./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor916906745 <...> Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. execve("./syz-executor916906745", ["./syz-executor916906745"], 0x7fffddc0ba10 /* 10 vars */) = 0 brk(NULL) = 0x555555a17000 brk(0x555555a17c40) = 0x555555a17c40 arch_prctl(ARCH_SET_FS, 0x555555a17300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555a175d0) = 4999 set_robust_list(0x555555a175e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f38d333c490, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f38d333cb60}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f38d333c530, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f38d333cb60}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor916906745", 4096) = 27 brk(0x555555a38c40) = 0x555555a38c40 brk(0x555555a39000) = 0x555555a39000 mprotect(0x7f38d33fe000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4999 mkdir("./syzkaller.m2nzHc", 0700) = 0 chmod("./syzkaller.m2nzHc", 0777) = 0 chdir("./syzkaller.m2nzHc") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a175d0) = 5000 ./strace-static-x86_64: Process 5000 attached [pid 5000] set_robust_list(0x555555a175e0, 24) = 0 [pid 5000] chdir("./0") = 0 [pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5000] setpgid(0, 0) = 0 [pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5000] write(3, "1000", 4) = 4 [pid 5000] close(3) = 0 [pid 5000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5000] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38d330b000 [pid 5000] mprotect(0x7f38d330c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5000] clone(child_stack=0x7f38d332b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5002], tls=0x7f38d332b700, child_tidptr=0x7f38d332b9d0) = 5002 [pid 5000] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] futex(0x7f38d340478c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5002 attached [pid 5002] set_robust_list(0x7f38d332b9e0, 24) = 0 [pid 5002] memfd_create("syzkaller", 0) = 3 [pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f38caf0b000 [pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5002] munmap(0x7f38caf0b000, 524288) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5002] close(3) = 0 [pid 5002] mkdir("./bus", 0777) = 0 syzkaller login: [ 44.437303][ T5002] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5002 'syz-executor916' [ 44.454853][ T5002] loop0: detected capacity change from 0 to 1024 [ 44.463998][ T5002] ======================================================= [ 44.463998][ T5002] WARNING: The mand mount option has been deprecated and [ 44.463998][ T5002] and is ignored by this kernel. Remove the mand [pid 5002] mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0 [pid 5002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5002] chdir("./bus") = 0 [pid 5002] ioctl(4, LOOP_CLR_FD) = 0 [pid 5002] close(4) = 0 [pid 5002] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... futex resumed>) = 0 [pid 5000] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38caf6a000 [pid 5000] mprotect(0x7f38caf6b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5000] clone(child_stack=0x7f38caf8a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5003], tls=0x7f38caf8a700, child_tidptr=0x7f38caf8a9d0) = 5003 [pid 5000] futex(0x7f38d3404798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] futex(0x7f38d340479c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [pid 5002] rename("./file1", "./bus") = 0 [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5002] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x7f38caf8a9e0, 24) = 0 [pid 5003] creat("./file1", 000) = 4 [pid 5003] creat("./file1", 000) = 5 [pid 5003] creat("./file1", 000) = 6 [pid 5003] creat("./file1", 000) = 7 [pid 5003] creat("./file1", 000) = 8 [pid 5003] creat("./file1", 000) = 9 [pid 5003] creat("./file1", 000) = 10 [pid 5003] creat("./file1", 000) = 11 [pid 5003] creat("./file1", 000) = 12 [pid 5003] creat("./file1", 000) = 13 [pid 5003] creat("./file1", 000) = 14 [pid 5003] creat("./file1", 000) = 15 [pid 5003] creat("./file1", 000) = 16 [pid 5003] creat("./file1", 000) = 17 [pid 5003] creat("./file1", 000) = 18 [pid 5003] creat("./file1", 000) = 19 [pid 5003] creat("./file1", 000) = 20 [pid 5003] creat("./file1", 000) = 21 [pid 5003] creat("./file1", 000) = 22 [pid 5003] creat("./file1", 000) = 23 [pid 5003] creat("./file1", 000) = 24 [pid 5003] creat("./file1", 000) = 25 [pid 5003] creat("./file1", 000) = 26 [pid 5003] creat("./file1", 000) = 27 [pid 5003] creat("./file1", 000) = 28 [pid 5003] creat("./file1", 000) = 29 [pid 5003] creat("./file1", 000) = 30 [pid 5003] creat("./file1", 000) = 31 [pid 5003] creat("./file1", 000) = 32 [pid 5003] creat("./file1", 000) = 33 [pid 5003] creat("./file1", 000) = 34 [pid 5003] creat("./file1", 000) = 35 [pid 5003] creat("./file1", 000) = 36 [ 44.463998][ T5002] option from the mount to silence this warning. [ 44.463998][ T5002] ======================================================= [pid 5003] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5000] <... futex resumed>) = 0 [pid 5000] exit_group(0 [pid 5002] <... futex resumed>) = ? [pid 5000] <... exit_group resumed>) = ? [pid 5002] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ [pid 5000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5000, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a18620 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555555a18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a175d0) = 5004 ./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x555555a175e0, 24) = 0 [pid 5004] chdir("./1") = 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5004] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38d330b000 [pid 5004] mprotect(0x7f38d330c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5004] clone(child_stack=0x7f38d332b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5005 attached , parent_tid=[5005], tls=0x7f38d332b700, child_tidptr=0x7f38d332b9d0) = 5005 [pid 5005] set_robust_list(0x7f38d332b9e0, 24) = 0 [pid 5005] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5004] futex(0x7f38d340478c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5005] memfd_create("syzkaller", 0) = 3 [pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f38caf0b000 [pid 5005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5005] munmap(0x7f38caf0b000, 524288) = 0 [pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5005] close(3) = 0 [pid 5005] mkdir("./bus", 0777) = 0 [pid 5005] mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0 [pid 5005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5005] chdir("./bus") = 0 [pid 5005] ioctl(4, LOOP_CLR_FD) = 0 [pid 5005] close(4) = 0 [pid 5005] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5005] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] rename("./file1", "./bus" [pid 5004] <... futex resumed>) = 0 [pid 5004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38caf6a000 [pid 5004] mprotect(0x7f38caf6b000, 131072, PROT_READ|PROT_WRITE [pid 5005] <... rename resumed>) = 0 [pid 5004] <... mprotect resumed>) = 0 [pid 5004] clone(child_stack=0x7f38caf8a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus" [pid 5004] <... clone resumed>, parent_tid=[5006], tls=0x7f38caf8a700, child_tidptr=0x7f38caf8a9d0) = 5006 [pid 5004] futex(0x7f38d3404798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5004] futex(0x7f38d340479c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus"./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7f38caf8a9e0, 24 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5006] <... set_robust_list resumed>) = 0 [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] <... creat resumed>) = 4 [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000) = 5 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] creat("./file1", 000 [pid 5005] rename("./file1", "./bus" [pid 5006] <... creat resumed>) = 6 [pid 5006] creat("./file1", 000 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] <... creat resumed>) = 7 [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000) = 8 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] creat("./file1", 000) = 9 [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000) = 10 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] creat("./file1", 000) = 11 [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000) = 12 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5006] creat("./file1", 000 [pid 5005] rename("./file1", "./bus" [pid 5006] <... creat resumed>) = 13 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus" [pid 5006] creat("./file1", 000 [pid 5005] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5005] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5005] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... creat resumed>) = 14 [pid 5006] creat("./file1", 000) = 15 [pid 5006] creat("./file1", 000) = 16 [pid 5006] creat("./file1", 000) = 17 [pid 5006] creat("./file1", 000) = 18 [pid 5006] creat("./file1", 000) = 19 [pid 5006] creat("./file1", 000) = 20 [pid 5006] creat("./file1", 000) = 21 [pid 5006] creat("./file1", 000) = 22 [pid 5006] creat("./file1", 000) = 23 [pid 5006] creat("./file1", 000) = 24 [pid 5006] creat("./file1", 000) = 25 [pid 5006] creat("./file1", 000) = 26 [pid 5006] creat("./file1", 000) = 27 [pid 5006] creat("./file1", 000) = 28 [pid 5006] creat("./file1", 000) = 29 [pid 5006] creat("./file1", 000) = 30 [ 44.583995][ T5005] loop0: detected capacity change from 0 to 1024 [pid 5006] creat("./file1", 000) = 31 [pid 5006] creat("./file1", 000) = 32 [pid 5006] creat("./file1", 000) = 33 [pid 5006] creat("./file1", 000) = 34 [pid 5006] creat("./file1", 000) = 35 [pid 5006] creat("./file1", 000) = 36 [pid 5006] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5006] futex(0x7f38d3404798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] exit_group(0 [pid 5005] <... futex resumed>) = ? [pid 5004] <... exit_group resumed>) = ? [pid 5006] <... futex resumed>) = ? [pid 5005] +++ exited with 0 +++ [pid 5006] +++ exited with 0 +++ [pid 5004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a18620 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555555a18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a175d0) = 5007 ./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x555555a175e0, 24) = 0 [pid 5007] chdir("./2") = 0 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5007] setpgid(0, 0) = 0 [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5007] write(3, "1000", 4) = 4 [pid 5007] close(3) = 0 [pid 5007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5007] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38d330b000 [pid 5007] mprotect(0x7f38d330c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5007] clone(child_stack=0x7f38d332b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5008], tls=0x7f38d332b700, child_tidptr=0x7f38d332b9d0) = 5008 [pid 5007] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] futex(0x7f38d340478c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x7f38d332b9e0, 24) = 0 [pid 5008] memfd_create("syzkaller", 0) = 3 [pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f38caf0b000 [pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5008] munmap(0x7f38caf0b000, 524288) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5008] close(3) = 0 [pid 5008] mkdir("./bus", 0777) = 0 [pid 5008] mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0 [pid 5008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5008] chdir("./bus") = 0 [pid 5008] ioctl(4, LOOP_CLR_FD) = 0 [pid 5008] close(4) = 0 [pid 5008] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... futex resumed>) = 0 [pid 5007] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38caf6a000 [pid 5007] mprotect(0x7f38caf6b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5007] clone(child_stack=0x7f38caf8a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5009], tls=0x7f38caf8a700, child_tidptr=0x7f38caf8a9d0) = 5009 [pid 5007] futex(0x7f38d3404798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] futex(0x7f38d340479c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... futex resumed>) = 1 [pid 5008] rename("./file1", "./bus") = 0 [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) ./strace-static-x86_64: Process 5009 attached [pid 5008] rename("./file1", "./bus" [pid 5009] set_robust_list(0x7f38caf8a9e0, 24) = 0 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] creat("./file1", 000 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 4 [pid 5009] creat("./file1", 000 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 5 [pid 5009] creat("./file1", 000 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] <... creat resumed>) = 6 [pid 5008] rename("./file1", "./bus" [pid 5009] creat("./file1", 000 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] <... creat resumed>) = 7 [pid 5008] rename("./file1", "./bus" [pid 5009] creat("./file1", 000) = 8 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] creat("./file1", 000 [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 9 [ 44.656811][ T12] hfsplus: b-tree write err: -5, ino 8 [ 44.687710][ T5008] loop0: detected capacity change from 0 to 1024 [pid 5009] creat("./file1", 000) = 10 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] creat("./file1", 000) = 11 [pid 5008] rename("./file1", "./bus" [pid 5009] creat("./file1", 000) = 12 [pid 5009] creat("./file1", 000) = 13 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] creat("./file1", 000 [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 14 [pid 5009] creat("./file1", 000 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 15 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5009] creat("./file1", 000 [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus" [pid 5009] <... creat resumed>) = 16 [pid 5008] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5009] creat("./file1", 000 [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5008] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5009] <... creat resumed>) = 17 [pid 5008] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] creat("./file1", 000 [pid 5008] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... creat resumed>) = 18 [pid 5009] creat("./file1", 000) = 19 [pid 5009] creat("./file1", 000) = 20 [pid 5009] creat("./file1", 000) = 21 [pid 5009] creat("./file1", 000) = 22 [pid 5009] creat("./file1", 000) = 23 [pid 5009] creat("./file1", 000) = 24 [pid 5009] creat("./file1", 000) = 25 [pid 5009] creat("./file1", 000) = 26 [pid 5009] creat("./file1", 000) = 27 [pid 5009] creat("./file1", 000) = 28 [pid 5009] creat("./file1", 000) = 29 [pid 5009] creat("./file1", 000) = 30 [pid 5009] creat("./file1", 000) = 31 [pid 5009] creat("./file1", 000) = 32 [pid 5009] creat("./file1", 000) = 33 [pid 5009] creat("./file1", 000) = 34 [pid 5009] creat("./file1", 000) = 35 [pid 5009] creat("./file1", 000) = 36 [pid 5009] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5007] <... futex resumed>) = 0 [pid 5007] exit_group(0 [pid 5008] <... futex resumed>) = ? [pid 5007] <... exit_group resumed>) = ? [pid 5009] +++ exited with 0 +++ [pid 5008] +++ exited with 0 +++ [pid 5007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5007, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a18620 /* 4 entries */, 32768) = 104 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a20660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a20660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x555555a18620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a175d0) = 5010 ./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x555555a175e0, 24) = 0 [pid 5010] chdir("./3") = 0 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5010] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38d330b000 [pid 5010] mprotect(0x7f38d330c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7f38d332b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5011 attached , parent_tid=[5011], tls=0x7f38d332b700, child_tidptr=0x7f38d332b9d0) = 5011 [pid 5011] set_robust_list(0x7f38d332b9e0, 24) = 0 [pid 5011] futex(0x7f38d3404788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5010] futex(0x7f38d340478c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5011] memfd_create("syzkaller", 0) = 3 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f38caf0b000 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5011] munmap(0x7f38caf0b000, 524288) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 44.763695][ T74] hfsplus: b-tree write err: -5, ino 8 [pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5011] close(3) = 0 [pid 5011] mkdir("./bus", 0777) = 0 [pid 5011] mount("/dev/loop0", "./bus", "hfsplus", MS_SYNCHRONOUS|MS_MANDLOCK, "") = 0 [pid 5011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5011] chdir("./bus") = 0 [pid 5011] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] close(4) = 0 [pid 5011] futex(0x7f38d340478c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f38d3404788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f38d340479c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f38caf6a000 [pid 5010] mprotect(0x7f38caf6b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7f38caf8a3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5012], tls=0x7f38caf8a700, child_tidptr=0x7f38caf8a9d0) = 5012 [pid 5011] rename("./file1", "./bus" [pid 5010] futex(0x7f38d3404798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f38d340479c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f38caf8a9e0, 24) = 0 [pid 5012] creat("./file1", 000 [pid 5011] <... rename resumed>) = 0 [pid 5011] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5011] rename("./file1", "./bus") = -1 ENOENT (No such file or directory) [pid 5011] rename("./file1", "./bus" [pid 5012] <... creat resumed>) = 4 [pid 5012] creat("./file1", 000 [pid 5011] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5011] rename("./file1", "./bus" [pid 5012] <... creat resumed>) = 5 [pid 5012] creat("./file1", 000 [pid 5011] <... rename resumed>) = -1 ENOENT (No such file or directory) [pid 5012] <... creat resumed>) = 6 [pid 5011] rename("./file1", "./bus" [pid 5012] creat("./file1", 000) = 7 [ 44.806914][ T5011] loop0: detected capacity change from 0 to 1024 [ 44.841834][ T5011] ------------[ cut here ]------------ [ 44.847516][ T5011] WARNING: CPU: 1 PID: 5011 at fs/inode.c:331 drop_nlink+0xbb/0x110 [pid 5012] creat("./file1", 000 [pid 5010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 44.855696][ T5011] Modules linked in: [ 44.859634][ T5011] CPU: 1 PID: 5011 Comm: syz-executor916 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 [ 44.870105][ T5011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 44.880213][ T5011] RIP: 0010:drop_nlink+0xbb/0x110 [ 44.885306][ T5011] Code: 28 be 08 00 00 00 48 8d bb c0 07 00 00 e8 bd 9f e9 ff f0 48 ff 83 c0 07 00 00 5b 5d 41 5c 41 5d e9 9a cd 96 ff e8 95 cd 96 ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 [ 44.905022][ T5011] RSP: 0018:ffffc900039dfa88 EFLAGS: 00010293 [ 44.911120][ T5011] RAX: 0000000000000000 RBX: ffff88807c402370 RCX: 0000000000000000 [ 44.919155][ T5011] RDX: ffff88807e175940 RSI: ffffffff81ed794b RDI: 0000000000000005 [ 44.927138][ T5011] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 44.935161][ T5011] R10: 0000000000000000 R11: 0000000000094001 R12: 00000000ffffffff [ 44.943181][ T5011] R13: ffff88807c4023b8 R14: ffffc900039dfb18 R15: ffff88807671b130 [ 44.951492][ T5011] FS: 00007f38d332b700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 44.960541][ T5011] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.967122][ T5011] CR2: 00000000200028c4 CR3: 00000000157ca000 CR4: 0000000000350ee0 [ 44.975145][ T5011] Call Trace: [ 44.978470][ T5011] [ 44.981488][ T5011] ? __warn+0xe6/0x390 [ 44.985578][ T5011] ? drop_nlink+0xbb/0x110 [ 44.990047][ T5011] ? report_bug+0x2da/0x500 [ 44.994591][ T5011] ? handle_bug+0x3c/0x70 [ 44.999022][ T5011] ? exc_invalid_op+0x18/0x50 [pid 5010] exit_group(0) = ? [ 45.003725][ T5011] ? asm_exc_invalid_op+0x1a/0x20 [ 45.008834][ T5011] ? drop_nlink+0xbb/0x110 [ 45.013288][ T5011] ? drop_nlink+0xbb/0x110 [ 45.017723][ T5011] ? drop_nlink+0xbb/0x110 [ 45.022205][ T5011] hfsplus_unlink+0x504/0x830 [ 45.026896][ T5011] ? hfsplus_symlink+0x2e0/0x2e0 [ 45.031896][ T5011] ? down_write_nested+0x153/0x200 [ 45.037014][ T5011] ? _down_write_nest_lock+0x200/0x200 [ 45.042530][ T5011] ? spin_bug+0x1c0/0x1c0 [ 45.046958][ T5011] ? hfsplus_unlink+0x830/0x830 [ 45.051854][ T5011] hfsplus_rename+0xc2/0x210 [ 45.056481][ T5011] ? hfsplus_unlink+0x830/0x830 [ 45.061410][ T5011] vfs_rename+0xef6/0x17a0 [ 45.065852][ T5011] ? path_openat+0x2750/0x2750 [ 45.070676][ T5011] ? d_lookup+0x105/0x170 [ 45.075113][ T5011] ? bpf_lsm_path_rename+0x9/0x10 [ 45.080193][ T5011] ? security_path_rename+0x158/0x230 [ 45.085612][ T5011] do_renameat2+0xc04/0xd40 [ 45.090210][ T5011] ? __ia32_sys_link+0xa0/0xa0 [ 45.095005][ T5011] ? __virt_addr_valid+0x61/0x2e0 [ 45.100081][ T5011] ? __phys_addr_symbol+0x30/0x70 [ 45.105138][ T5011] ? strncpy_from_user+0x1f8/0x350 [ 45.110321][ T5011] __x64_sys_rename+0x81/0xa0 [ 45.115026][ T5011] do_syscall_64+0x39/0xb0 [ 45.119498][ T5011] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.125435][ T5011] RIP: 0033:0x7f38d337f539 [ 45.129956][ T5011] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 45.149809][ T5011] RSP: 002b:00007f38d332b2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 45.158304][ T5011] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00007f38d337f539 [ 45.166460][ T5011] RDX: ffffffffffffffb8 RSI: 00000000200028c0 RDI: 00000000200000c0 [ 45.174482][ T5011] RBP: 00007f38d3404788 R08: 0000000000000000 R09: 0000000000000000 [ 45.182507][ T5011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38d3404780 [ 45.190519][ T5011] R13: 0000000020000cc0 R14: 0031656c69662f2e R15: 0073756c70736668 [ 45.198561][ T5011] [ 45.201577][ T5011] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 45.208857][ T5011] CPU: 1 PID: 5011 Comm: syz-executor916 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0 [ 45.219247][ T5011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 45.229285][ T5011] Call Trace: [ 45.232548][ T5011] [ 45.235470][ T5011] dump_stack_lvl+0xd9/0x150 [ 45.240048][ T5011] panic+0x686/0x730 [ 45.243935][ T5011] ? panic_smp_self_stop+0xa0/0xa0 [ 45.249035][ T5011] ? show_trace_log_lvl+0x284/0x390 [ 45.254228][ T5011] ? drop_nlink+0xbb/0x110 [ 45.258639][ T5011] check_panic_on_warn+0xb1/0xc0 [ 45.263579][ T5011] __warn+0xf2/0x390 [ 45.267559][ T5011] ? drop_nlink+0xbb/0x110 [ 45.271975][ T5011] report_bug+0x2da/0x500 [ 45.276311][ T5011] handle_bug+0x3c/0x70 [ 45.280457][ T5011] exc_invalid_op+0x18/0x50 [ 45.284951][ T5011] asm_exc_invalid_op+0x1a/0x20 [ 45.289799][ T5011] RIP: 0010:drop_nlink+0xbb/0x110 [ 45.294820][ T5011] Code: 28 be 08 00 00 00 48 8d bb c0 07 00 00 e8 bd 9f e9 ff f0 48 ff 83 c0 07 00 00 5b 5d 41 5c 41 5d e9 9a cd 96 ff e8 95 cd 96 ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 [ 45.314420][ T5011] RSP: 0018:ffffc900039dfa88 EFLAGS: 00010293 [ 45.320477][ T5011] RAX: 0000000000000000 RBX: ffff88807c402370 RCX: 0000000000000000 [ 45.328699][ T5011] RDX: ffff88807e175940 RSI: ffffffff81ed794b RDI: 0000000000000005 [ 45.336656][ T5011] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 45.344616][ T5011] R10: 0000000000000000 R11: 0000000000094001 R12: 00000000ffffffff [ 45.352574][ T5011] R13: ffff88807c4023b8 R14: ffffc900039dfb18 R15: ffff88807671b130 [ 45.360547][ T5011] ? drop_nlink+0xbb/0x110 [ 45.364967][ T5011] ? drop_nlink+0xbb/0x110 [ 45.369379][ T5011] hfsplus_unlink+0x504/0x830 [ 45.374059][ T5011] ? hfsplus_symlink+0x2e0/0x2e0 [ 45.379001][ T5011] ? down_write_nested+0x153/0x200 [ 45.384154][ T5011] ? _down_write_nest_lock+0x200/0x200 [ 45.389606][ T5011] ? spin_bug+0x1c0/0x1c0 [ 45.393934][ T5011] ? hfsplus_unlink+0x830/0x830 [ 45.398799][ T5011] hfsplus_rename+0xc2/0x210 [ 45.403392][ T5011] ? hfsplus_unlink+0x830/0x830 [ 45.408237][ T5011] vfs_rename+0xef6/0x17a0 [ 45.412653][ T5011] ? path_openat+0x2750/0x2750 [ 45.417409][ T5011] ? d_lookup+0x105/0x170 [ 45.421731][ T5011] ? bpf_lsm_path_rename+0x9/0x10 [ 45.427104][ T5011] ? security_path_rename+0x158/0x230 [ 45.432482][ T5011] do_renameat2+0xc04/0xd40 [ 45.436988][ T5011] ? __ia32_sys_link+0xa0/0xa0 [ 45.441757][ T5011] ? __virt_addr_valid+0x61/0x2e0 [ 45.446779][ T5011] ? __phys_addr_symbol+0x30/0x70 [ 45.451805][ T5011] ? strncpy_from_user+0x1f8/0x350 [ 45.456922][ T5011] __x64_sys_rename+0x81/0xa0 [ 45.461598][ T5011] do_syscall_64+0x39/0xb0 [ 45.466007][ T5011] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.471906][ T5011] RIP: 0033:0x7f38d337f539 [ 45.476320][ T5011] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 45.495916][ T5011] RSP: 002b:00007f38d332b2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 45.504578][ T5011] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00007f38d337f539 [ 45.512542][ T5011] RDX: ffffffffffffffb8 RSI: 00000000200028c0 RDI: 00000000200000c0 [ 45.520501][ T5011] RBP: 00007f38d3404788 R08: 0000000000000000 R09: 0000000000000000 [ 45.528474][ T5011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38d3404780 [ 45.536433][ T5011] R13: 0000000020000cc0 R14: 0031656c69662f2e R15: 0073756c70736668 [ 45.544405][ T5011] [ 45.548025][ T5011] Kernel Offset: disabled [ 45.552436][ T5011] Rebooting in 86400 seconds..