0x1ed0/0x1ed0
[ 64.305230][ T4995] ? tomoyo_domain_quota_is_ok+0x300/0x580
[ 64.311060][ T4995] tomoyo_supervisor+0x34e/0xec0
[ 64.316142][ T4995] ? fs_reclaim_acquire+0xba/0x160
[ 64.321472][ T4995] ? tomoyo_profile+0x60/0x60
[ 64.326198][ T4995] ? mark_held_locks+0x9f/0xe0
[ 64.330989][ T4995] ? tomoyo_check_mount_acl+0x5e/0x1a0
[ 64.336474][ T4995] ? tomoyo_check_acl+0x328/0x440
[ 64.341536][ T4995] tomoyo_mount_acl+0x524/0x840
[ 64.346429][ T4995] ? tomoyo_check_mount_acl+0x1a0/0x1a0
[ 64.352103][ T4995] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 64.358121][ T4995] ? stack_trace_save+0x90/0xc0
[ 64.363085][ T4995] ? do_syscall_64+0x39/0xb0
[ 64.367689][ T4995] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.373798][ T4995] ? mntput+0x10/0x90
[ 64.377973][ T4995] ? terminate_walk+0x31e/0x680
[ 64.382958][ T4995] ? tomoyo_domain+0xbd/0x150
[ 64.387928][ T4995] ? tomoyo_profile+0x46/0x60
[ 64.392633][ T4995] tomoyo_mount_permission+0x166/0x410
[ 64.398228][ T4995] ? tomoyo_mount_permission+0xfe/0x410
[ 64.404478][ T4995] ? tomoyo_mount_acl+0x840/0x840
[ 64.409549][ T4995] ? debug_check_no_obj_freed+0x210/0x420
[ 64.415756][ T4995] security_sb_mount+0x6a/0xc0
[ 64.420566][ T4995] path_mount+0x133/0x1e40
[ 64.425024][ T4995] ? putname+0x102/0x140
[ 64.429550][ T4995] ? lockdep_hardirqs_on+0x7d/0x100
[ 64.434784][ T4995] ? finish_automount+0x9b0/0x9b0
[ 64.439934][ T4995] ? putname+0x102/0x140
[ 64.444396][ T4995] __x64_sys_mount+0x283/0x300
[ 64.449187][ T4995] ? copy_mnt_ns+0xb30/0xb30
[ 64.453845][ T4995] ? lockdep_hardirqs_on+0x7d/0x100
[ 64.459070][ T4995] ? _raw_spin_unlock_irq+0x2e/0x50
[ 64.464392][ T4995] ? ptrace_notify+0xfe/0x140
[ 64.469805][ T4995] do_syscall_64+0x39/0xb0
[ 64.474330][ T4995] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.480347][ T4995] RIP: 0033:0x7f7173deba09
[ 64.484865][ T4995] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.504940][ T4995] RSP: 002b:00007ffed89ccdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 64.513638][ T4995] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7173deba09
[ 64.521814][ T4995] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000
[ 64.529816][ T4995] RBP: 00007ffed89cce20 R08: 0000000000000000 R09: 00007ffed89cce30
[pid 4995] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_I_VERSION, NULL) = 0
[pid 4995] exit_group(0) = ?
[pid 4995] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4995, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555680620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 64.537857][ T4995] R10: 0000000000800020 R11: 0000000000000246 R12: 0000000000000004
[ 64.545942][ T4995] R13: 00007ffed89cce60 R14: 00007ffed89cce40 R15: 0000000000000001
[ 64.553951][ T4995]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555688660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555688660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555680620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555567f5d0) = 4996
./strace-static-x86_64: Process 4996 attached
[pid 4996] chdir("./2") = 0
[pid 4996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4996] setpgid(0, 0) = 0
[pid 4996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4996] write(3, "1000", 4) = 4
[pid 4996] close(3) = 0
[pid 4996] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4996] memfd_create("syzkaller", 0) = 3
[pid 4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f716b99e000
[pid 4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4996] munmap(0x7f716b99e000, 16777216) = 0
[pid 4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4996] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4996] close(3) = 0
[pid 4996] mkdir("./file0", 0777) = 0
[pid 4996] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_NOSUID|MS_REC|MS_SILENT, "") = 0
[pid 4996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4996] chdir("./file0") = 0
[pid 4996] ioctl(4, LOOP_CLR_FD) = 0
[pid 4996] close(4) = 0
[pid 4996] mount("./file0", "./file0", NULL, MS_NOSUID|MS_DIRSYNC|MS_BIND|MS_UNBINDABLE|MS_PRIVATE, NULL) = 0
[pid 4996] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 4996] write(4, "9", 1) = 1
[ 64.838499][ T4996] loop0: detected capacity change from 0 to 32768
[ 64.862672][ T4996] FAULT_INJECTION: forcing a failure.
[ 64.862672][ T4996] name failslab, interval 1, probability 0, space 0, times 0
[ 64.875932][ T4996] CPU: 0 PID: 4996 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 64.886466][ T4996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 64.898846][ T4996] Call Trace:
[ 64.902517][ T4996]
[ 64.906945][ T4996] dump_stack_lvl+0x136/0x150
[ 64.911805][ T4996] should_fail_ex+0x4a3/0x5b0
[ 64.916506][ T4996] should_failslab+0x9/0x20
[ 64.921110][ T4996] __kmem_cache_alloc_node+0x5b/0x3f0
[ 64.926963][ T4996] kmalloc_trace+0x26/0xe0
[ 64.931533][ T4996] tomoyo_init_log+0x191/0x1f00
[ 64.936426][ T4996] ? kasan_save_stack+0x32/0x40
[ 64.941303][ T4996] ? kasan_save_stack+0x22/0x40
[ 64.946171][ T4996] ? kasan_set_track+0x25/0x30
[ 64.951033][ T4996] ? __kasan_kmalloc+0xa3/0xb0
[ 64.955894][ T4996] ? __kmalloc+0x5e/0x190
[ 64.960237][ T4996] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 64.966145][ T4996] ? vsnprintf+0x4df/0x1710
[ 64.970821][ T4996] ? common_lsm_audit+0x1ed0/0x1ed0
[ 64.976032][ T4996] ? tomoyo_profile+0x46/0x60
[ 64.980931][ T4996] ? tomoyo_domain_quota_is_ok+0x300/0x580
[ 64.986925][ T4996] tomoyo_supervisor+0x34e/0xec0
[ 64.992006][ T4996] ? fs_reclaim_acquire+0xba/0x160
[ 64.997335][ T4996] ? tomoyo_profile+0x60/0x60
[ 65.002164][ T4996] ? mark_held_locks+0x9f/0xe0
[ 65.007685][ T4996] ? tomoyo_check_mount_acl+0x5e/0x1a0
[ 65.013180][ T4996] ? tomoyo_check_acl+0x328/0x440
[ 65.018353][ T4996] tomoyo_mount_acl+0x524/0x840
[ 65.023807][ T4996] ? tomoyo_check_mount_acl+0x1a0/0x1a0
[ 65.029440][ T4996] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 65.035541][ T4996] ? stack_trace_save+0x90/0xc0
[ 65.040600][ T4996] ? do_syscall_64+0x39/0xb0
[ 65.045247][ T4996] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.051353][ T4996] ? mntput+0x10/0x90
[ 65.055386][ T4996] ? terminate_walk+0x31e/0x680
[ 65.060299][ T4996] ? tomoyo_domain+0xbd/0x150
[ 65.065084][ T4996] ? tomoyo_profile+0x46/0x60
[ 65.069791][ T4996] tomoyo_mount_permission+0x166/0x410
[ 65.075288][ T4996] ? tomoyo_mount_permission+0xfe/0x410
[ 65.080857][ T4996] ? tomoyo_mount_acl+0x840/0x840
[ 65.085911][ T4996] ? debug_check_no_obj_freed+0x210/0x420
[ 65.091677][ T4996] security_sb_mount+0x6a/0xc0
[ 65.096582][ T4996] path_mount+0x133/0x1e40
[ 65.101029][ T4996] ? putname+0x102/0x140
[ 65.106022][ T4996] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.112113][ T4996] ? finish_automount+0x9b0/0x9b0
[ 65.117267][ T4996] ? putname+0x102/0x140
[ 65.121534][ T4996] __x64_sys_mount+0x283/0x300
[ 65.126320][ T4996] ? copy_mnt_ns+0xb30/0xb30
[ 65.131034][ T4996] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.136262][ T4996] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.141479][ T4996] ? ptrace_notify+0xfe/0x140
[ 65.146341][ T4996] do_syscall_64+0x39/0xb0
[ 65.150901][ T4996] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.156899][ T4996] RIP: 0033:0x7f7173deba09
[ 65.161405][ T4996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.181288][ T4996] RSP: 002b:00007ffed89ccdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[pid 4996] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_I_VERSION, NULL) = 0
[pid 4996] exit_group(0) = ?
[pid 4996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4996, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555680620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 65.189725][ T4996] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7173deba09
[ 65.197699][ T4996] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000
[ 65.205842][ T4996] RBP: 00007ffed89cce20 R08: 0000000000000000 R09: 00007ffed89cce30
[ 65.214355][ T4996] R10: 0000000000800020 R11: 0000000000000246 R12: 0000000000000004
[ 65.223189][ T4996] R13: 00007ffed89cce60 R14: 00007ffed89cce40 R15: 0000000000000002
[ 65.231533][ T4996]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555688660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555688660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555680620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555567f5d0) = 4997
./strace-static-x86_64: Process 4997 attached
[pid 4997] chdir("./3") = 0
[pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4997] setpgid(0, 0) = 0
[pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4997] write(3, "1000", 4) = 4
[pid 4997] close(3) = 0
[pid 4997] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4997] memfd_create("syzkaller", 0) = 3
[pid 4997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f716b99e000
[pid 4997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4997] munmap(0x7f716b99e000, 16777216) = 0
[pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4997] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4997] close(3) = 0
[pid 4997] mkdir("./file0", 0777) = 0
[pid 4997] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_NOSUID|MS_REC|MS_SILENT, "") = 0
[pid 4997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4997] chdir("./file0") = 0
[pid 4997] ioctl(4, LOOP_CLR_FD) = 0
[pid 4997] close(4) = 0
[pid 4997] mount("./file0", "./file0", NULL, MS_NOSUID|MS_DIRSYNC|MS_BIND|MS_UNBINDABLE|MS_PRIVATE, NULL) = 0
[pid 4997] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 4997] write(4, "9", 1) = 1
[ 65.520237][ T4997] loop0: detected capacity change from 0 to 32768
[ 65.556434][ T4997] FAULT_INJECTION: forcing a failure.
[ 65.556434][ T4997] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 65.569915][ T4997] CPU: 1 PID: 4997 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 65.580439][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 65.590539][ T4997] Call Trace:
[ 65.593920][ T4997]
[ 65.596971][ T4997] dump_stack_lvl+0x136/0x150
[ 65.602210][ T4997] should_fail_ex+0x4a3/0x5b0
[ 65.607027][ T4997] prepare_alloc_pages+0x178/0x570
[ 65.612640][ T4997] ? lock_downgrade+0x690/0x690
[ 65.617631][ T4997] __alloc_pages+0x149/0x4a0
[ 65.622444][ T4997] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170
[ 65.629343][ T4997] ? find_held_lock+0x2d/0x110
[ 65.634121][ T4997] ? free_unref_page+0x199/0x370
[ 65.639075][ T4997] ? lock_downgrade+0x690/0x690
[ 65.643939][ T4997] ? free_unref_page_commit+0x38f/0x6e0
[ 65.649525][ T4997] __kmalloc_large_node+0x94/0x1d0
[ 65.654670][ T4997] kmalloc_large+0x1c/0xe0
[ 65.659304][ T4997] diMount+0x29/0x830
[ 65.663414][ T4997] jfs_mount_rw+0x239/0x6d0
[ 65.668385][ T4997] ? updateSuper+0x7b0/0x7b0
[ 65.673072][ T4997] ? list_lru_walk_node+0x15a/0x2f0
[ 65.679059][ T4997] ? list_lru_walk_one+0xe0/0xe0
[ 65.684014][ T4997] jfs_remount+0x520/0x660
[ 65.688692][ T4997] ? parse_options+0xee0/0xee0
[ 65.693935][ T4997] ? shrink_dcache_sb+0x1bf/0x360
[ 65.699164][ T4997] ? shrink_dentry_list+0x4f0/0x4f0
[ 65.708669][ T4997] ? parse_options+0xee0/0xee0
[ 65.713516][ T4997] legacy_reconfigure+0x119/0x180
[ 65.718749][ T4997] reconfigure_super+0x40c/0xa30
[ 65.724202][ T4997] ? fs_umode_to_dtype+0xd0/0xd0
[ 65.729190][ T4997] path_mount+0x1846/0x1e40
[ 65.733722][ T4997] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.738923][ T4997] ? finish_automount+0x9b0/0x9b0
[ 65.744476][ T4997] ? putname+0x102/0x140
[ 65.748725][ T4997] __x64_sys_mount+0x283/0x300
[ 65.753504][ T4997] ? copy_mnt_ns+0xb30/0xb30
[ 65.758185][ T4997] ? lockdep_hardirqs_on+0x7d/0x100
[ 65.763380][ T4997] ? _raw_spin_unlock_irq+0x2e/0x50
[ 65.768590][ T4997] ? ptrace_notify+0xfe/0x140
[ 65.773265][ T4997] do_syscall_64+0x39/0xb0
[ 65.777714][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.783669][ T4997] RIP: 0033:0x7f7173deba09
[ 65.788371][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.811546][ T4997] RSP: 002b:00007ffed89ccdf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[pid 4997] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_I_VERSION, NULL) = -1 ENOMEM (Cannot allocate memory)
[pid 4997] exit_group(0) = ?
[pid 4997] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555680620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 65.820075][ T4997] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7173deba09
[ 65.828166][ T4997] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000000
[ 65.836170][ T4997] RBP: 00007ffed89cce20 R08: 0000000000000000 R09: 00007ffed89cce30
[ 65.844159][ T4997] R10: 0000000000800020 R11: 0000000000000246 R12: 0000000000000004
[ 65.852427][ T4997] R13: 00007ffed89cce60 R14: 00007ffed89cce40 R15: 0000000000000003
[ 65.860510][ T4997]
[ 65.863935][ T4997] jfs_mount_rw: diMount failed!
[ 65.883788][ T4992] ------------[ cut here ]------------
[ 65.889488][ T4992] WARNING: CPU: 1 PID: 4992 at mm/slab_common.c:934 free_large_kmalloc+0xad/0x100
[ 65.898799][ T4992] Modules linked in:
[ 65.902917][ T4992] CPU: 1 PID: 4992 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 65.913512][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 65.923966][ T4992] RIP: 0010:free_large_kmalloc+0xad/0x100
[ 65.930275][ T4992] Code: ee 48 89 ef 5d 41 5c 41 5d e9 af 26 0e 00 e8 3a 25 ce ff 44 89 e2 be 06 00 00 00 48 89 ef e8 ba da 20 00 e8 b5 24 ce ff eb c6 <0f> 0b 80 3d d0 3d a8 0c 00 74 1f 48 8b 74 24 20 4c 89 e7 45 31 ed
[ 65.950049][ T4992] RSP: 0018:ffffc9000348fc98 EFLAGS: 00010246
[ 65.956151][ T4992] RAX: 00fff00000000000 RBX: ffff888070f80430 RCX: 0000000000000000
[ 65.964289][ T4992] RDX: 0000000000000000 RSI: ffff888070b18000 RDI: ffffea0001c2c600
[ 65.972361][ T4992] RBP: ffffea0001c2c600 R08: 0000000000000007 R09: 0000000000000000
[ 65.980752][ T4992] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888070b18000
[ 65.988771][ T4992] R13: ffff8880152fe000 R14: ffff888070f7c9f0 R15: ffff888070f80430
[ 65.997223][ T4992] FS: 000055555567f300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 66.006229][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.013163][ T4992] CR2: 0000555555688628 CR3: 000000007dc22000 CR4: 00000000003506e0
[ 66.021194][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 66.029332][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 66.037434][ T4992] Call Trace:
[ 66.040952][ T4992]
[ 66.044032][ T4992] ? __warn+0xe6/0x390
[ 66.048105][ T4992] ? free_large_kmalloc+0xad/0x100
[ 66.053268][ T4992] ? report_bug+0x2da/0x500
[ 66.057792][ T4992] ? handle_bug+0x3c/0x70
[ 66.062248][ T4992] ? exc_invalid_op+0x18/0x50
[ 66.066942][ T4992] ? asm_exc_invalid_op+0x1a/0x20
[ 66.072032][ T4992] ? free_large_kmalloc+0xad/0x100
[ 66.077168][ T4992] ? free_large_kmalloc+0x15/0x100
[ 66.082367][ T4992] diUnmount+0xf1/0x130
[ 66.086550][ T4992] jfs_umount+0x189/0x430
[ 66.090923][ T4992] jfs_put_super+0x85/0x1d0
[ 66.095809][ T4992] ? jfs_quota_off+0x170/0x170
[ 66.101349][ T4992] generic_shutdown_super+0x158/0x480
[ 66.107137][ T4992] kill_block_super+0xa1/0x100
[ 66.112037][ T4992] deactivate_locked_super+0x98/0x160
[ 66.117445][ T4992] deactivate_super+0xb1/0xd0
[ 66.122191][ T4992] cleanup_mnt+0x2ae/0x3d0
[ 66.126633][ T4992] task_work_run+0x16f/0x270
[ 66.131275][ T4992] ? task_work_cancel+0x30/0x30
[ 66.136157][ T4992] ? __x64_sys_umount+0x118/0x190
[ 66.141415][ T4992] ptrace_notify+0x118/0x140
[ 66.146035][ T4992] syscall_exit_to_user_mode_prepare+0x129/0x220
[ 66.152501][ T4992] syscall_exit_to_user_mode+0xd/0x50
[ 66.157911][ T4992] do_syscall_64+0x46/0xb0
[ 66.162380][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.168305][ T4992] RIP: 0033:0x7f7173decda7
[ 66.172760][ T4992] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.192781][ T4992] RSP: 002b:00007ffed89cbd08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 66.201478][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7173decda7
[ 66.210205][ T4992] RDX: 00007ffed89cbdc9 RSI: 000000000000000a RDI: 00007ffed89cbdc0
[ 66.220081][ T4992] RBP: 00007ffed89cbdc0 R08: 00000000ffffffff R09: 00007ffed89cbba0
[ 66.228194][ T4992] R10: 0000555555680653 R11: 0000000000000202 R12: 00007ffed89cce40
[ 66.236293][ T4992] R13: 00005555556805f0 R14: 00007ffed89cbd30 R15: 0000000000000004
[ 66.244417][ T4992]
[ 66.247458][ T4992] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 66.254740][ T4992] CPU: 1 PID: 4992 Comm: syz-executor828 Not tainted 6.4.0-rc6-syzkaller-00242-g1639fae5132b #0
[ 66.265238][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 66.275291][ T4992] Call Trace:
[ 66.278564][ T4992]
[ 66.281604][ T4992] dump_stack_lvl+0xd9/0x150
[ 66.286200][ T4992] panic+0x686/0x730
[ 66.290192][ T4992] ? panic_smp_self_stop+0xa0/0xa0
[ 66.295405][ T4992] ? show_trace_log_lvl+0x284/0x390
[ 66.300628][ T4992] ? free_large_kmalloc+0xad/0x100
[ 66.306294][ T4992] check_panic_on_warn+0xb1/0xc0
[ 66.311342][ T4992] __warn+0xf2/0x390
[ 66.315258][ T4992] ? free_large_kmalloc+0xad/0x100
[ 66.320388][ T4992] report_bug+0x2da/0x500
[ 66.324823][ T4992] handle_bug+0x3c/0x70
[ 66.329168][ T4992] exc_invalid_op+0x18/0x50
[ 66.333864][ T4992] asm_exc_invalid_op+0x1a/0x20
[ 66.338736][ T4992] RIP: 0010:free_large_kmalloc+0xad/0x100
[ 66.344469][ T4992] Code: ee 48 89 ef 5d 41 5c 41 5d e9 af 26 0e 00 e8 3a 25 ce ff 44 89 e2 be 06 00 00 00 48 89 ef e8 ba da 20 00 e8 b5 24 ce ff eb c6 <0f> 0b 80 3d d0 3d a8 0c 00 74 1f 48 8b 74 24 20 4c 89 e7 45 31 ed
[ 66.364188][ T4992] RSP: 0018:ffffc9000348fc98 EFLAGS: 00010246
[ 66.370303][ T4992] RAX: 00fff00000000000 RBX: ffff888070f80430 RCX: 0000000000000000
[ 66.378351][ T4992] RDX: 0000000000000000 RSI: ffff888070b18000 RDI: ffffea0001c2c600
[ 66.386430][ T4992] RBP: ffffea0001c2c600 R08: 0000000000000007 R09: 0000000000000000
[ 66.394850][ T4992] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888070b18000
[ 66.402872][ T4992] R13: ffff8880152fe000 R14: ffff888070f7c9f0 R15: ffff888070f80430
[ 66.410879][ T4992] ? free_large_kmalloc+0x15/0x100
[ 66.416814][ T4992] diUnmount+0xf1/0x130
[ 66.421187][ T4992] jfs_umount+0x189/0x430
[ 66.425691][ T4992] jfs_put_super+0x85/0x1d0
[ 66.430510][ T4992] ? jfs_quota_off+0x170/0x170
[ 66.435513][ T4992] generic_shutdown_super+0x158/0x480
[ 66.441286][ T4992] kill_block_super+0xa1/0x100
[ 66.446096][ T4992] deactivate_locked_super+0x98/0x160
[ 66.451676][ T4992] deactivate_super+0xb1/0xd0
[ 66.456393][ T4992] cleanup_mnt+0x2ae/0x3d0
[ 66.460833][ T4992] task_work_run+0x16f/0x270
[ 66.465451][ T4992] ? task_work_cancel+0x30/0x30
[ 66.470440][ T4992] ? __x64_sys_umount+0x118/0x190
[ 66.475489][ T4992] ptrace_notify+0x118/0x140
[ 66.480103][ T4992] syscall_exit_to_user_mode_prepare+0x129/0x220
[ 66.486479][ T4992] syscall_exit_to_user_mode+0xd/0x50
[ 66.491912][ T4992] do_syscall_64+0x46/0xb0
[ 66.496378][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.502311][ T4992] RIP: 0033:0x7f7173decda7
[ 66.506765][ T4992] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.526579][ T4992] RSP: 002b:00007ffed89cbd08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 66.535114][ T4992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7173decda7
[ 66.543109][ T4992] RDX: 00007ffed89cbdc9 RSI: 000000000000000a RDI: 00007ffed89cbdc0
[ 66.551097][ T4992] RBP: 00007ffed89cbdc0 R08: 00000000ffffffff R09: 00007ffed89cbba0
[ 66.559108][ T4992] R10: 0000555555680653 R11: 0000000000000202 R12: 00007ffed89cce40
[ 66.567103][ T4992] R13: 00005555556805f0 R14: 00007ffed89cbd30 R15: 0000000000000004
[ 66.575088][ T4992]
[ 66.578293][ T4992] Kernel Offset: disabled
[ 66.582732][ T4992] Rebooting in 86400 seconds..