./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4210439471 <...> Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. execve("./syz-executor4210439471", ["./syz-executor4210439471"], 0x7ffd22208530 /* 10 vars */) = 0 brk(NULL) = 0x555556c7b000 brk(0x555556c7bc40) = 0x555556c7bc40 arch_prctl(ARCH_SET_FS, 0x555556c7b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4210439471", 4096) = 28 brk(0x555556c9cc40) = 0x555556c9cc40 brk(0x555556c9d000) = 0x555556c9d000 mprotect(0x7ff13bfcc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3635 attached , child_tidptr=0x555556c7b5d0) = 3635 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3635] getpid(./strace-static-x86_64: Process 3636 attached ) = 3635 [pid 3634] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3636 [pid 3635] mkdir("./syzkaller.PeyFl2", 0700 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c7b5d0) = 3637 [pid 3635] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 3637 attached [pid 3635] chmod("./syzkaller.PeyFl2", 0777 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3635] <... chmod resumed>) = 0 [pid 3635] chdir("./syzkaller.PeyFl2") = 0 [pid 3635] mkdir("./0", 0777 [pid 3634] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3638 [pid 3636] getpid( [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3635] <... mkdir resumed>) = 0 [pid 3637] getpid( [pid 3635] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3634] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3639 [pid 3637] <... getpid resumed>) = 3637 [pid 3635] <... openat resumed>) = 3 [pid 3634] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3637] mkdir("./syzkaller.v1rnYb", 0700 [pid 3635] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 3639 attached [pid 3636] <... getpid resumed>) = 3636 [pid 3636] mkdir("./syzkaller.7f4Pq7", 0700 [pid 3635] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3637] <... mkdir resumed>) = 0 [pid 3635] close(3 [pid 3634] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3640 [pid 3639] getpid( [pid 3637] chmod("./syzkaller.v1rnYb", 0777 [pid 3635] <... close resumed>) = 0 [pid 3639] <... getpid resumed>) = 3639 [pid 3637] <... chmod resumed>) = 0 [pid 3635] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3636] <... mkdir resumed>) = 0 [pid 3637] chdir("./syzkaller.v1rnYb" [pid 3639] mkdir("./syzkaller.uoam9l", 0700 [pid 3637] <... chdir resumed>) = 0 [pid 3635] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3641 [pid 3637] mkdir("./0", 0777 [pid 3636] chmod("./syzkaller.7f4Pq7", 0777) = 0 [pid 3637] <... mkdir resumed>) = 0 [pid 3639] <... mkdir resumed>) = 0 [pid 3636] chdir("./syzkaller.7f4Pq7" [pid 3639] chmod("./syzkaller.uoam9l", 0777 [pid 3637] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 3641 attached [pid 3636] <... chdir resumed>) = 0 [pid 3637] <... openat resumed>) = 3 [pid 3637] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3636] mkdir("./0", 0777 [pid 3637] close(3) = 0 [pid 3639] <... chmod resumed>) = 0 [pid 3637] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3636] <... mkdir resumed>) = 0 [pid 3639] chdir("./syzkaller.uoam9l" [pid 3637] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3641] chdir("./0" [pid 3639] <... chdir resumed>) = 0 [pid 3641] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 3640 attached [pid 3639] mkdir("./0", 0777 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3640] getpid(./strace-static-x86_64: Process 3638 attached [pid 3642] chdir("./0" [pid 3641] <... prctl resumed>) = 0 [pid 3639] <... mkdir resumed>) = 0 [pid 3636] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3642] <... chdir resumed>) = 0 [pid 3641] setpgid(0, 0 [pid 3639] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3641] <... setpgid resumed>) = 0 [pid 3640] <... getpid resumed>) = 3640 [pid 3640] mkdir("./syzkaller.LI0usp", 0700 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3640] <... mkdir resumed>) = 0 [pid 3639] <... openat resumed>) = 3 [pid 3639] ioctl(3, LOOP_CLR_FD [pid 3642] <... prctl resumed>) = 0 [pid 3641] <... openat resumed>) = 3 [pid 3640] chmod("./syzkaller.LI0usp", 0777 [pid 3639] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3638] getpid( [pid 3636] <... openat resumed>) = 3 [pid 3642] setpgid(0, 0 [pid 3641] write(3, "1000", 4 [pid 3640] <... chmod resumed>) = 0 [pid 3639] close(3 [pid 3638] <... getpid resumed>) = 3638 [pid 3636] ioctl(3, LOOP_CLR_FD [pid 3642] <... setpgid resumed>) = 0 [pid 3641] <... write resumed>) = 4 [pid 3640] chdir("./syzkaller.LI0usp" [pid 3639] <... close resumed>) = 0 [pid 3638] mkdir("./syzkaller.BxukOg", 0700 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3641] close(3 [pid 3640] <... chdir resumed>) = 0 [pid 3639] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3638] <... mkdir resumed>) = 0 [pid 3636] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3642] <... openat resumed>) = 3 [pid 3641] <... close resumed>) = 0 [pid 3640] mkdir("./0", 0777 [pid 3638] chmod("./syzkaller.BxukOg", 0777 [pid 3636] close(3 [pid 3642] write(3, "1000", 4 [pid 3641] symlink("/dev/binderfs", "./binderfs" [pid 3640] <... mkdir resumed>) = 0 [pid 3639] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3644 [pid 3638] <... chmod resumed>) = 0 [pid 3636] <... close resumed>) = 0 [pid 3642] <... write resumed>) = 4 [pid 3641] <... symlink resumed>) = 0 [pid 3640] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 3638] chdir("./syzkaller.BxukOg" [pid 3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached [pid 3642] close(3 [pid 3641] memfd_create("syzkaller", 0 [pid 3640] <... openat resumed>) = 3 [pid 3638] <... chdir resumed>) = 0 [pid 3644] chdir("./0" [pid 3642] <... close resumed>) = 0 [pid 3641] <... memfd_create resumed>) = 3 [pid 3640] ioctl(3, LOOP_CLR_FD [pid 3638] mkdir("./0", 0777 [pid 3636] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3646 [pid 3644] <... chdir resumed>) = 0 [pid 3642] symlink("/dev/binderfs", "./binderfs" [pid 3641] ftruncate(3, 16777216 [pid 3640] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3638] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 3646 attached [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3642] <... symlink resumed>) = 0 [pid 3641] <... ftruncate resumed>) = 0 [pid 3640] close(3 [pid 3638] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3646] chdir("./0" [pid 3644] <... prctl resumed>) = 0 [pid 3642] memfd_create("syzkaller", 0 [pid 3641] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0 [pid 3640] <... close resumed>) = 0 [pid 3638] <... openat resumed>) = 3 [pid 3646] <... chdir resumed>) = 0 [pid 3644] setpgid(0, 0 [pid 3642] <... memfd_create resumed>) = 3 [pid 3641] <... mmap resumed>) = 0x7ff13af0b000 [pid 3640] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3638] ioctl(3, LOOP_CLR_FD [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3644] <... setpgid resumed>) = 0 [pid 3642] ftruncate(3, 16777216 [pid 3638] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 3646] <... prctl resumed>) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3642] <... ftruncate resumed>) = 0 [pid 3638] close(3./strace-static-x86_64: Process 3647 attached [pid 3646] setpgid(0, 0 [pid 3644] <... openat resumed>) = 3 [pid 3642] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0 [pid 3640] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3647 [pid 3638] <... close resumed>) = 0 [pid 3647] chdir("./0" [pid 3646] <... setpgid resumed>) = 0 [pid 3644] write(3, "1000", 4 [pid 3642] <... mmap resumed>) = 0x7ff13af0b000 [pid 3638] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3647] <... chdir resumed>) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3644] <... write resumed>) = 4 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3646] <... openat resumed>) = 3 [pid 3644] close(3 [pid 3638] <... clone resumed>, child_tidptr=0x555556c7b5d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3647] <... prctl resumed>) = 0 [pid 3646] write(3, "1000", 4 [pid 3644] <... close resumed>) = 0 [pid 3648] chdir("./0" [pid 3647] setpgid(0, 0 [pid 3646] <... write resumed>) = 4 [pid 3644] symlink("/dev/binderfs", "./binderfs" [pid 3648] <... chdir resumed>) = 0 [pid 3647] <... setpgid resumed>) = 0 [pid 3646] close(3 [pid 3644] <... symlink resumed>) = 0 [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3646] <... close resumed>) = 0 [pid 3644] memfd_create("syzkaller", 0 [pid 3648] <... prctl resumed>) = 0 [pid 3647] <... openat resumed>) = 3 [pid 3646] symlink("/dev/binderfs", "./binderfs" [pid 3644] <... memfd_create resumed>) = 3 [pid 3648] setpgid(0, 0 [pid 3647] write(3, "1000", 4 [pid 3646] <... symlink resumed>) = 0 [pid 3644] ftruncate(3, 16777216 [pid 3648] <... setpgid resumed>) = 0 [pid 3647] <... write resumed>) = 4 [pid 3646] memfd_create("syzkaller", 0 [pid 3644] <... ftruncate resumed>) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3647] close(3 [pid 3646] <... memfd_create resumed>) = 3 [pid 3644] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0 [pid 3648] <... openat resumed>) = 3 [pid 3647] <... close resumed>) = 0 [pid 3646] ftruncate(3, 16777216 [pid 3644] <... mmap resumed>) = 0x7ff13af0b000 [pid 3648] write(3, "1000", 4 [pid 3647] symlink("/dev/binderfs", "./binderfs" [pid 3646] <... ftruncate resumed>) = 0 [pid 3648] <... write resumed>) = 4 [pid 3648] close(3) = 0 [pid 3647] <... symlink resumed>) = 0 [pid 3646] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0 [pid 3648] symlink("/dev/binderfs", "./binderfs" [pid 3647] memfd_create("syzkaller", 0 [pid 3646] <... mmap resumed>) = 0x7ff13af0b000 [pid 3648] <... symlink resumed>) = 0 [pid 3647] <... memfd_create resumed>) = 3 [pid 3648] memfd_create("syzkaller", 0 [pid 3647] ftruncate(3, 16777216 [pid 3648] <... memfd_create resumed>) = 3 [pid 3647] <... ftruncate resumed>) = 0 [pid 3648] ftruncate(3, 16777216 [pid 3647] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0 [pid 3648] <... ftruncate resumed>) = 0 [pid 3647] <... mmap resumed>) = 0x7ff13af0b000 [pid 3648] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7ff13af0b000 [pid 3642] munmap(0x7ff13af0b000, 16777216 [pid 3641] munmap(0x7ff13af0b000, 16777216 [pid 3642] <... munmap resumed>) = 0 [pid 3642] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 3642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3641] <... munmap resumed>) = 0 [pid 3642] mkdir("./file0", 0777) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 3648] munmap(0x7ff13af0b000, 16777216 [pid 3642] mount("/dev/loop2", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3641] <... openat resumed>) = 4 [ 57.272151][ T3642] loop2: detected capacity change from 0 to 32768 [pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3644] munmap(0x7ff13af0b000, 16777216 [pid 3641] mkdir("./file0", 0777 [pid 3642] <... mount resumed>) = 0 [pid 3647] munmap(0x7ff13af0b000, 16777216 [pid 3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3641] <... mkdir resumed>) = 0 [pid 3642] <... openat resumed>) = 5 [pid 3641] mount("/dev/loop0", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3648] <... munmap resumed>) = 0 [pid 3642] chdir("./file0" [pid 3648] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 3642] <... chdir resumed>) = 0 [pid 3641] <... mount resumed>) = 0 [pid 3648] <... openat resumed>) = 4 [pid 3644] <... munmap resumed>) = 0 [pid 3642] ioctl(4, LOOP_CLR_FD [pid 3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3648] ioctl(4, LOOP_SET_FD, 3 [pid 3646] munmap(0x7ff13af0b000, 16777216 [ 57.323744][ T3641] loop0: detected capacity change from 0 to 32768 [pid 3644] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 3642] <... ioctl resumed>) = 0 [pid 3641] <... openat resumed>) = 5 [pid 3642] close(4 [pid 3644] <... openat resumed>) = 4 [pid 3642] <... close resumed>) = 0 [pid 3641] chdir("./file0" [pid 3644] ioctl(4, LOOP_SET_FD, 3 [pid 3642] close(3 [pid 3641] <... chdir resumed>) = 0 [pid 3647] <... munmap resumed>) = 0 [pid 3647] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 3647] ioctl(4, LOOP_SET_FD, 3 [pid 3642] <... close resumed>) = 0 [pid 3641] ioctl(4, LOOP_CLR_FD [pid 3642] exit_group(0 [pid 3641] <... ioctl resumed>) = 0 [pid 3648] <... ioctl resumed>) = 0 [pid 3644] <... ioctl resumed>) = 0 [pid 3642] <... exit_group resumed>) = ? [pid 3641] close(4 [pid 3648] mkdir("./file0", 0777 [pid 3644] mkdir("./file0", 0777 [pid 3648] <... mkdir resumed>) = 0 [pid 3642] +++ exited with 0 +++ [pid 3641] <... close resumed>) = 0 [pid 3648] mount("/dev/loop3", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3644] <... mkdir resumed>) = 0 [pid 3641] close(3 [pid 3637] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=3, si_stime=28} --- [pid 3644] mount("/dev/loop4", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3641] <... close resumed>) = 0 [pid 3641] exit_group(0) = ? [pid 3648] <... mount resumed>) = 0 [pid 3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3641] +++ exited with 0 +++ [pid 3648] chdir("./file0" [pid 3644] <... mount resumed>) = 0 [pid 3637] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3635] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=8, si_stime=21} --- [pid 3648] <... chdir resumed>) = 0 [pid 3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3637] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3648] ioctl(4, LOOP_CLR_FD [pid 3647] <... ioctl resumed>) = 0 [pid 3637] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3648] <... ioctl resumed>) = 0 [pid 3647] mkdir("./file0", 0777 [pid 3644] <... openat resumed>) = 5 [pid 3637] <... openat resumed>) = 3 [pid 3648] close(4 [pid 3647] <... mkdir resumed>) = 0 [pid 3644] chdir("./file0" [pid 3637] fstat(3, [pid 3648] <... close resumed>) = 0 [pid 3647] mount("/dev/loop5", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3644] <... chdir resumed>) = 0 [pid 3637] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3648] close(3 [pid 3644] ioctl(4, LOOP_CLR_FD [pid 3637] getdents64(3, [pid 3635] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3648] <... close resumed>) = 0 [pid 3644] <... ioctl resumed>) = 0 [pid 3637] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3635] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3648] exit_group(0 [pid 3647] <... mount resumed>) = 0 [pid 3646] <... munmap resumed>) = 0 [pid 3644] close(4 [pid 3637] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 57.378828][ T3648] loop3: detected capacity change from 0 to 32768 [ 57.396492][ T3644] loop4: detected capacity change from 0 to 32768 [ 57.405063][ T3647] loop5: detected capacity change from 0 to 32768 [pid 3635] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3648] <... exit_group resumed>) = ? [pid 3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 3646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 3644] <... close resumed>) = 0 [pid 3637] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3635] <... openat resumed>) = 3 [pid 3648] +++ exited with 0 +++ [pid 3647] <... openat resumed>) = 5 [pid 3646] <... openat resumed>) = 4 [pid 3644] close(3 [pid 3637] lstat("./0/binderfs", [pid 3635] fstat(3, [pid 3647] chdir("./file0" [pid 3646] ioctl(4, LOOP_SET_FD, 3 [pid 3644] <... close resumed>) = 0 [pid 3638] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=3, si_stime=22} --- [pid 3637] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3635] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3647] <... chdir resumed>) = 0 [pid 3637] unlink("./0/binderfs" [pid 3635] getdents64(3, [pid 3647] ioctl(4, LOOP_CLR_FD [pid 3637] <... unlink resumed>) = 0 [pid 3635] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3647] <... ioctl resumed>) = 0 [pid 3637] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3635] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3647] close(4 [pid 3635] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3647] <... close resumed>) = 0 [pid 3638] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3635] lstat("./0/binderfs", [pid 3647] close(3 [pid 3646] <... ioctl resumed>) = 0 [pid 3644] exit_group(0 [pid 3638] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3647] <... close resumed>) = 0 [pid 3646] mkdir("./file0", 0777 [pid 3644] <... exit_group resumed>) = ? [pid 3638] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3635] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3647] exit_group(0 [pid 3646] <... mkdir resumed>) = 0 [pid 3644] +++ exited with 0 +++ [pid 3646] mount("/dev/loop1", "./file0", "jfs", MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_STRICTATIME, "discard,nointegrity,iocharset=macromanian,iocharset=cp950,gid=0x0000000000000000," [pid 3638] <... openat resumed>) = 3 [pid 3635] unlink("./0/binderfs" [pid 3647] <... exit_group resumed>) = ? [pid 3639] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=6, si_stime=23} --- [pid 3635] <... unlink resumed>) = 0 [pid 3647] +++ exited with 0 +++ [pid 3640] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=8, si_stime=23} --- [pid 3638] fstat(3, [pid 3635] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3638] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3638] getdents64(3, [pid 3640] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3638] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3640] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3639] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3640] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3639] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3638] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3640] <... openat resumed>) = 3 [pid 3639] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3638] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3640] fstat(3, [pid 3639] <... openat resumed>) = 3 [pid 3638] lstat("./0/binderfs", [pid 3639] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3638] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3640] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3640] getdents64(3, [pid 3639] getdents64(3, [pid 3638] unlink("./0/binderfs") = 0 [pid 3640] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3639] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3640] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3639] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 57.467037][ T3646] loop1: detected capacity change from 0 to 32768 [ 57.519613][ T3638] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN [ 57.531373][ T3638] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 57.539799][ T3638] CPU: 1 PID: 3638 Comm: syz-executor421 Not tainted 6.1.0-rc6-syzkaller #0 [ 57.548483][ T3638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 57.558549][ T3638] RIP: 0010:lmLogSync+0x227/0xb00 [ 57.563614][ T3638] Code: ae fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 37 21 d7 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 1a 21 d7 fe 48 8b 3b e8 a2 fb ae [ 57.583228][ T3638] RSP: 0018:ffffc90003c6fa60 EFLAGS: 00010206 [ 57.589464][ T3638] RAX: 0000000000000006 RBX: 0000000000000030 RCX: 1a1064e09ad07200 [ 57.597513][ T3638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.605488][ T3638] RBP: ffffc90003c6fb68 R08: ffffffff81b68453 R09: ffffc90003c6f9b0 [ 57.613539][ T3638] R10: fffff5200078df39 R11: 1ffff9200078df36 R12: dffffc0000000000 [ 57.621500][ T3638] R13: ffff888078d2a800 R14: 0000000000000000 R15: ffff888013711a38 [ 57.629464][ T3638] FS: 0000555556c7b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.638569][ T3638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.645243][ T3638] CR2: 0000555556c84628 CR3: 000000007e614000 CR4: 00000000003506e0 [ 57.653213][ T3638] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.661177][ T3638] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.669150][ T3638] Call Trace: [ 57.672425][ T3638] [ 57.675434][ T3638] ? jfs_syncpt+0x22/0x90 [ 57.679778][ T3638] ? lmWriteRecord+0x1240/0x1240 [ 57.684804][ T3638] ? lmLogShutdown+0x920/0x920 [ 57.689583][ T3638] ? dqput+0x810/0x810 [ 57.693669][ T3638] jfs_syncpt+0x79/0x90 [ 57.697934][ T3638] jfs_sync_fs+0x86/0xa0 [ 57.702215][ T3638] sync_filesystem+0xe8/0x220 [ 57.707247][ T3638] generic_shutdown_super+0x6b/0x310 [ 57.712788][ T3638] kill_block_super+0x79/0xd0 [ 57.717457][ T3638] deactivate_locked_super+0xa7/0xf0 [ 57.722741][ T3638] cleanup_mnt+0x494/0x520 [ 57.727152][ T3638] ? lockdep_hardirqs_on+0x8d/0x130 [ 57.732345][ T3638] task_work_run+0x243/0x300 [ 57.737028][ T3638] ? task_work_cancel+0x290/0x290 [ 57.742050][ T3638] ? path_umount+0x1e0/0xf90 [ 57.746633][ T3638] ptrace_notify+0x29a/0x340 [ 57.751219][ T3638] ? do_notify_parent+0xe00/0xe00 [ 57.756243][ T3638] ? user_path_at_empty+0x149/0x1a0 [ 57.761458][ T3638] ? __x64_sys_umount+0x113/0x150 [ 57.766480][ T3638] syscall_exit_work+0x8c/0xe0 [ 57.771244][ T3638] syscall_exit_to_user_mode_prepare+0x63/0xc0 [ 57.777418][ T3638] syscall_exit_to_user_mode+0xa/0x60 [ 57.782795][ T3638] do_syscall_64+0x49/0xb0 [ 57.787318][ T3638] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.793213][ T3638] RIP: 0033:0x7ff13bf59e57 [ 57.797720][ T3638] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.817320][ T3638] RSP: 002b:00007ffe9a14f168 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 57.825726][ T3638] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff13bf59e57 [ 57.833691][ T3638] RDX: 00007ffe9a14f229 RSI: 000000000000000a RDI: 00007ffe9a14f220 [ 57.841671][ T3638] RBP: 00007ffe9a14f220 R08: 00000000ffffffff R09: 00007ffe9a14f000 [ 57.849723][ T3638] R10: 0000555556c7c653 R11: 0000000000000202 R12: 00007ffe9a150290 [ 57.857687][ T3638] R13: 0000555556c7c5f0 R14: 00007ffe9a14f190 R15: 0000000000000001 [ 57.865754][ T3638] [pid 3638] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3646] <... mount resumed>) = 0 [pid 3640] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3639] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3640] lstat("./0/binderfs", [pid 3639] lstat("./0/binderfs", [pid 3646] chdir("./file0") = 0 [pid 3646] ioctl(4, LOOP_CLR_FD) = 0 [pid 3646] close(4) = 0 [pid 3646] close(3) = 0 [pid 3646] exit_group(0) = ? [pid 3646] +++ exited with 0 +++ [pid 3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=4, si_stime=24} --- [pid 3636] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3640] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3639] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3636] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3640] unlink("./0/binderfs" [pid 3639] unlink("./0/binderfs" [pid 3636] fstat(3, [pid 3639] <... unlink resumed>) = 0 [pid 3636] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3640] <... unlink resumed>) = 0 [pid 3636] getdents64(3, [pid 3639] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3640] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3636] <... getdents64 resumed>0x555556c7c620 /* 4 entries */, 32768) = 112 [pid 3636] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3636] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 3636] unlink("./0/binderfs") = 0 [ 57.868762][ T3638] Modules linked in: [pid 3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 3637] <... umount2 resumed>) = 0 [pid 3637] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3637] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3637] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 3637] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 3637] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 3637] getdents64(4, 0x555556c84660 /* 2 entries */, 32768) = 48 [pid 3637] getdents64(4, 0x555556c84660 /* 0 entries */, 32768) = 0 [pid 3637] close(4) = 0 [pid 3637] rmdir("./0/file0") = 0 [pid 3637] getdents64(3, 0x555556c7c620 /* 0 entries */, 32768) = 0 [pid 3637] close(3) = 0 [pid 3637] rmdir("./0") = 0 [pid 3637] mkdir("./1", 0777) = 0 [pid 3637] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 3637] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 3637] close(3) = 0 [pid 3637] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c7b5d0) = 3653 [ 57.905555][ T3638] ---[ end trace 0000000000000000 ]--- [ 57.911058][ T3638] RIP: 0010:lmLogSync+0x227/0xb00 [ 57.916435][ T3638] Code: ae fe 49 8d 5f f0 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 37 21 d7 fe 48 8b 1b 48 83 c3 30 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 1a 21 d7 fe 48 8b 3b e8 a2 fb ae [ 57.937838][ T3638] RSP: 0018:ffffc90003c6fa60 EFLAGS: 00010206 [ 57.944714][ T3638] RAX: 0000000000000006 RBX: 0000000000000030 RCX: 1a1064e09ad07200 ./strace-static-x86_64: Process 3653 attached [pid 3653] chdir("./1") = 0 [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3653] write(3, "1000", 4) = 4 [pid 3653] close(3) = 0 [pid 3653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3653] memfd_create("syzkaller", 0) = 3 [pid 3653] ftruncate(3, 16777216) = 0 [pid 3653] mmap(NULL, 16777216, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7ff13af0b000 [ 57.953031][ T3638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 57.961602][ T3638] RBP: ffffc90003c6fb68 R08: ffffffff81b68453 R09: ffffc90003c6f9b0 [ 57.970077][ T3638] R10: fffff5200078df39 R11: 1ffff9200078df36 R12: dffffc0000000000 [ 57.978496][ T3638] R13: ffff888078d2a800 R14: 0000000000000000 R15: ffff888013711a38 [ 57.986587][ T3638] FS: 0000555556c7b300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.995618][ T3638] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.002300][ T3638] CR2: 00007ffe9a150238 CR3: 000000007e614000 CR4: 00000000003506f0 [ 58.010291][ T3638] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.018394][ T3638] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.026564][ T3638] Kernel panic - not syncing: Fatal exception [ 58.032697][ T3638] Kernel Offset: disabled [ 58.037031][ T3638] Rebooting in 86400 seconds..