./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3000917214
<...>
forked to background, child pid 4639
no interfaces have a carrier
[ 29.938890][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0
[ 29.965160][ T4640] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
execve("./syz-executor3000917214", ["./syz-executor3000917214"], 0x7ffdd50aa5a0 /* 10 vars */) = 0
brk(NULL) = 0x555556353000
brk(0x555556353c40) = 0x555556353c40
arch_prctl(ARCH_SET_FS, 0x555556353300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3000917214", 4096) = 28
brk(0x555556374c40) = 0x555556374c40
brk(0x555556375000) = 0x555556375000
mprotect(0x7fbeecdef000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5065
mkdir("./syzkaller.spdnVd", 0700) = 0
chmod("./syzkaller.spdnVd", 0777) = 0
chdir("./syzkaller.spdnVd") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563535d0) = 5066
./strace-static-x86_64: Process 5066 attached
[pid 5066] chdir("./0") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee492e000
[pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5066] munmap(0x7fbee492e000, 16777216) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./file0", 0777) = 0
[pid 5066] mount("/dev/loop0", "./file0", "jfs", 0, "nodiscard,errors=continue,iocharset=cp1251,") = 0
[pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./file0") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[pid 5066] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5066] getdents64(4, 0x20000200 /* 6 entries */, 197) = 176
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556354620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
syzkaller login: [ 51.240641][ T5066] loop0: detected capacity change from 0 to 32768
[ 51.273713][ T5066] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[ 51.273713][ T5066]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635c660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635c660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556354620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563535d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid 5068] chdir("./1") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee492e000
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5068] munmap(0x7fbee492e000, 16777216) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./file0", 0777) = 0
[pid 5068] mount("/dev/loop0", "./file0", "jfs", 0, "nodiscard,errors=continue,iocharset=cp1251,") = 0
[pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./file0") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5068] getdents64(4, 0x20000200 /* 6 entries */, 197) = 176
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556354620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 51.789203][ T5068] loop0: detected capacity change from 0 to 32768
[ 51.812660][ T5068] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[ 51.812660][ T5068]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635c660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635c660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556354620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563535d0) = 5069
./strace-static-x86_64: Process 5069 attached
[pid 5069] chdir("./2") = 0
[pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5069] setpgid(0, 0) = 0
[pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5069] write(3, "1000", 4) = 4
[pid 5069] close(3) = 0
[pid 5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5069] memfd_create("syzkaller", 0) = 3
[pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee492e000
[pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5069] munmap(0x7fbee492e000, 16777216) = 0
[pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5069] close(3) = 0
[pid 5069] mkdir("./file0", 0777) = 0
[pid 5069] mount("/dev/loop0", "./file0", "jfs", 0, "nodiscard,errors=continue,iocharset=cp1251,") = 0
[pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5069] chdir("./file0") = 0
[pid 5069] ioctl(4, LOOP_CLR_FD) = 0
[pid 5069] close(4) = 0
[pid 5069] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5069] getdents64(4, 0x20000200 /* 6 entries */, 197) = 176
[pid 5069] exit_group(0) = ?
[pid 5069] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556354620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 52.326261][ T5069] loop0: detected capacity change from 0 to 32768
[ 52.351733][ T5069] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[ 52.351733][ T5069]
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635c660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635c660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556354620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563535d0) = 5070
./strace-static-x86_64: Process 5070 attached
[pid 5070] chdir("./3") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee492e000
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5070] munmap(0x7fbee492e000, 16777216) = 0
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./file0", 0777) = 0
[pid 5070] mount("/dev/loop0", "./file0", "jfs", 0, "nodiscard,errors=continue,iocharset=cp1251,") = 0
[pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./file0") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[pid 5070] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5070] getdents64(4, 0x20000200 /* 6 entries */, 197) = 176
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556354620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 52.856765][ T5070] loop0: detected capacity change from 0 to 32768
[ 52.884576][ T5070] ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[ 52.884576][ T5070]
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555635c660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555635c660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556354620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563535d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid 5071] chdir("./4") = 0
[pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5071] setpgid(0, 0) = 0
[pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5071] write(3, "1000", 4) = 4
[pid 5071] close(3) = 0
[pid 5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5071] memfd_create("syzkaller", 0) = 3
[pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbee492e000
[pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5071] munmap(0x7fbee492e000, 16777216) = 0
[pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5071] close(3) = 0
[pid 5071] mkdir("./file0", 0777) = 0
[pid 5071] mount("/dev/loop0", "./file0", "jfs", 0, "nodiscard,errors=continue,iocharset=cp1251,") = 0
[pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5071] chdir("./file0") = 0
[pid 5071] ioctl(4, LOOP_CLR_FD) = 0
[pid 5071] close(4) = 0
[pid 5071] openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 53.122263][ T5071] loop0: detected capacity change from 0 to 32768
[ 53.151201][ T5071] ==================================================================
[ 53.160884][ T5071] BUG: KASAN: slab-out-of-bounds in jfs_readdir+0x375e/0x4230
[ 53.169300][ T5071] Read of size 1 at addr ffff888075357f75 by task syz-executor300/5071
[ 53.178428][ T5071]
[ 53.180787][ T5071] CPU: 1 PID: 5071 Comm: syz-executor300 Not tainted 6.2.0-rc3-syzkaller-00030-ge8f60cd7db24 #0
[ 53.192042][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.205135][ T5071] Call Trace:
[ 53.210768][ T5071]
[ 53.214561][ T5071] dump_stack_lvl+0xd1/0x138
[ 53.219283][ T5071] print_report+0x15e/0x45d
[ 53.223885][ T5071] ? __phys_addr+0xc8/0x140
[ 53.228873][ T5071] ? jfs_readdir+0x375e/0x4230
[ 53.233864][ T5071] kasan_report+0xbf/0x1f0
[ 53.238518][ T5071] ? jfs_readdir+0x375e/0x4230
[ 53.243757][ T5071] jfs_readdir+0x375e/0x4230
[ 53.248743][ T5071] ? dtDelete+0x2f90/0x2f90
[ 53.253342][ T5071] ? down_write_killable+0x15c/0x250
[ 53.258808][ T5071] ? down_write_killable_nested+0x250/0x250
[ 53.266373][ T5071] ? apparmor_file_permission+0x268/0x4e0
[ 53.272600][ T5071] iterate_dir+0x1fd/0x6f0
[ 53.277049][ T5071] __x64_sys_getdents64+0x13e/0x2c0
[ 53.282335][ T5071] ? __ia32_sys_getdents+0x2c0/0x2c0
[ 53.287629][ T5071] ? compat_filldir+0x6b0/0x6b0
[ 53.292653][ T5071] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.297850][ T5071] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.303591][ T5071] ? ptrace_notify+0xfe/0x140
[ 53.309076][ T5071] do_syscall_64+0x39/0xb0
[ 53.313497][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.319481][ T5071] RIP: 0033:0x7fbeecd7b9a9
[ 53.323928][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.343568][ T5071] RSP: 002b:00007ffed1b8d6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 53.352000][ T5071] RAX: ffffffffffffffda RBX: 000000000000cdbe RCX: 00007fbeecd7b9a9
[ 53.361398][ T5071] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[ 53.370100][ T5071] RBP: 0000000000000000 R08: 00007ffed1b8d720 R09: 00007ffed1b8d720
[ 53.381424][ T5071] R10: 0000000000005d45 R11: 0000000000000246 R12: 00007ffed1b8d71c
[ 53.394291][ T5071] R13: 00007ffed1b8d750 R14: 00007ffed1b8d730 R15: 0000000000000004
[ 53.402308][ T5071]
[ 53.405388][ T5071]
[ 53.407831][ T5071] The buggy address belongs to the object at ffff888075356e58
[ 53.407831][ T5071] which belongs to the cache ext4_inode_cache of size 2440
[ 53.423810][ T5071] The buggy address is located 1941 bytes to the right of
[ 53.423810][ T5071] 2440-byte region [ffff888075356e58, ffff8880753577e0)
[ 53.438493][ T5071]
[ 53.440806][ T5071] The buggy address belongs to the physical page:
[ 53.447214][ T5071] page:ffffea0001d4d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75350
[ 53.457585][ T5071] head:ffffea0001d4d400 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[ 53.467657][ T5071] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 53.475653][ T5071] raw: 00fff00000010200 ffff888018d9c140 dead000000000122 0000000000000000
[ 53.484249][ T5071] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 53.492849][ T5071] page dumped because: kasan: bad access detected
[ 53.499262][ T5071] page_owner tracks the page as allocated
[ 53.504975][ T5071] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5069, tgid 5069 (syz-executor300), ts 52178760853, free_ts 12054506429
[ 53.528587][ T5071] get_page_from_freelist+0x119c/0x2ce0
[ 53.534183][ T5071] __alloc_pages+0x1cb/0x5b0
[ 53.538768][ T5071] alloc_pages+0x1aa/0x270
[ 53.543223][ T5071] allocate_slab+0x25f/0x350
[ 53.547848][ T5071] ___slab_alloc+0xa91/0x1400
[ 53.552516][ T5071] __slab_alloc.constprop.0+0x56/0xa0
[ 53.557902][ T5071] kmem_cache_alloc_lru+0x4dc/0x760
[ 53.563283][ T5071] ext4_alloc_inode+0x28/0x680
[ 53.568673][ T5071] alloc_inode+0x61/0x230
[ 53.572997][ T5071] new_inode+0x2b/0x280
[ 53.577756][ T5071] __ext4_new_inode+0x399/0x57d0
[ 53.582683][ T5071] ext4_symlink+0x5ac/0xa00
[ 53.587181][ T5071] vfs_symlink+0x369/0x5c0
[ 53.592153][ T5071] do_symlinkat+0x250/0x2c0
[ 53.596685][ T5071] __x64_sys_symlink+0x79/0x90
[ 53.601447][ T5071] do_syscall_64+0x39/0xb0
[ 53.605892][ T5071] page last free stack trace:
[ 53.610817][ T5071] free_pcp_prepare+0x65c/0xc00
[ 53.616995][ T5071] free_unref_page+0x1d/0x490
[ 53.622745][ T5071] free_contig_range+0xb5/0x180
[ 53.627615][ T5071] destroy_args+0xa8/0x64c
[ 53.632045][ T5071] debug_vm_pgtable+0x28de/0x296f
[ 53.637434][ T5071] do_one_initcall+0x141/0x790
[ 53.642255][ T5071] kernel_init_freeable+0x6f9/0x782
[ 53.647457][ T5071] kernel_init+0x1e/0x1d0
[ 53.652046][ T5071] ret_from_fork+0x1f/0x30
[ 53.656504][ T5071]
[ 53.658820][ T5071] Memory state around the buggy address:
[ 53.664634][ T5071] ffff888075357e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.672684][ T5071] ffff888075357e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.680840][ T5071] >ffff888075357f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.688934][ T5071] ^
[ 53.696684][ T5071] ffff888075357f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 53.704748][ T5071] ffff888075358000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 53.712822][ T5071] ==================================================================
[ 53.721392][ T5071] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 53.730128][ T5071] CPU: 1 PID: 5071 Comm: syz-executor300 Not tainted 6.2.0-rc3-syzkaller-00030-ge8f60cd7db24 #0
[ 53.740643][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 53.750972][ T5071] Call Trace:
[ 53.754247][ T5071]
[ 53.757165][ T5071] dump_stack_lvl+0xd1/0x138
[ 53.761876][ T5071] panic+0x2cc/0x626
[ 53.765766][ T5071] ? panic_print_sys_info.part.0+0x110/0x110
[ 53.771771][ T5071] ? preempt_schedule_thunk+0x1a/0x20
[ 53.777279][ T5071] ? preempt_schedule_common+0x59/0xc0
[ 53.782763][ T5071] check_panic_on_warn.cold+0x19/0x35
[ 53.788137][ T5071] end_report.part.0+0x36/0x73
[ 53.792920][ T5071] ? jfs_readdir+0x375e/0x4230
[ 53.797691][ T5071] kasan_report.cold+0xa/0xf
[ 53.802286][ T5071] ? jfs_readdir+0x375e/0x4230
[ 53.807057][ T5071] jfs_readdir+0x375e/0x4230
[ 53.811700][ T5071] ? dtDelete+0x2f90/0x2f90
[ 53.816234][ T5071] ? down_write_killable+0x15c/0x250
[ 53.821510][ T5071] ? down_write_killable_nested+0x250/0x250
[ 53.827417][ T5071] ? apparmor_file_permission+0x268/0x4e0
[ 53.833247][ T5071] iterate_dir+0x1fd/0x6f0
[ 53.837679][ T5071] __x64_sys_getdents64+0x13e/0x2c0
[ 53.842955][ T5071] ? __ia32_sys_getdents+0x2c0/0x2c0
[ 53.848230][ T5071] ? compat_filldir+0x6b0/0x6b0
[ 53.853067][ T5071] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.858254][ T5071] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.863448][ T5071] ? ptrace_notify+0xfe/0x140
[ 53.868117][ T5071] do_syscall_64+0x39/0xb0
[ 53.872536][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.878419][ T5071] RIP: 0033:0x7fbeecd7b9a9
[ 53.882855][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.902637][ T5071] RSP: 002b:00007ffed1b8d6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 53.911176][ T5071] RAX: ffffffffffffffda RBX: 000000000000cdbe RCX: 00007fbeecd7b9a9
[ 53.919496][ T5071] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[ 53.927552][ T5071] RBP: 0000000000000000 R08: 00007ffed1b8d720 R09: 00007ffed1b8d720
[ 53.935527][ T5071] R10: 0000000000005d45 R11: 0000000000000246 R12: 00007ffed1b8d71c
[ 53.943518][ T5071] R13: 00007ffed1b8d750 R14: 00007ffed1b8d730 R15: 0000000000000004
[ 53.951509][ T5071]
[ 53.954872][ T5071] Kernel Offset: disabled
[ 53.959362][ T5071] Rebooting in 86400 seconds..