./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor878895195 <...> ck_lvl+0x10/0x10 [ 160.691712][ T6610] ? __pfx__printk+0x10/0x10 [ 160.691740][ T6610] ? kernfs_root+0x1c/0x230 [ 160.691764][ T6610] ? kernfs_path_from_node+0x250/0x290 [ 160.691786][ T6610] ? kernfs_path_from_node+0x2f/0x290 [ 160.691811][ T6610] sysfs_create_dir_ns+0x259/0x280 [ 160.691845][ T6610] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 160.691867][ T6610] ? do_raw_spin_unlock+0x122/0x240 [ 160.691896][ T6610] kobject_add_internal+0x59f/0xb40 [pid 6608] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 160.691924][ T6610] kobject_init_and_add+0x125/0x190 [ 160.691949][ T6610] ? __pfx_kobject_init_and_add+0x10/0x10 [ 160.691973][ T6610] ? __raw_spin_lock_init+0x45/0x100 [ 160.691997][ T6610] ? __init_swait_queue_head+0xa9/0x150 [ 160.692023][ T6610] gfs2_sys_fs_add+0x234/0x450 [ 160.692046][ T6610] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 160.692069][ T6610] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 160.692103][ T6610] gfs2_fill_super+0x13c0/0x20d0 [ 160.692136][ T6610] ? __pfx_gfs2_fill_super+0x10/0x10 [ 160.692165][ T6610] ? sb_set_blocksize+0x104/0x180 [ 160.692196][ T6610] ? setup_bdev_super+0x4c1/0x5b0 [ 160.692226][ T6610] get_tree_bdev_flags+0x40b/0x4d0 [ 160.692255][ T6610] ? __pfx_gfs2_fill_super+0x10/0x10 [ 160.692281][ T6610] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 160.692315][ T6610] gfs2_get_tree+0x51/0x1e0 [ 160.692343][ T6610] vfs_get_tree+0x8f/0x2b0 [ 160.692373][ T6610] do_new_mount+0x2a2/0xa30 [ 160.692404][ T6610] ? ns_capable+0x8a/0xf0 [ 160.692423][ T6610] ? __pfx_do_new_mount+0x10/0x10 [ 160.692453][ T6610] ? path_mount+0x61c/0xfe0 [pid 6608] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6621 attached [pid 6607] <... futex resumed>) = 0 [pid 6621] set_robust_list(0x55558d547760, 24 [pid 6607] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... set_robust_list resumed>) = 0 [pid 6608] <... futex resumed>) = 0 [pid 6607] <... futex resumed>) = 1 [pid 6621] chdir("./37") = 0 [pid 6608] openat(AT_FDCWD, ".", O_RDONLY [pid 6607] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6608] <... openat resumed>) = 3 [pid 6621] <... prctl resumed>) = 0 [pid 6608] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] setpgid(0, 0 [pid 6608] <... futex resumed>) = 1 [pid 6607] <... futex resumed>) = 0 [ 160.692481][ T6610] ? user_path_at+0x44/0x60 [ 160.692508][ T6610] __se_sys_mount+0x317/0x410 [ 160.692542][ T6610] ? __pfx___se_sys_mount+0x10/0x10 [ 160.692571][ T6610] ? rcu_is_watching+0x15/0xb0 [ 160.692595][ T6610] ? __x64_sys_mount+0x20/0xc0 [ 160.692626][ T6610] do_syscall_64+0xfa/0x3b0 [ 160.692648][ T6610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.692669][ T6610] ? clear_bhb_loop+0x60/0xb0 [ 160.692692][ T6610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.692712][ T6610] RIP: 0033:0x7fb47156b94a [ 160.692731][ T6610] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 160.692749][ T6610] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 160.692770][ T6610] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 160.692786][ T6610] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 executing program [pid 6621] <... setpgid resumed>) = 0 [pid 6608] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6607] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6607] <... futex resumed>) = 0 [pid 6621] <... openat resumed>) = 3 [pid 6607] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] write(3, "1000", 4) = 4 [pid 6621] close(3) = 0 [pid 6621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6621] write(1, "executing program\n", 18) = 18 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6621] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6622]}, 88) = 6622 [pid 6621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6621] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6622 attached [pid 6622] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6622] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] memfd_create("syzkaller", 0) = 3 [pid 6622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6607] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6607] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6623 attached [pid 6623] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6607] <... clone3 resumed> => {parent_tid=[6623]}, 88) = 6623 [pid 6623] <... rseq resumed>) = 0 [pid 6607] rt_sigprocmask(SIG_SETMASK, [], [pid 6623] set_robust_list(0x7fb4714f59a0, 24 [pid 6607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6623] <... set_robust_list resumed>) = 0 [pid 6607] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] rt_sigprocmask(SIG_SETMASK, [], [pid 6607] <... futex resumed>) = 0 [pid 6623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6607] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6623] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6607] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6607] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 160.692801][ T6610] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 160.692827][ T6610] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 160.692842][ T6610] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 160.692865][ T6610] [ 160.692894][ T6610] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6624]}, 88) = 6624 [pid 6607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6607] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6624 attached [pid 6624] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6624] set_robust_list(0x7fb4714d49a0, 24 [pid 6623] <... openat resumed>) = 4 [pid 6608] <... ioctl resumed>) = 0 [pid 6624] <... set_robust_list resumed>) = 0 [pid 6624] rt_sigprocmask(SIG_SETMASK, [], [pid 6623] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6623] <... futex resumed>) = 0 [pid 6608] <... futex resumed>) = 0 [pid 6624] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6608] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6610] <... mount resumed>) = -1 EEXIST (File exists) [pid 6610] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6610] ioctl(3, LOOP_CLR_FD) = 0 [pid 6610] close(3 [pid 6607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6607] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 161.030617][ T6610] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6607] exit_group(0 [pid 6623] <... futex resumed>) = ? [pid 6608] <... futex resumed>) = ? [pid 6607] <... exit_group resumed>) = ? [pid 6623] +++ exited with 0 +++ [pid 6608] +++ exited with 0 +++ [pid 6624] <... write resumed>) = ? [pid 6624] +++ exited with 0 +++ [pid 6607] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6607, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 6610] <... close resumed>) = 0 [pid 5867] <... restart_syscall resumed>) = 0 [pid 6610] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6610] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6609] <... futex resumed>) = 0 [pid 5867] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6610] openat(AT_FDCWD, ".", O_RDONLY [pid 6609] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6610] <... openat resumed>) = 3 [pid 6610] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... openat resumed>) = 3 [pid 6610] <... futex resumed>) = 1 [pid 6609] <... futex resumed>) = 0 [pid 5867] newfstatat(3, "", [pid 6610] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6610] <... futex resumed>) = 0 [pid 6609] <... futex resumed>) = 1 [pid 5867] getdents64(3, [pid 6610] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6609] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./36/file0") = 0 [pid 5867] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./36/binderfs") = 0 [pid 5867] umount2("./36/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./36/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6647808, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./36/cpuset.effective_mems" [pid 6618] <... write resumed>) = 16777216 [pid 6618] munmap(0x7fb469000000, 138412032 [pid 6609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6609] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6609] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6625 attached => {parent_tid=[6625]}, 88) = 6625 [pid 6609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6609] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6625] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6625] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6610] <... ioctl resumed>) = 0 [pid 6610] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6610] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6625] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = 0 [pid 6610] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6609] <... futex resumed>) = 1 [pid 6609] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... unlink resumed>) = 0 [pid 6618] <... munmap resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./36") = 0 [pid 5867] mkdir("./37", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 6622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6618] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6626 attached [pid 6618] <... openat resumed>) = 4 [pid 6618] ioctl(4, LOOP_SET_FD, 3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6626 [pid 6609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6626] set_robust_list(0x55558d547760, 24 [pid 6618] <... ioctl resumed>) = 0 [pid 6626] <... set_robust_list resumed>) = 0 [pid 6618] close(3 [pid 6626] chdir("./37" [pid 6618] <... close resumed>) = 0 [pid 6618] close(4 [pid 6626] <... chdir resumed>) = 0 [pid 6618] <... close resumed>) = 0 [pid 6618] mkdir("./file0", 0777 [pid 6626] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6618] <... mkdir resumed>) = 0 [pid 6626] <... prctl resumed>) = 0 [pid 6618] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6626] setpgid(0, 0) = 0 [pid 6626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6626] write(3, "1000", 4) = 4 [pid 6626] close(3) = 0 [pid 6626] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6626] write(1, "executing program\n", 18) = 18 [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6626] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6628 attached [pid 6628] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6626] <... clone3 resumed> => {parent_tid=[6628]}, 88) = 6628 [pid 6626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6626] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] <... rseq resumed>) = 0 [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6628] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6628] memfd_create("syzkaller", 0) = 3 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 161.361888][ T6618] loop1: detected capacity change from 0 to 32768 [ 161.415385][ T6618] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 161.422827][ T6618] CPU: 1 UID: 0 PID: 6618 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 161.422858][ T6618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.422871][ T6618] Call Trace: [ 161.422881][ T6618] [ 161.422889][ T6618] dump_stack_lvl+0x189/0x250 [ 161.422921][ T6618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.422945][ T6618] ? __pfx__printk+0x10/0x10 [ 161.422973][ T6618] ? kernfs_root+0x1c/0x230 [ 161.422998][ T6618] ? kernfs_path_from_node+0x250/0x290 [ 161.423021][ T6618] ? kernfs_path_from_node+0x2f/0x290 [ 161.423045][ T6618] sysfs_create_dir_ns+0x259/0x280 [ 161.423068][ T6618] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 161.423090][ T6618] ? do_raw_spin_unlock+0x122/0x240 [ 161.423119][ T6618] kobject_add_internal+0x59f/0xb40 [ 161.423148][ T6618] kobject_init_and_add+0x125/0x190 [ 161.423173][ T6618] ? __pfx_kobject_init_and_add+0x10/0x10 [ 161.423197][ T6618] ? __raw_spin_lock_init+0x45/0x100 [ 161.423222][ T6618] ? __init_swait_queue_head+0xa9/0x150 [ 161.423248][ T6618] gfs2_sys_fs_add+0x234/0x450 [ 161.423270][ T6618] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 161.423293][ T6618] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 161.423328][ T6618] gfs2_fill_super+0x13c0/0x20d0 [ 161.423363][ T6618] ? __pfx_gfs2_fill_super+0x10/0x10 [ 161.423392][ T6618] ? sb_set_blocksize+0x104/0x180 [ 161.423423][ T6618] ? setup_bdev_super+0x4c1/0x5b0 [ 161.423452][ T6618] get_tree_bdev_flags+0x40b/0x4d0 [ 161.423481][ T6618] ? __pfx_gfs2_fill_super+0x10/0x10 [ 161.423507][ T6618] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 161.423541][ T6618] gfs2_get_tree+0x51/0x1e0 [ 161.423568][ T6618] vfs_get_tree+0x8f/0x2b0 [ 161.423598][ T6618] do_new_mount+0x2a2/0xa30 [ 161.423629][ T6618] ? ns_capable+0x8a/0xf0 [ 161.423648][ T6618] ? __pfx_do_new_mount+0x10/0x10 [ 161.423677][ T6618] ? path_mount+0x61c/0xfe0 [ 161.423706][ T6618] ? user_path_at+0x44/0x60 [ 161.423733][ T6618] __se_sys_mount+0x317/0x410 [pid 6622] <... write resumed>) = 16777216 [ 161.423779][ T6618] ? __pfx___se_sys_mount+0x10/0x10 [ 161.423809][ T6618] ? rcu_is_watching+0x15/0xb0 [ 161.423833][ T6618] ? __x64_sys_mount+0x20/0xc0 [ 161.423865][ T6618] do_syscall_64+0xfa/0x3b0 [ 161.423888][ T6618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.423909][ T6618] ? clear_bhb_loop+0x60/0xb0 [ 161.423933][ T6618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.423953][ T6618] RIP: 0033:0x7fb47156b94a [pid 6622] munmap(0x7fb469000000, 138412032 [pid 6609] exit_group(0) = ? [pid 6625] <... futex resumed>) = ? [pid 6625] +++ exited with 0 +++ [ 161.423972][ T6618] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 161.423990][ T6618] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 161.424012][ T6618] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 161.424028][ T6618] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 161.424043][ T6618] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 161.424058][ T6618] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6610] <... write resumed>) = ? [pid 6610] +++ exited with 0 +++ [pid 6609] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6609, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=89 /* 0.89 s */} --- [pid 5869] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./35/file0") = 0 [pid 5869] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./35/binderfs") = 0 [pid 5869] umount2("./35/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./35/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5300160, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./35/cpuset.effective_mems" [pid 6618] <... mount resumed>) = -1 EEXIST (File exists) [pid 6618] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6618] ioctl(3, LOOP_CLR_FD) = 0 [pid 6618] close(3) = 0 [ 161.424072][ T6618] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 161.424093][ T6618] [ 161.424116][ T6618] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 161.755602][ T6618] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6622] <... munmap resumed>) = 0 [pid 6618] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6618] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] <... futex resumed>) = 0 [pid 6618] openat(AT_FDCWD, ".", O_RDONLY [pid 6615] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6618] <... openat resumed>) = 3 [pid 6622] ioctl(4, LOOP_SET_FD, 3 [pid 6618] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6618] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6622] <... ioctl resumed>) = 0 [pid 6622] close(3) = 0 [pid 6622] close(4) = 0 [pid 6622] mkdir("./file0", 0777) = 0 [pid 6622] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6618] <... ioctl resumed>) = 0 [pid 6618] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6615] <... futex resumed>) = 0 [ 161.811882][ T6622] loop3: detected capacity change from 0 to 32768 [ 161.828365][ T6622] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 161.845707][ T6622] CPU: 0 UID: 0 PID: 6622 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 161.845739][ T6622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 161.845752][ T6622] Call Trace: [ 161.845761][ T6622] [ 161.845769][ T6622] dump_stack_lvl+0x189/0x250 [ 161.845801][ T6622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.845827][ T6622] ? __pfx__printk+0x10/0x10 [ 161.845853][ T6622] ? kernfs_root+0x1c/0x230 [ 161.845878][ T6622] ? kernfs_path_from_node+0x250/0x290 [ 161.845899][ T6622] ? kernfs_path_from_node+0x2f/0x290 [ 161.845923][ T6622] sysfs_create_dir_ns+0x259/0x280 [ 161.845947][ T6622] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 161.845968][ T6622] ? do_raw_spin_unlock+0x122/0x240 [ 161.845996][ T6622] kobject_add_internal+0x59f/0xb40 [ 161.846023][ T6622] kobject_init_and_add+0x125/0x190 [ 161.846046][ T6622] ? __pfx_kobject_init_and_add+0x10/0x10 [ 161.846067][ T6622] ? __raw_spin_lock_init+0x45/0x100 [ 161.846092][ T6622] ? __init_swait_queue_head+0xa9/0x150 [ 161.846117][ T6622] gfs2_sys_fs_add+0x234/0x450 [ 161.846140][ T6622] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 161.846163][ T6622] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 161.846196][ T6622] gfs2_fill_super+0x13c0/0x20d0 [ 161.846230][ T6622] ? __pfx_gfs2_fill_super+0x10/0x10 [ 161.846259][ T6622] ? sb_set_blocksize+0x104/0x180 [ 161.846289][ T6622] ? setup_bdev_super+0x4c1/0x5b0 [ 161.846319][ T6622] get_tree_bdev_flags+0x40b/0x4d0 [ 161.846347][ T6622] ? __pfx_gfs2_fill_super+0x10/0x10 [ 161.846373][ T6622] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 161.846407][ T6622] gfs2_get_tree+0x51/0x1e0 [ 161.846435][ T6622] vfs_get_tree+0x8f/0x2b0 [pid 6615] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6618] <... openat resumed>) = 4 [pid 5869] <... unlink resumed>) = 0 [pid 6618] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] getdents64(3, [pid 6615] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 6615] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6615] <... futex resumed>) = 1 [pid 6618] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6615] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] rmdir("./35") = 0 [pid 5869] mkdir("./36", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6615] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 161.846475][ T6622] do_new_mount+0x2a2/0xa30 [ 161.846511][ T6622] ? ns_capable+0x8a/0xf0 [ 161.846532][ T6622] ? __pfx_do_new_mount+0x10/0x10 [ 161.846561][ T6622] ? path_mount+0x61c/0xfe0 [ 161.846589][ T6622] ? user_path_at+0x44/0x60 [ 161.846617][ T6622] __se_sys_mount+0x317/0x410 [ 161.846651][ T6622] ? __pfx___se_sys_mount+0x10/0x10 [ 161.846681][ T6622] ? rcu_is_watching+0x15/0xb0 [ 161.846705][ T6622] ? __x64_sys_mount+0x20/0xc0 [ 161.846736][ T6622] do_syscall_64+0xfa/0x3b0 [ 161.846758][ T6622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.846778][ T6622] ? clear_bhb_loop+0x60/0xb0 [ 161.846801][ T6622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.846821][ T6622] RIP: 0033:0x7fb47156b94a [ 161.846841][ T6622] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 161.846859][ T6622] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 161.846880][ T6622] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 161.846895][ T6622] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 161.846910][ T6622] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 161.846924][ T6622] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 161.846938][ T6622] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 161.846960][ T6622] [ 161.848213][ T6622] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6615] exit_group(0./strace-static-x86_64: Process 6632 attached ) = ? [pid 6632] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6632 [pid 6632] <... set_robust_list resumed>) = 0 [pid 6632] chdir("./36") = 0 [pid 6632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6632] setpgid(0, 0) = 0 [pid 6632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6632] write(3, "1000", 4) = 4 [pid 6632] close(3) = 0 [pid 6632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6632] write(1, "executing program\n", 18executing program ) = 18 [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6618] <... write resumed>) = ? [pid 6632] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6618] +++ exited with 0 +++ [pid 6615] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6615, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=57 /* 0.57 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6632] <... mprotect resumed>) = 0 [pid 6632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6633 attached [pid 6633] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6632] <... clone3 resumed> => {parent_tid=[6633]}, 88) = 6633 [pid 6633] <... rseq resumed>) = 0 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], [pid 6633] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6633] rt_sigprocmask(SIG_SETMASK, [], [pid 6632] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6632] <... futex resumed>) = 0 [pid 6622] <... mount resumed>) = -1 EEXIST (File exists) [pid 6633] memfd_create("syzkaller", 0 [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6622] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6622] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6622] ioctl(3, LOOP_CLR_FD [pid 5868] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6633] <... memfd_create resumed>) = 3 [pid 6622] <... ioctl resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6622] close(3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] getdents64(3, [pid 6633] <... mmap resumed>) = 0x7fb469000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./37/file0") = 0 [pid 5868] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./37/binderfs") = 0 [pid 5868] umount2("./37/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 162.214136][ T6622] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5868] newfstatat(AT_FDCWD, "./37/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3817472, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./37/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 6628] <... write resumed>) = 16777216 [pid 6628] munmap(0x7fb469000000, 138412032 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./37") = 0 [pid 5868] mkdir("./38", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6634 attached , child_tidptr=0x55558d547750) = 6634 [pid 6634] set_robust_list(0x55558d547760, 24) = 0 [pid 6634] chdir("./38") = 0 [pid 6634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6634] setpgid(0, 0) = 0 [pid 6634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6634] write(3, "1000", 4) = 4 [pid 6634] close(3) = 0 [pid 6634] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6634] write(1, "executing program\n", 18) = 18 [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6634] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6635 attached => {parent_tid=[6635]}, 88) = 6635 [pid 6634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6634] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6634] <... futex resumed>) = 0 [pid 6635] <... rseq resumed>) = 0 [pid 6635] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6635] memfd_create("syzkaller", 0) = 3 [pid 6635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6628] <... munmap resumed>) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6628] ioctl(4, LOOP_SET_FD, 3 [pid 6622] <... close resumed>) = 0 [pid 6622] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6622] openat(AT_FDCWD, ".", O_RDONLY [pid 6621] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... openat resumed>) = 3 [pid 6621] <... futex resumed>) = 0 [pid 6628] <... ioctl resumed>) = 0 [pid 6622] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] close(3 [pid 6622] <... futex resumed>) = 0 [pid 6621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6628] <... close resumed>) = 0 [pid 6622] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6621] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] close(4 [pid 6622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6621] <... futex resumed>) = 0 [pid 6622] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6628] <... close resumed>) = 0 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] mkdir("./file0", 0777) = 0 [ 162.391109][ T6628] loop0: detected capacity change from 0 to 32768 [pid 6628] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6622] <... ioctl resumed>) = 0 [pid 6622] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] <... futex resumed>) = 0 [pid 6621] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 162.458410][ T6628] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 162.473676][ T6628] CPU: 0 UID: 0 PID: 6628 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 162.473708][ T6628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 162.473722][ T6628] Call Trace: [ 162.473730][ T6628] [ 162.473739][ T6628] dump_stack_lvl+0x189/0x250 [ 162.473773][ T6628] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.473798][ T6628] ? __pfx__printk+0x10/0x10 [ 162.473826][ T6628] ? kernfs_root+0x1c/0x230 [ 162.473851][ T6628] ? kernfs_path_from_node+0x250/0x290 [ 162.473873][ T6628] ? kernfs_path_from_node+0x2f/0x290 [ 162.473898][ T6628] sysfs_create_dir_ns+0x259/0x280 [ 162.473921][ T6628] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 162.473943][ T6628] ? do_raw_spin_unlock+0x122/0x240 [ 162.473970][ T6628] kobject_add_internal+0x59f/0xb40 [ 162.473996][ T6628] kobject_init_and_add+0x125/0x190 [ 162.474021][ T6628] ? __pfx_kobject_init_and_add+0x10/0x10 [ 162.474043][ T6628] ? __raw_spin_lock_init+0x45/0x100 [ 162.474068][ T6628] ? __init_swait_queue_head+0xa9/0x150 [ 162.474095][ T6628] gfs2_sys_fs_add+0x234/0x450 [ 162.474116][ T6628] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 162.474140][ T6628] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 162.474174][ T6628] gfs2_fill_super+0x13c0/0x20d0 [ 162.474209][ T6628] ? __pfx_gfs2_fill_super+0x10/0x10 [ 162.474236][ T6628] ? sb_set_blocksize+0x104/0x180 [ 162.474266][ T6628] ? setup_bdev_super+0x4c1/0x5b0 [ 162.474297][ T6628] get_tree_bdev_flags+0x40b/0x4d0 [ 162.474326][ T6628] ? __pfx_gfs2_fill_super+0x10/0x10 [ 162.474353][ T6628] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 162.474386][ T6628] gfs2_get_tree+0x51/0x1e0 [ 162.474424][ T6628] vfs_get_tree+0x8f/0x2b0 [ 162.474454][ T6628] do_new_mount+0x2a2/0xa30 [ 162.474487][ T6628] ? ns_capable+0x8a/0xf0 [ 162.474506][ T6628] ? __pfx_do_new_mount+0x10/0x10 [ 162.474536][ T6628] ? path_mount+0x61c/0xfe0 [pid 6622] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6622] <... openat resumed>) = 4 [ 162.474564][ T6628] ? user_path_at+0x44/0x60 [ 162.474592][ T6628] __se_sys_mount+0x317/0x410 [ 162.474626][ T6628] ? __pfx___se_sys_mount+0x10/0x10 [ 162.474657][ T6628] ? rcu_is_watching+0x15/0xb0 [ 162.474682][ T6628] ? __x64_sys_mount+0x20/0xc0 [ 162.474713][ T6628] do_syscall_64+0xfa/0x3b0 [ 162.474735][ T6628] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.474755][ T6628] ? clear_bhb_loop+0x60/0xb0 [ 162.474778][ T6628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.474797][ T6628] RIP: 0033:0x7fb47156b94a [ 162.474816][ T6628] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 162.474833][ T6628] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 162.474857][ T6628] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 162.474873][ T6628] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 162.474889][ T6628] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6621] <... futex resumed>) = 0 [pid 6622] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6622] <... futex resumed>) = 0 [pid 6621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6622] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6621] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6621] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... mount resumed>) = -1 EEXIST (File exists) [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6628] ioctl(3, LOOP_CLR_FD) = 0 [ 162.474905][ T6628] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 162.474918][ T6628] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 162.474940][ T6628] [ 162.475029][ T6628] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 162.791611][ T6628] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6628] close(3 [pid 6621] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6628] <... close resumed>) = 0 [pid 6628] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6626] <... futex resumed>) = 0 [pid 6628] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6626] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6626] <... futex resumed>) = 0 [pid 6628] openat(AT_FDCWD, ".", O_RDONLY [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... openat resumed>) = 3 [pid 6628] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6626] <... futex resumed>) = 0 [pid 6628] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6626] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6626] <... futex resumed>) = 0 [pid 6628] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... ioctl resumed>) = 0 [pid 6628] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6626] <... futex resumed>) = 0 [pid 6628] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6626] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = 0 [pid 6626] <... futex resumed>) = 1 [pid 6628] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... openat resumed>) = 4 [pid 6628] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6633] <... write resumed>) = 16777216 [pid 6633] munmap(0x7fb469000000, 138412032 [pid 6635] <... write resumed>) = 16777216 [pid 6626] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6626] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 6635] munmap(0x7fb469000000, 138412032 [pid 6626] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6633] <... munmap resumed>) = 0 [pid 6633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6633] close(3) = 0 [pid 6633] close(4) = 0 [pid 6633] mkdir("./file0", 0777) = 0 [pid 6633] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6635] <... munmap resumed>) = 0 [pid 6635] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 163.049410][ T6633] loop2: detected capacity change from 0 to 32768 [ 163.079243][ T6633] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 163.110868][ T6633] CPU: 1 UID: 0 PID: 6633 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 163.110900][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 163.110914][ T6633] Call Trace: [ 163.110923][ T6633] [ 163.110932][ T6633] dump_stack_lvl+0x189/0x250 [ 163.110965][ T6633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.110989][ T6633] ? __pfx__printk+0x10/0x10 [ 163.111017][ T6633] ? kernfs_root+0x1c/0x230 [pid 6635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6635] close(3) = 0 [pid 6635] close(4) = 0 [pid 6635] mkdir("./file0", 0777) = 0 [ 163.111042][ T6633] ? kernfs_path_from_node+0x250/0x290 [ 163.111064][ T6633] ? kernfs_path_from_node+0x2f/0x290 [ 163.111088][ T6633] sysfs_create_dir_ns+0x259/0x280 [ 163.111111][ T6633] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 163.111133][ T6633] ? do_raw_spin_unlock+0x122/0x240 [ 163.111161][ T6633] kobject_add_internal+0x59f/0xb40 [ 163.111189][ T6633] kobject_init_and_add+0x125/0x190 [ 163.111216][ T6633] ? __pfx_kobject_init_and_add+0x10/0x10 [ 163.111241][ T6633] ? __raw_spin_lock_init+0x45/0x100 [ 163.111267][ T6633] ? __init_swait_queue_head+0xa9/0x150 [ 163.111294][ T6633] gfs2_sys_fs_add+0x234/0x450 [ 163.111315][ T6633] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 163.111339][ T6633] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 163.111371][ T6633] gfs2_fill_super+0x13c0/0x20d0 [ 163.111416][ T6633] ? __pfx_gfs2_fill_super+0x10/0x10 [ 163.111444][ T6633] ? sb_set_blocksize+0x104/0x180 [ 163.111473][ T6633] ? setup_bdev_super+0x4c1/0x5b0 [ 163.111503][ T6633] get_tree_bdev_flags+0x40b/0x4d0 [ 163.111532][ T6633] ? __pfx_gfs2_fill_super+0x10/0x10 [ 163.111563][ T6635] loop1: detected capacity change from 0 to 32768 [ 163.111558][ T6633] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 163.111592][ T6633] gfs2_get_tree+0x51/0x1e0 [ 163.111617][ T6633] vfs_get_tree+0x8f/0x2b0 [ 163.111644][ T6633] do_new_mount+0x2a2/0xa30 [ 163.111678][ T6633] ? ns_capable+0x8a/0xf0 [ 163.111702][ T6633] ? __pfx_do_new_mount+0x10/0x10 [ 163.111737][ T6633] ? path_mount+0x61c/0xfe0 [ 163.111768][ T6633] ? user_path_at+0x44/0x60 [ 163.111801][ T6633] __se_sys_mount+0x317/0x410 [ 163.111838][ T6633] ? __pfx___se_sys_mount+0x10/0x10 [ 163.111872][ T6633] ? rcu_is_watching+0x15/0xb0 [ 163.111897][ T6633] ? __x64_sys_mount+0x20/0xc0 [ 163.111933][ T6633] do_syscall_64+0xfa/0x3b0 [ 163.111957][ T6633] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.111980][ T6633] ? clear_bhb_loop+0x60/0xb0 [ 163.112006][ T6633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.112028][ T6633] RIP: 0033:0x7fb47156b94a [ 163.112048][ T6633] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 163.112070][ T6633] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 163.112097][ T6633] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 163.112115][ T6633] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 163.112133][ T6633] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 163.112151][ T6633] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 163.112166][ T6633] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 163.112191][ T6633] [ 163.112487][ T6633] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 163.304809][ T6635] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 163.447493][ T6635] CPU: 0 UID: 0 PID: 6635 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 163.447527][ T6635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 163.447541][ T6635] Call Trace: [ 163.447549][ T6635] [ 163.447558][ T6635] dump_stack_lvl+0x189/0x250 [ 163.447592][ T6635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.447617][ T6635] ? __pfx__printk+0x10/0x10 [ 163.447645][ T6635] ? kernfs_root+0x1c/0x230 [ 163.447671][ T6635] ? kernfs_path_from_node+0x250/0x290 [ 163.447694][ T6635] ? kernfs_path_from_node+0x2f/0x290 [ 163.447719][ T6635] sysfs_create_dir_ns+0x259/0x280 [ 163.447743][ T6635] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 163.447766][ T6635] ? do_raw_spin_unlock+0x122/0x240 [ 163.447795][ T6635] kobject_add_internal+0x59f/0xb40 [ 163.447824][ T6635] kobject_init_and_add+0x125/0x190 [ 163.447849][ T6635] ? __pfx_kobject_init_and_add+0x10/0x10 [ 163.447873][ T6635] ? __raw_spin_lock_init+0x45/0x100 [ 163.447899][ T6635] ? __init_swait_queue_head+0xa9/0x150 [ 163.447937][ T6635] gfs2_sys_fs_add+0x234/0x450 [ 163.447960][ T6635] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 6635] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6626] exit_group(0) = ? [pid 6628] <... write resumed>) = ? [pid 6628] +++ exited with 0 +++ [pid 6626] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6626, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=85 /* 0.85 s */} --- [pid 5867] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./37/file0") = 0 [pid 5867] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./37/binderfs") = 0 [pid 5867] umount2("./37/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./37/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10170368, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./37/cpuset.effective_mems" [pid 6621] exit_group(0) = ? [ 163.447985][ T6635] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 163.448020][ T6635] gfs2_fill_super+0x13c0/0x20d0 [ 163.448055][ T6635] ? __pfx_gfs2_fill_super+0x10/0x10 [ 163.448085][ T6635] ? sb_set_blocksize+0x104/0x180 [ 163.448115][ T6635] ? setup_bdev_super+0x4c1/0x5b0 [ 163.448145][ T6635] get_tree_bdev_flags+0x40b/0x4d0 [ 163.448174][ T6635] ? __pfx_gfs2_fill_super+0x10/0x10 [ 163.448200][ T6635] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 163.448234][ T6635] gfs2_get_tree+0x51/0x1e0 [ 163.448262][ T6635] vfs_get_tree+0x8f/0x2b0 [pid 6622] <... write resumed>) = ? [pid 6622] +++ exited with 0 +++ [pid 6621] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6621, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=98 /* 0.98 s */} --- [ 163.448292][ T6635] do_new_mount+0x2a2/0xa30 [ 163.448339][ T6635] ? ns_capable+0x8a/0xf0 [ 163.448360][ T6635] ? __pfx_do_new_mount+0x10/0x10 [ 163.448390][ T6635] ? path_mount+0x61c/0xfe0 [ 163.448418][ T6635] ? user_path_at+0x44/0x60 [ 163.448446][ T6635] __se_sys_mount+0x317/0x410 [ 163.448479][ T6635] ? __pfx___se_sys_mount+0x10/0x10 [ 163.448510][ T6635] ? rcu_is_watching+0x15/0xb0 [ 163.448533][ T6635] ? __x64_sys_mount+0x20/0xc0 [ 163.448564][ T6635] do_syscall_64+0xfa/0x3b0 [pid 5870] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./37/file0") = 0 [pid 5870] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./37/binderfs") = 0 [pid 5870] umount2("./37/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./37/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=15269888, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 163.448587][ T6635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.448607][ T6635] ? clear_bhb_loop+0x60/0xb0 [ 163.448631][ T6635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.448651][ T6635] RIP: 0033:0x7fb47156b94a [ 163.448670][ T6635] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 163.448688][ T6635] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 163.448710][ T6635] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 163.448726][ T6635] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 163.448741][ T6635] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 163.448756][ T6635] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 163.448769][ T6635] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 163.448790][ T6635] [pid 5870] unlink("./37/cpuset.effective_mems" [pid 6633] <... mount resumed>) = -1 EEXIST (File exists) [pid 6633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6633] ioctl(3, LOOP_CLR_FD) = 0 [pid 6633] close(3 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [ 163.448993][ T6635] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 163.497371][ T6633] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 163.715660][ T6635] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] close(3) = 0 [pid 5867] rmdir("./37") = 0 [pid 5867] mkdir("./38", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6642 ./strace-static-x86_64: Process 6642 attached [pid 6642] set_robust_list(0x55558d547760, 24) = 0 [pid 6642] chdir("./38") = 0 [pid 6642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6642] setpgid(0, 0) = 0 [pid 6642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6642] write(3, "1000", 4) = 4 [pid 6642] close(3) = 0 [pid 6642] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6642] write(1, "executing program\n", 18) = 18 [pid 6642] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6642] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6643]}, 88) = 6643 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6643 attached [pid 6643] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6643] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6643] memfd_create("syzkaller", 0) = 3 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6635] <... mount resumed>) = -1 EEXIST (File exists) [pid 6635] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6635] ioctl(3, LOOP_CLR_FD) = 0 [pid 6635] close(3 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./37") = 0 [pid 5870] mkdir("./38", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6644 attached [pid 6644] set_robust_list(0x55558d547760, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6644 [pid 6644] <... set_robust_list resumed>) = 0 [pid 6644] chdir("./38") = 0 [pid 6644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6644] setpgid(0, 0) = 0 [pid 6644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6644] write(3, "1000", 4) = 4 [pid 6644] close(3) = 0 [pid 6644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6644] write(1, "executing program\n", 18executing program ) = 18 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6644] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6645 attached [pid 6633] <... close resumed>) = 0 [pid 6645] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6644] <... clone3 resumed> => {parent_tid=[6645]}, 88) = 6645 [pid 6645] <... rseq resumed>) = 0 [pid 6644] rt_sigprocmask(SIG_SETMASK, [], [pid 6645] set_robust_list(0x7fb4715169a0, 24 [pid 6644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6645] <... set_robust_list resumed>) = 0 [pid 6644] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] rt_sigprocmask(SIG_SETMASK, [], [pid 6644] <... futex resumed>) = 0 [pid 6645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6645] memfd_create("syzkaller", 0 [pid 6633] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... memfd_create resumed>) = 3 [pid 6633] <... futex resumed>) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6633] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6632] <... futex resumed>) = 0 [pid 6645] <... mmap resumed>) = 0x7fb469000000 [pid 6633] openat(AT_FDCWD, ".", O_RDONLY [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... openat resumed>) = 3 [pid 6633] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6633] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6632] <... futex resumed>) = 0 [pid 6633] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... ioctl resumed>) = 0 [pid 6633] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6633] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6635] <... close resumed>) = 0 [pid 6632] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6635] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] <... futex resumed>) = 0 [pid 6635] openat(AT_FDCWD, ".", O_RDONLY [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... openat resumed>) = 3 [pid 6635] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6634] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6634] <... futex resumed>) = 0 [pid 6635] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] <... ioctl resumed>) = 0 [pid 6635] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6635] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6634] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... openat resumed>) = 4 [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6634] <... futex resumed>) = 0 [pid 6634] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6634] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6635] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6632] exit_group(0) = ? [pid 6633] <... write resumed>) = ? [pid 6645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6633] +++ exited with 0 +++ [pid 6632] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6632, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=83 /* 0.83 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./36/file0") = 0 [pid 5869] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./36/binderfs") = 0 [pid 5869] umount2("./36/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./36/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4870144, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./36/cpuset.effective_mems" [pid 6634] exit_group(0) = ? [pid 6635] <... write resumed>) = ? [pid 6635] +++ exited with 0 +++ [pid 6634] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6634, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 5868] getdents64(3, [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] close(3 [pid 5868] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] rmdir("./36" [pid 5868] newfstatat(AT_FDCWD, "./38/file0", [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] mkdir("./37", 0777 [pid 5868] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./38/file0") = 0 [pid 5868] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./38/binderfs", [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5868] unlink("./38/binderfs" [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... unlink resumed>) = 0 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5868] umount2("./38/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... close resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./38/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3969024, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] unlink("./38/cpuset.effective_mems"./strace-static-x86_64: Process 6646 attached [pid 6646] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6646 [pid 6646] <... set_robust_list resumed>) = 0 [pid 6646] chdir("./37") = 0 [pid 6646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6646] setpgid(0, 0) = 0 [pid 6646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6646] write(3, "1000", 4) = 4 [pid 6646] close(3) = 0 [pid 6646] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6646] write(1, "executing program\n", 18 [pid 6645] <... write resumed>) = 16777216 [pid 6646] <... write resumed>) = 18 [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... unlink resumed>) = 0 [pid 6646] <... futex resumed>) = 0 [pid 6645] munmap(0x7fb469000000, 138412032 [pid 6643] <... write resumed>) = 16777216 [pid 6646] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5868] getdents64(3, [pid 6646] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6643] munmap(0x7fb469000000, 138412032 [pid 6646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./38") = 0 [pid 5868] mkdir("./39", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3 [pid 6646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6646] <... mmap resumed>) = 0x7fb4714f6000 [pid 6646] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6647 attached [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6647 [pid 6646] <... mprotect resumed>) = 0 [pid 6647] set_robust_list(0x55558d547760, 24 [pid 6646] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6647] <... set_robust_list resumed>) = 0 [pid 6646] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6647] chdir("./39" [pid 6646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6647] <... chdir resumed>) = 0 [pid 6647] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6646] <... clone3 resumed> => {parent_tid=[6648]}, 88) = 6648 [pid 6647] <... prctl resumed>) = 0 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6648 attached [pid 6647] setpgid(0, 0 [pid 6646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6647] <... setpgid resumed>) = 0 [pid 6646] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6646] <... futex resumed>) = 0 [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6648] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6647] <... openat resumed>) = 3 [pid 6648] set_robust_list(0x7fb4715169a0, 24 [pid 6647] write(3, "1000", 4 [pid 6648] <... set_robust_list resumed>) = 0 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6647] <... write resumed>) = 4 [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] memfd_create("syzkaller", 0 [pid 6647] close(3 [pid 6648] <... memfd_create resumed>) = 3 [pid 6648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6647] <... close resumed>) = 0 [pid 6647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6647] write(1, "executing program\n", 18executing program ) = 18 [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6647] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6649 attached [pid 6649] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6647] <... clone3 resumed> => {parent_tid=[6649]}, 88) = 6649 [pid 6643] <... munmap resumed>) = 0 [pid 6647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6647] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] <... rseq resumed>) = 0 [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6649] set_robust_list(0x7fb4715169a0, 24 [pid 6643] <... openat resumed>) = 4 [pid 6649] <... set_robust_list resumed>) = 0 [pid 6643] ioctl(4, LOOP_SET_FD, 3 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], [pid 6645] <... munmap resumed>) = 0 [pid 6645] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6643] <... ioctl resumed>) = 0 [pid 6645] <... openat resumed>) = 4 [pid 6645] ioctl(4, LOOP_SET_FD, 3 [pid 6649] memfd_create("syzkaller", 0 [pid 6643] close(3 [pid 6649] <... memfd_create resumed>) = 3 [pid 6643] <... close resumed>) = 0 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6643] close(4) = 0 [pid 6643] mkdir("./file0", 0777) = 0 [pid 6643] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6645] <... ioctl resumed>) = 0 [ 164.481558][ T6643] loop0: detected capacity change from 0 to 32768 [ 164.499489][ T6645] loop3: detected capacity change from 0 to 32768 [pid 6645] close(3) = 0 [pid 6645] close(4) = 0 [pid 6645] mkdir("./file0", 0777) = 0 [ 164.559392][ T6643] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 164.569822][ T6645] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 164.575378][ T6643] CPU: 1 UID: 0 PID: 6643 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 164.575417][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 164.575432][ T6643] Call Trace: [ 164.575450][ T6643] [ 164.575462][ T6643] dump_stack_lvl+0x189/0x250 [ 164.575500][ T6643] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.575529][ T6643] ? __pfx__printk+0x10/0x10 [ 164.575561][ T6643] ? kernfs_root+0x1c/0x230 [ 164.575592][ T6643] ? kernfs_path_from_node+0x250/0x290 [ 164.575617][ T6643] ? kernfs_path_from_node+0x2f/0x290 [ 164.575645][ T6643] sysfs_create_dir_ns+0x259/0x280 [ 164.575671][ T6643] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 164.575697][ T6643] ? do_raw_spin_unlock+0x122/0x240 [ 164.575728][ T6643] kobject_add_internal+0x59f/0xb40 [ 164.575761][ T6643] kobject_init_and_add+0x125/0x190 [ 164.575789][ T6643] ? __pfx_kobject_init_and_add+0x10/0x10 [ 164.575815][ T6643] ? __raw_spin_lock_init+0x45/0x100 [ 164.575844][ T6643] ? __init_swait_queue_head+0xa9/0x150 [ 164.575874][ T6643] gfs2_sys_fs_add+0x234/0x450 [ 164.575898][ T6643] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 164.575925][ T6643] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 164.575962][ T6643] gfs2_fill_super+0x13c0/0x20d0 [ 164.576002][ T6643] ? __pfx_gfs2_fill_super+0x10/0x10 [ 164.576034][ T6643] ? sb_set_blocksize+0x104/0x180 [ 164.576068][ T6643] ? setup_bdev_super+0x4c1/0x5b0 [ 164.576103][ T6643] get_tree_bdev_flags+0x40b/0x4d0 [ 164.576135][ T6643] ? __pfx_gfs2_fill_super+0x10/0x10 [ 164.576165][ T6643] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 164.576201][ T6643] gfs2_get_tree+0x51/0x1e0 [ 164.576232][ T6643] vfs_get_tree+0x8f/0x2b0 [ 164.576264][ T6643] do_new_mount+0x2a2/0xa30 [ 164.576300][ T6643] ? ns_capable+0x8a/0xf0 [ 164.576323][ T6643] ? __pfx_do_new_mount+0x10/0x10 [ 164.576356][ T6643] ? path_mount+0x61c/0xfe0 [ 164.576388][ T6643] ? user_path_at+0x44/0x60 [ 164.576418][ T6643] __se_sys_mount+0x317/0x410 [ 164.576462][ T6643] ? __pfx___se_sys_mount+0x10/0x10 [ 164.576496][ T6643] ? rcu_is_watching+0x15/0xb0 [ 164.576522][ T6643] ? __x64_sys_mount+0x20/0xc0 [ 164.576557][ T6643] do_syscall_64+0xfa/0x3b0 [ 164.576582][ T6643] ? rcu_is_watching+0x15/0xb0 [ 164.576603][ T6643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.576627][ T6643] ? clear_bhb_loop+0x60/0xb0 [ 164.576651][ T6643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6645] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6643] <... mount resumed>) = -1 EEXIST (File exists) [pid 6643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6643] ioctl(3, LOOP_CLR_FD) = 0 [ 164.576675][ T6643] RIP: 0033:0x7fb47156b94a [ 164.576694][ T6643] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 164.576717][ T6643] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 164.576743][ T6643] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 164.576762][ T6643] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 164.576777][ T6643] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 164.576795][ T6643] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 164.576811][ T6643] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 164.576836][ T6643] [ 164.576859][ T6643] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 164.611937][ T6645] CPU: 0 UID: 0 PID: 6645 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 164.611974][ T6645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 164.611990][ T6645] Call Trace: [ 164.612000][ T6645] [ 164.612009][ T6645] dump_stack_lvl+0x189/0x250 [ 164.612045][ T6645] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.612072][ T6645] ? __pfx__printk+0x10/0x10 [ 164.612103][ T6645] ? kernfs_root+0x1c/0x230 [ 164.612130][ T6645] ? kernfs_path_from_node+0x250/0x290 [ 164.612155][ T6645] ? kernfs_path_from_node+0x2f/0x290 [pid 6643] close(3 [pid 6649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 164.612182][ T6645] sysfs_create_dir_ns+0x259/0x280 [ 164.612215][ T6645] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 164.612239][ T6645] ? do_raw_spin_unlock+0x122/0x240 [ 164.612270][ T6645] kobject_add_internal+0x59f/0xb40 [ 164.612301][ T6645] kobject_init_and_add+0x125/0x190 [ 164.612329][ T6645] ? __pfx_kobject_init_and_add+0x10/0x10 [ 164.612354][ T6645] ? __raw_spin_lock_init+0x45/0x100 [ 164.612383][ T6645] ? __init_swait_queue_head+0xa9/0x150 [ 164.612411][ T6645] gfs2_sys_fs_add+0x234/0x450 [ 164.612435][ T6645] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 6643] <... close resumed>) = 0 [ 164.612460][ T6645] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 164.612517][ T6645] gfs2_fill_super+0x13c0/0x20d0 [ 164.612557][ T6645] ? __pfx_gfs2_fill_super+0x10/0x10 [ 164.612589][ T6645] ? sb_set_blocksize+0x104/0x180 [ 164.612623][ T6645] ? setup_bdev_super+0x4c1/0x5b0 [ 164.612656][ T6645] get_tree_bdev_flags+0x40b/0x4d0 [ 164.612689][ T6645] ? __pfx_gfs2_fill_super+0x10/0x10 [ 164.612718][ T6645] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 164.612756][ T6645] gfs2_get_tree+0x51/0x1e0 [ 164.612786][ T6645] vfs_get_tree+0x8f/0x2b0 [pid 6643] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 164.612819][ T6645] do_new_mount+0x2a2/0xa30 [ 164.612855][ T6645] ? ns_capable+0x8a/0xf0 [ 164.612877][ T6645] ? __pfx_do_new_mount+0x10/0x10 [ 164.612910][ T6645] ? path_mount+0x61c/0xfe0 [ 164.612941][ T6645] ? user_path_at+0x44/0x60 [ 164.612971][ T6645] __se_sys_mount+0x317/0x410 [ 164.613009][ T6645] ? __pfx___se_sys_mount+0x10/0x10 [ 164.613042][ T6645] ? rcu_is_watching+0x15/0xb0 [ 164.613069][ T6645] ? __x64_sys_mount+0x20/0xc0 [ 164.613105][ T6645] do_syscall_64+0xfa/0x3b0 [pid 6643] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = 0 [pid 6642] <... futex resumed>) = 1 [pid 6643] openat(AT_FDCWD, ".", O_RDONLY [pid 6642] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... openat resumed>) = 3 [pid 6643] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] <... futex resumed>) = 0 [pid 6643] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6642] <... futex resumed>) = 0 [ 164.613129][ T6645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.613153][ T6645] ? clear_bhb_loop+0x60/0xb0 [ 164.613179][ T6645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.613230][ T6645] RIP: 0033:0x7fb47156b94a [ 164.613252][ T6645] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 164.613274][ T6645] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 6643] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6642] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 164.613298][ T6645] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 164.613317][ T6645] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 164.613334][ T6645] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 164.613352][ T6645] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 164.613368][ T6645] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 164.613392][ T6645] [pid 6648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6642] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6642] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6654]}, 88) = 6654 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6654 attached [pid 6645] <... mount resumed>) = -1 EEXIST (File exists) [pid 6654] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6645] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6654] <... rseq resumed>) = 0 [pid 6654] set_robust_list(0x7fb4714f59a0, 24 [pid 6645] <... openat resumed>) = 3 [pid 6654] <... set_robust_list resumed>) = 0 [pid 6654] rt_sigprocmask(SIG_SETMASK, [], [pid 6645] ioctl(3, LOOP_CLR_FD [pid 6654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6654] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6645] <... ioctl resumed>) = 0 [ 164.613420][ T6645] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 164.745817][ T6643] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 164.749545][ T6645] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6645] close(3 [pid 6642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6642] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6642] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6655]}, 88) = 6655 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6655 attached [pid 6643] <... ioctl resumed>) = 0 [pid 6642] <... futex resumed>) = 0 [pid 6643] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6654] <... openat resumed>) = 4 [pid 6655] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6654] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6655] set_robust_list(0x7fb4714d49a0, 24 [pid 6654] <... futex resumed>) = 0 [pid 6655] <... set_robust_list resumed>) = 0 [pid 6654] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6655] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6649] <... write resumed>) = 16777216 [pid 6649] munmap(0x7fb469000000, 138412032 [pid 6642] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6649] <... munmap resumed>) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6648] <... write resumed>) = 16777216 [pid 6649] close(3) = 0 [pid 6649] close(4) = 0 [pid 6649] mkdir("./file0", 0777 [pid 6648] munmap(0x7fb469000000, 138412032 [pid 6645] <... close resumed>) = 0 [pid 6649] <... mkdir resumed>) = 0 [pid 6645] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6645] <... futex resumed>) = 1 [pid 6644] <... futex resumed>) = 0 [pid 6645] openat(AT_FDCWD, ".", O_RDONLY [pid 6644] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... openat resumed>) = 3 [pid 6644] <... futex resumed>) = 0 [pid 6645] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 0 [pid 6644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6644] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6644] <... futex resumed>) = 0 [ 165.389652][ T6649] loop1: detected capacity change from 0 to 32768 [ 165.456376][ T6649] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 165.474789][ T6649] CPU: 0 UID: 0 PID: 6649 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 165.474820][ T6649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 165.474833][ T6649] Call Trace: [ 165.474841][ T6649] [ 165.474850][ T6649] dump_stack_lvl+0x189/0x250 [ 165.474883][ T6649] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.474907][ T6649] ? __pfx__printk+0x10/0x10 [ 165.474933][ T6649] ? kernfs_root+0x1c/0x230 [ 165.474954][ T6649] ? kernfs_path_from_node+0x250/0x290 [ 165.474971][ T6649] ? kernfs_path_from_node+0x2f/0x290 [ 165.474991][ T6649] sysfs_create_dir_ns+0x259/0x280 [ 165.475010][ T6649] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 165.475028][ T6649] ? do_raw_spin_unlock+0x122/0x240 [ 165.475051][ T6649] kobject_add_internal+0x59f/0xb40 [ 165.475076][ T6649] kobject_init_and_add+0x125/0x190 [ 165.475098][ T6649] ? __pfx_kobject_init_and_add+0x10/0x10 [ 165.475117][ T6649] ? __raw_spin_lock_init+0x45/0x100 [ 165.475138][ T6649] ? __init_swait_queue_head+0xa9/0x150 [ 165.475166][ T6649] gfs2_sys_fs_add+0x234/0x450 [ 165.475186][ T6649] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 165.475208][ T6649] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 165.475241][ T6649] gfs2_fill_super+0x13c0/0x20d0 [ 165.475276][ T6649] ? __pfx_gfs2_fill_super+0x10/0x10 [ 165.475304][ T6649] ? sb_set_blocksize+0x104/0x180 [ 165.475342][ T6649] ? setup_bdev_super+0x4c1/0x5b0 [ 165.475373][ T6649] get_tree_bdev_flags+0x40b/0x4d0 [ 165.475400][ T6649] ? __pfx_gfs2_fill_super+0x10/0x10 [ 165.475428][ T6649] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 165.475472][ T6649] gfs2_get_tree+0x51/0x1e0 [ 165.475499][ T6649] vfs_get_tree+0x8f/0x2b0 [ 165.475527][ T6649] do_new_mount+0x2a2/0xa30 [ 165.475557][ T6649] ? ns_capable+0x8a/0xf0 [ 165.475576][ T6649] ? __pfx_do_new_mount+0x10/0x10 [ 165.475604][ T6649] ? path_mount+0x61c/0xfe0 [ 165.475631][ T6649] ? user_path_at+0x44/0x60 [ 165.475657][ T6649] __se_sys_mount+0x317/0x410 [ 165.475684][ T6649] ? __pfx___se_sys_mount+0x10/0x10 [ 165.475708][ T6649] ? rcu_is_watching+0x15/0xb0 [ 165.475726][ T6649] ? __x64_sys_mount+0x20/0xc0 [ 165.475750][ T6649] do_syscall_64+0xfa/0x3b0 [ 165.475767][ T6649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.475783][ T6649] ? clear_bhb_loop+0x60/0xb0 [ 165.475801][ T6649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.475817][ T6649] RIP: 0033:0x7fb47156b94a [ 165.475831][ T6649] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 165.475846][ T6649] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 165.475864][ T6649] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 165.475877][ T6649] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 165.475889][ T6649] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... munmap resumed>) = 0 [ 165.475901][ T6649] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 165.475912][ T6649] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 165.475928][ T6649] [pid 6648] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6648] close(3) = 0 [pid 6648] close(4) = 0 [pid 6648] mkdir("./file0", 0777) = 0 [ 165.798926][ T6648] loop2: detected capacity change from 0 to 32768 [pid 6648] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6645] <... ioctl resumed>) = 0 [pid 6645] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... futex resumed>) = 0 [ 165.904376][ T6648] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 165.914145][ T6648] CPU: 0 UID: 0 PID: 6648 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 165.914177][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 165.914192][ T6648] Call Trace: [ 165.914200][ T6648] [ 165.914209][ T6648] dump_stack_lvl+0x189/0x250 [ 165.914242][ T6648] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6644] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 0 [pid 6645] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6645] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 165.914274][ T6648] ? __pfx__printk+0x10/0x10 [ 165.914301][ T6648] ? kernfs_root+0x1c/0x230 [ 165.914327][ T6648] ? kernfs_path_from_node+0x250/0x290 [ 165.914350][ T6648] ? kernfs_path_from_node+0x2f/0x290 [ 165.914382][ T6648] sysfs_create_dir_ns+0x259/0x280 [ 165.914404][ T6648] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 165.914428][ T6648] ? do_raw_spin_unlock+0x122/0x240 [ 165.914455][ T6648] kobject_add_internal+0x59f/0xb40 [ 165.914484][ T6648] kobject_init_and_add+0x125/0x190 [pid 6645] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6644] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6642] exit_group(0 [pid 6654] <... futex resumed>) = ? [pid 6642] <... exit_group resumed>) = ? [pid 6654] +++ exited with 0 +++ [pid 6643] <... futex resumed>) = ? [pid 6643] +++ exited with 0 +++ [pid 6655] <... write resumed>) = ? [ 165.914510][ T6648] ? __pfx_kobject_init_and_add+0x10/0x10 [ 165.914533][ T6648] ? __raw_spin_lock_init+0x45/0x100 [ 165.914559][ T6648] ? __init_swait_queue_head+0xa9/0x150 [ 165.914586][ T6648] gfs2_sys_fs_add+0x234/0x450 [ 165.914608][ T6648] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 165.914632][ T6648] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 165.914666][ T6648] gfs2_fill_super+0x13c0/0x20d0 [ 165.914701][ T6648] ? __pfx_gfs2_fill_super+0x10/0x10 [ 165.914730][ T6648] ? sb_set_blocksize+0x104/0x180 [ 165.914761][ T6648] ? setup_bdev_super+0x4c1/0x5b0 [ 165.914792][ T6648] get_tree_bdev_flags+0x40b/0x4d0 [ 165.914820][ T6648] ? __pfx_gfs2_fill_super+0x10/0x10 [ 165.914847][ T6648] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 165.914880][ T6648] gfs2_get_tree+0x51/0x1e0 [ 165.914908][ T6648] vfs_get_tree+0x8f/0x2b0 [ 165.914938][ T6648] do_new_mount+0x2a2/0xa30 [ 165.914970][ T6648] ? ns_capable+0x8a/0xf0 [ 165.914989][ T6648] ? __pfx_do_new_mount+0x10/0x10 [ 165.915018][ T6648] ? path_mount+0x61c/0xfe0 [ 165.915046][ T6648] ? user_path_at+0x44/0x60 [ 165.915074][ T6648] __se_sys_mount+0x317/0x410 [ 165.915108][ T6648] ? __pfx___se_sys_mount+0x10/0x10 [ 165.915138][ T6648] ? rcu_is_watching+0x15/0xb0 [ 165.915166][ T6648] ? __x64_sys_mount+0x20/0xc0 [ 165.915196][ T6648] do_syscall_64+0xfa/0x3b0 [ 165.915217][ T6648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.915248][ T6648] ? clear_bhb_loop+0x60/0xb0 [ 165.915271][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.915291][ T6648] RIP: 0033:0x7fb47156b94a [ 165.915309][ T6648] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 165.915328][ T6648] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 165.915350][ T6648] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 165.915374][ T6648] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 165.915389][ T6648] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 165.915405][ T6648] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 165.915419][ T6648] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 165.915441][ T6648] [ 166.216614][ T6649] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 166.222157][ T6648] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 166.244508][ T6648] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6655] +++ exited with 0 +++ [pid 6648] <... mount resumed>) = -1 EEXIST (File exists) [pid 6642] +++ exited with 0 +++ [pid 6648] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6642, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=66 /* 0.66 s */} --- [pid 6648] ioctl(3, LOOP_CLR_FD [pid 5867] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6648] <... ioctl resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6648] close(3 [pid 5867] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6649] <... mount resumed>) = -1 EEXIST (File exists) [pid 6649] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6649] ioctl(3, LOOP_CLR_FD) = 0 [ 166.245248][ T6649] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6649] close(3) = 0 [pid 5867] <... openat resumed>) = 3 [pid 6649] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] newfstatat(3, "", [pid 6647] <... futex resumed>) = 1 [pid 6649] <... futex resumed>) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6649] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] getdents64(3, [pid 6647] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6647] <... futex resumed>) = 1 [pid 6649] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./38/file0" [pid 6649] <... ioctl resumed>) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 6649] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6649] <... futex resumed>) = 1 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6647] <... futex resumed>) = 0 [pid 5867] newfstatat(AT_FDCWD, "./38/binderfs", [pid 6647] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6647] <... futex resumed>) = 0 [pid 6649] <... openat resumed>) = 4 [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6649] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6647] <... futex resumed>) = 0 [pid 6649] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6647] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6647] <... futex resumed>) = 0 [pid 5867] unlink("./38/binderfs" [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5867] <... unlink resumed>) = 0 [pid 5867] umount2("./38/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./38/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=15638528, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./38/cpuset.effective_mems" [pid 6647] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6647] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6648] <... close resumed>) = 0 [pid 6648] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] <... futex resumed>) = 0 [pid 6648] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6646] <... futex resumed>) = 0 [pid 6648] openat(AT_FDCWD, ".", O_RDONLY [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... openat resumed>) = 3 [pid 6648] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] <... futex resumed>) = 0 [pid 6648] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6648] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 6648] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6646] <... futex resumed>) = 0 [pid 6648] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6646] <... futex resumed>) = 0 [pid 6648] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... openat resumed>) = 4 [pid 6648] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] <... futex resumed>) = 0 [pid 6646] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = 0 [pid 6646] <... futex resumed>) = 1 [pid 6648] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6644] exit_group(0) = ? [pid 6645] <... write resumed>) = ? [pid 6646] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6646] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6645] +++ exited with 0 +++ [pid 6644] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6644, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=116 /* 1.16 s */} --- [pid 5870] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6647] exit_group(0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6649] <... write resumed>) = ? [pid 6647] <... exit_group resumed>) = ? [pid 5870] newfstatat(AT_FDCWD, "./38/file0", [pid 6649] +++ exited with 0 +++ [pid 6647] +++ exited with 0 +++ [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6647, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=53 /* 0.53 s */} --- [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5870] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./38/file0") = 0 [pid 5870] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./38/binderfs") = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./38/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./38/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=13164544, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./38/cpuset.effective_mems" [pid 5868] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./39/file0") = 0 [pid 5868] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./39/binderfs") = 0 [pid 5868] umount2("./39/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./39/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9592768, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./39/cpuset.effective_mems" [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./38") = 0 [pid 5867] mkdir("./39", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6660 ./strace-static-x86_64: Process 6660 attached [pid 6660] set_robust_list(0x55558d547760, 24 [pid 5868] <... unlink resumed>) = 0 [pid 6660] <... set_robust_list resumed>) = 0 [pid 6660] chdir("./39") = 0 [pid 6660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6660] setpgid(0, 0 [pid 5868] getdents64(3, [pid 6660] <... setpgid resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] close(3 [pid 6660] <... openat resumed>) = 3 [pid 6660] write(3, "1000", 4 [pid 5868] <... close resumed>) = 0 [pid 6660] <... write resumed>) = 4 [pid 5868] rmdir("./39" [pid 6660] close(3) = 0 [pid 6660] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6660] write(1, "executing program\n", 18 [pid 5868] <... rmdir resumed>) = 0 [pid 6660] <... write resumed>) = 18 [pid 5868] mkdir("./40", 0777 [pid 6660] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5868] <... mkdir resumed>) = 0 [pid 6660] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6660] <... mmap resumed>) = 0x7fb4714f6000 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6660] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5868] close(3 [pid 6660] <... mprotect resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6661 attached [pid 6660] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6661 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6661] set_robust_list(0x55558d547760, 24 [pid 5870] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6662 attached [pid 6660] <... clone3 resumed> => {parent_tid=[6662]}, 88) = 6662 [pid 6662] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6660] rt_sigprocmask(SIG_SETMASK, [], [pid 6662] <... rseq resumed>) = 0 [pid 6660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6662] set_robust_list(0x7fb4715169a0, 24 [pid 6660] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... set_robust_list resumed>) = 0 [pid 6660] <... futex resumed>) = 0 [pid 6662] rt_sigprocmask(SIG_SETMASK, [], [pid 6660] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6646] exit_group(0) = ? [pid 6662] memfd_create("syzkaller", 0 [pid 6661] <... set_robust_list resumed>) = 0 [pid 6648] <... write resumed>) = ? [pid 5870] getdents64(3, [pid 6662] <... memfd_create resumed>) = 3 [pid 6662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6661] chdir("./40" [pid 6648] +++ exited with 0 +++ [pid 6646] +++ exited with 0 +++ [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6662] <... mmap resumed>) = 0x7fb469000000 [pid 6661] <... chdir resumed>) = 0 [pid 6661] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6646, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=52 /* 0.52 s */} --- [pid 6661] <... prctl resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6661] setpgid(0, 0) = 0 [pid 5870] close(3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./38") = 0 [pid 6661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] mkdir("./39", 0777 [pid 6661] <... openat resumed>) = 3 [pid 5869] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6661] write(3, "1000", 4 [pid 5870] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6661] <... write resumed>) = 4 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6661] close(3 [pid 5870] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 6661] <... close resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6661] symlink("/dev/binderfs", "./binderfs" [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6661] <... symlink resumed>) = 0 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] getdents64(3, [pid 5870] close(3 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6661] write(1, "executing program\n", 18 [pid 5870] <... close resumed>) = 0 [pid 5869] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6661] <... write resumed>) = 18 [pid 5869] umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6661] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6661] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6663 [pid 5869] newfstatat(4, "", ./strace-static-x86_64: Process 6663 attached [pid 6661] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6663] set_robust_list(0x55558d547760, 24 [pid 6661] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5869] getdents64(4, [pid 6663] <... set_robust_list resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6663] chdir("./39" [pid 6661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5869] getdents64(4, [pid 6661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] <... chdir resumed>) = 0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 6663] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6661] <... mmap resumed>) = 0x7fb4714f6000 [pid 5869] close(4 [pid 6663] <... prctl resumed>) = 0 [pid 6661] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6663] setpgid(0, 0 [pid 6661] <... mprotect resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6663] <... setpgid resumed>) = 0 [pid 6661] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] rmdir("./37/file0" [pid 6663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6661] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6663] <... openat resumed>) = 3 [pid 6661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6664 attached [pid 6663] write(3, "1000", 4 [pid 5869] <... rmdir resumed>) = 0 [pid 6663] <... write resumed>) = 4 [pid 6661] <... clone3 resumed> => {parent_tid=[6664]}, 88) = 6664 [pid 6664] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6663] close(3 [pid 6661] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6664] <... rseq resumed>) = 0 [pid 6663] <... close resumed>) = 0 [pid 6664] set_robust_list(0x7fb4715169a0, 24 [pid 6663] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6664] <... set_robust_list resumed>) = 0 [pid 6661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] <... symlink resumed>) = 0 [pid 6664] rt_sigprocmask(SIG_SETMASK, [], [pid 6661] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "./37/binderfs", [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] write(1, "executing program\n", 18 [pid 6661] <... futex resumed>) = 0 [pid 6661] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} executing program [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6664] memfd_create("syzkaller", 0 [pid 6663] <... write resumed>) = 18 [pid 5869] unlink("./37/binderfs" [pid 6663] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6664] <... memfd_create resumed>) = 3 [pid 6663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5869] umount2("./37/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6664] <... mmap resumed>) = 0x7fb469000000 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] newfstatat(AT_FDCWD, "./37/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7827456, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6663] <... mmap resumed>) = 0x7fb4714f6000 [pid 5869] unlink("./37/cpuset.effective_mems" [pid 6663] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6665]}, 88) = 6665 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6665 attached NULL, 8) = 0 [pid 6665] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6663] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... rseq resumed>) = 0 [pid 6663] <... futex resumed>) = 0 [pid 6665] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], [pid 6663] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6665] memfd_create("syzkaller", 0) = 3 [pid 6665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./37") = 0 [pid 5869] mkdir("./38", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6666 ./strace-static-x86_64: Process 6666 attached [pid 6666] set_robust_list(0x55558d547760, 24) = 0 [pid 6666] chdir("./38") = 0 [pid 6666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6666] setpgid(0, 0) = 0 [pid 6666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6666] write(3, "1000", 4) = 4 [pid 6666] close(3) = 0 [pid 6666] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6666] write(1, "executing program\n", 18) = 18 [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6666] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6666] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6667]}, 88) = 6667 ./strace-static-x86_64: Process 6667 attached [pid 6666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6666] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6667] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6667] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6667] memfd_create("syzkaller", 0) = 3 [pid 6667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6662] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6665] <... write resumed>) = 16777216 [pid 6665] munmap(0x7fb469000000, 138412032 [pid 6662] <... write resumed>) = 16777216 [pid 6662] munmap(0x7fb469000000, 138412032 [pid 6664] <... write resumed>) = 16777216 [pid 6664] munmap(0x7fb469000000, 138412032 [pid 6665] <... munmap resumed>) = 0 [pid 6665] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6665] ioctl(4, LOOP_SET_FD, 3 [pid 6662] <... munmap resumed>) = 0 [pid 6665] <... ioctl resumed>) = 0 [pid 6662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6665] close(3 [pid 6662] ioctl(4, LOOP_SET_FD, 3 [pid 6665] <... close resumed>) = 0 [ 167.464729][ T6665] loop3: detected capacity change from 0 to 32768 [ 167.488531][ T6662] loop0: detected capacity change from 0 to 32768 [pid 6665] close(4) = 0 [pid 6662] <... ioctl resumed>) = 0 [pid 6665] mkdir("./file0", 0777 [pid 6664] <... munmap resumed>) = 0 [pid 6665] <... mkdir resumed>) = 0 [pid 6665] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6664] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6664] ioctl(4, LOOP_SET_FD, 3 [pid 6662] close(3) = 0 [pid 6662] close(4) = 0 [pid 6662] mkdir("./file0", 0777) = 0 [pid 6662] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6664] <... ioctl resumed>) = 0 [pid 6664] close(3) = 0 [pid 6664] close(4) = 0 [pid 6664] mkdir("./file0", 0777) = 0 [ 167.508881][ T6664] loop1: detected capacity change from 0 to 32768 [ 167.521143][ T6665] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 167.522073][ T6662] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 167.556009][ T6662] CPU: 0 UID: 0 PID: 6662 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 167.556037][ T6662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.556050][ T6662] Call Trace: [ 167.556059][ T6662] [ 167.556068][ T6662] dump_stack_lvl+0x189/0x250 [ 167.556099][ T6662] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.556124][ T6662] ? __pfx__printk+0x10/0x10 [ 167.556149][ T6662] ? kernfs_root+0x1c/0x230 [pid 6664] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6662] <... mount resumed>) = -1 EEXIST (File exists) [ 167.556184][ T6662] ? kernfs_path_from_node+0x250/0x290 [ 167.556206][ T6662] ? kernfs_path_from_node+0x2f/0x290 [ 167.556229][ T6662] sysfs_create_dir_ns+0x259/0x280 [ 167.556251][ T6662] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 167.556273][ T6662] ? do_raw_spin_unlock+0x122/0x240 [ 167.556301][ T6662] kobject_add_internal+0x59f/0xb40 [ 167.556330][ T6662] kobject_init_and_add+0x125/0x190 [ 167.556355][ T6662] ? __pfx_kobject_init_and_add+0x10/0x10 [ 167.556378][ T6662] ? __raw_spin_lock_init+0x45/0x100 [ 167.556415][ T6662] ? __init_swait_queue_head+0xa9/0x150 [ 167.556438][ T6662] gfs2_sys_fs_add+0x234/0x450 [ 167.556457][ T6662] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 167.556478][ T6662] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 167.556510][ T6662] gfs2_fill_super+0x13c0/0x20d0 [ 167.556541][ T6662] ? __pfx_gfs2_fill_super+0x10/0x10 [ 167.556568][ T6662] ? sb_set_blocksize+0x104/0x180 [ 167.556598][ T6662] ? setup_bdev_super+0x4c1/0x5b0 [ 167.556627][ T6662] get_tree_bdev_flags+0x40b/0x4d0 [ 167.556654][ T6662] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6662] ioctl(3, LOOP_CLR_FD) = 0 [pid 6662] close(3) = 0 [pid 6662] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] <... futex resumed>) = 0 [pid 6660] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... futex resumed>) = 0 [pid 6660] <... futex resumed>) = 1 [pid 6662] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6662] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6660] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... futex resumed>) = 0 [pid 6660] <... futex resumed>) = 1 [pid 6662] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 167.556678][ T6662] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 167.556710][ T6662] gfs2_get_tree+0x51/0x1e0 [ 167.556735][ T6662] vfs_get_tree+0x8f/0x2b0 [ 167.556764][ T6662] do_new_mount+0x2a2/0xa30 [ 167.556795][ T6662] ? ns_capable+0x8a/0xf0 [ 167.556814][ T6662] ? __pfx_do_new_mount+0x10/0x10 [ 167.556843][ T6662] ? path_mount+0x61c/0xfe0 [ 167.556871][ T6662] ? user_path_at+0x44/0x60 [ 167.556898][ T6662] __se_sys_mount+0x317/0x410 [ 167.556930][ T6662] ? __pfx___se_sys_mount+0x10/0x10 [pid 6660] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... write resumed>) = 16777216 [pid 6660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6660] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6660] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6674]}, 88) = 6674 [pid 6660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6660] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 167.556957][ T6662] ? rcu_is_watching+0x15/0xb0 [ 167.556979][ T6662] ? __x64_sys_mount+0x20/0xc0 [ 167.557024][ T6662] do_syscall_64+0xfa/0x3b0 [ 167.557045][ T6662] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.557064][ T6662] ? clear_bhb_loop+0x60/0xb0 [ 167.557087][ T6662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.557106][ T6662] RIP: 0033:0x7fb47156b94a [pid 6667] munmap(0x7fb469000000, 138412032 [pid 6665] <... mount resumed>) = -1 EEXIST (File exists) [pid 6665] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6665] ioctl(3, LOOP_CLR_FD) = 0 [ 167.557124][ T6662] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 167.557142][ T6662] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 167.557175][ T6662] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 167.557191][ T6662] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 167.557206][ T6662] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 167.557221][ T6662] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 167.557235][ T6662] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 167.557257][ T6662] [ 167.557881][ T6662] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 167.560153][ T6664] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 167.585231][ T6662] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 167.612151][ T6665] CPU: 1 UID: 0 PID: 6665 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 167.612185][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.612201][ T6665] Call Trace: [ 167.612211][ T6665] [ 167.612221][ T6665] dump_stack_lvl+0x189/0x250 [ 167.612258][ T6665] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.612285][ T6665] ? __pfx__printk+0x10/0x10 [ 167.612316][ T6665] ? kernfs_root+0x1c/0x230 [ 167.612345][ T6665] ? kernfs_path_from_node+0x250/0x290 [ 167.612370][ T6665] ? kernfs_path_from_node+0x2f/0x290 [ 167.612398][ T6665] sysfs_create_dir_ns+0x259/0x280 [ 167.612425][ T6665] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 167.612451][ T6665] ? do_raw_spin_unlock+0x122/0x240 [ 167.612483][ T6665] kobject_add_internal+0x59f/0xb40 [ 167.612516][ T6665] kobject_init_and_add+0x125/0x190 [ 167.612544][ T6665] ? __pfx_kobject_init_and_add+0x10/0x10 [ 167.612571][ T6665] ? __raw_spin_lock_init+0x45/0x100 [ 167.612599][ T6665] ? __init_swait_queue_head+0xa9/0x150 [ 167.612629][ T6665] gfs2_sys_fs_add+0x234/0x450 [ 167.612653][ T6665] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 167.612680][ T6665] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 6665] close(3 [pid 6660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6660] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6660] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6675]}, 88) = 6675 ./strace-static-x86_64: Process 6675 attached [pid 6660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6660] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6675] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6675] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6660] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6675] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6675] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6660] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6674 attached [pid 6667] <... munmap resumed>) = 0 [pid 6674] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6674] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6674] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6667] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 167.612717][ T6665] gfs2_fill_super+0x13c0/0x20d0 [ 167.612770][ T6665] ? __pfx_gfs2_fill_super+0x10/0x10 [ 167.612804][ T6665] ? sb_set_blocksize+0x104/0x180 [ 167.612840][ T6665] ? setup_bdev_super+0x4c1/0x5b0 [ 167.612875][ T6665] get_tree_bdev_flags+0x40b/0x4d0 [ 167.612915][ T6665] ? __pfx_gfs2_fill_super+0x10/0x10 [ 167.612945][ T6665] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 167.612984][ T6665] gfs2_get_tree+0x51/0x1e0 [ 167.613014][ T6665] vfs_get_tree+0x8f/0x2b0 [ 167.613047][ T6665] do_new_mount+0x2a2/0xa30 [pid 6667] ioctl(4, LOOP_SET_FD, 3 [pid 6664] <... mount resumed>) = -1 EEXIST (File exists) [pid 6664] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6664] ioctl(3, LOOP_CLR_FD) = 0 [ 167.613082][ T6665] ? ns_capable+0x8a/0xf0 [ 167.613106][ T6665] ? __pfx_do_new_mount+0x10/0x10 [ 167.613139][ T6665] ? path_mount+0x61c/0xfe0 [ 167.613171][ T6665] ? user_path_at+0x44/0x60 [ 167.613200][ T6665] __se_sys_mount+0x317/0x410 [ 167.613238][ T6665] ? __pfx___se_sys_mount+0x10/0x10 [ 167.613271][ T6665] ? rcu_is_watching+0x15/0xb0 [ 167.613297][ T6665] ? __x64_sys_mount+0x20/0xc0 [ 167.613333][ T6665] do_syscall_64+0xfa/0x3b0 [ 167.613357][ T6665] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.613381][ T6665] ? clear_bhb_loop+0x60/0xb0 [ 167.613407][ T6665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.613428][ T6665] RIP: 0033:0x7fb47156b94a [ 167.613450][ T6665] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 167.613486][ T6665] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 167.613511][ T6665] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6664] close(3 [pid 6665] <... close resumed>) = 0 [pid 6665] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6665] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6665] openat(AT_FDCWD, ".", O_RDONLY [pid 6663] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6665] <... openat resumed>) = 3 [pid 6665] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6665] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6663] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.613529][ T6665] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 167.613546][ T6665] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 167.613564][ T6665] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 167.613581][ T6665] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 167.613605][ T6665] [ 167.613630][ T6665] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6663] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] <... close resumed>) = 0 [pid 6664] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6664] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6663] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6663] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6663] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6676]}, 88) = 6676 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6663] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.618471][ T6664] CPU: 0 UID: 0 PID: 6664 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 167.618505][ T6664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 167.618521][ T6664] Call Trace: [ 167.618530][ T6664] [ 167.618541][ T6664] dump_stack_lvl+0x189/0x250 [ 167.618577][ T6664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.618607][ T6664] ? __pfx__printk+0x10/0x10 [ 167.618636][ T6664] ? kernfs_root+0x1c/0x230 [pid 6663] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6676 attached [pid 6661] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6664] <... futex resumed>) = 0 [pid 6661] <... futex resumed>) = 1 [pid 6676] <... rseq resumed>) = 0 [pid 6664] openat(AT_FDCWD, ".", O_RDONLY [pid 6661] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] set_robust_list(0x7fb4714f59a0, 24 [pid 6664] <... openat resumed>) = 3 [pid 6676] <... set_robust_list resumed>) = 0 [pid 6664] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] rt_sigprocmask(SIG_SETMASK, [], [pid 6664] <... futex resumed>) = 1 [pid 6663] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6661] <... futex resumed>) = 0 [pid 6676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6661] <... futex resumed>) = 0 [pid 6664] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6663] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 6661] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... mprotect resumed>) = 0 [pid 6663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6677]}, 88) = 6677 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6663] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.618665][ T6664] ? kernfs_path_from_node+0x250/0x290 [ 167.618691][ T6664] ? kernfs_path_from_node+0x2f/0x290 [ 167.618719][ T6664] sysfs_create_dir_ns+0x259/0x280 [ 167.618744][ T6664] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 167.618770][ T6664] ? do_raw_spin_unlock+0x122/0x240 [ 167.618802][ T6664] kobject_add_internal+0x59f/0xb40 [ 167.618833][ T6664] kobject_init_and_add+0x125/0x190 [ 167.618861][ T6664] ? __pfx_kobject_init_and_add+0x10/0x10 [ 167.618888][ T6664] ? __raw_spin_lock_init+0x45/0x100 [pid 6663] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6677 attached [pid 6677] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6677] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6677] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6677] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6663] <... futex resumed>) = 0 [pid 6677] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6661] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6661] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.618915][ T6664] ? __init_swait_queue_head+0xa9/0x150 [ 167.618944][ T6664] gfs2_sys_fs_add+0x234/0x450 [ 167.618975][ T6664] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 167.619001][ T6664] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 167.619040][ T6664] gfs2_fill_super+0x13c0/0x20d0 [ 167.619078][ T6664] ? __pfx_gfs2_fill_super+0x10/0x10 [ 167.619111][ T6664] ? sb_set_blocksize+0x104/0x180 [ 167.619145][ T6664] ? setup_bdev_super+0x4c1/0x5b0 [ 167.619186][ T6664] get_tree_bdev_flags+0x40b/0x4d0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6661] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6678 attached [pid 6678] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6678] set_robust_list(0x7fb4714f59a0, 24 [pid 6661] <... clone3 resumed> => {parent_tid=[6678]}, 88) = 6678 [pid 6678] <... set_robust_list resumed>) = 0 [pid 6661] rt_sigprocmask(SIG_SETMASK, [], [pid 6678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6678] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6661] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6678] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6661] <... futex resumed>) = 0 [ 167.619218][ T6664] ? __pfx_gfs2_fill_super+0x10/0x10 [ 167.619248][ T6664] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 167.619285][ T6664] gfs2_get_tree+0x51/0x1e0 [ 167.619317][ T6664] vfs_get_tree+0x8f/0x2b0 [ 167.619348][ T6664] do_new_mount+0x2a2/0xa30 [ 167.619384][ T6664] ? ns_capable+0x8a/0xf0 [ 167.619407][ T6664] ? __pfx_do_new_mount+0x10/0x10 [ 167.619439][ T6664] ? path_mount+0x61c/0xfe0 [ 167.619472][ T6664] ? user_path_at+0x44/0x60 [ 167.619502][ T6664] __se_sys_mount+0x317/0x410 [pid 6661] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6661] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6661] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 6679 attached => {parent_tid=[6679]}, 88) = 6679 [pid 6679] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6661] rt_sigprocmask(SIG_SETMASK, [], [pid 6679] <... rseq resumed>) = 0 [pid 6661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6679] set_robust_list(0x7fb4714d49a0, 24 [pid 6661] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... set_robust_list resumed>) = 0 [pid 6661] <... futex resumed>) = 0 [pid 6679] rt_sigprocmask(SIG_SETMASK, [], [pid 6661] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6679] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6660] exit_group(0 [pid 6679] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] <... futex resumed>) = ? [pid 6660] <... exit_group resumed>) = ? [pid 6679] <... futex resumed>) = 1 [pid 6675] +++ exited with 0 +++ [pid 6661] <... futex resumed>) = 0 [ 167.619541][ T6664] ? __pfx___se_sys_mount+0x10/0x10 [ 167.619573][ T6664] ? rcu_is_watching+0x15/0xb0 [ 167.619600][ T6664] ? __x64_sys_mount+0x20/0xc0 [ 167.619635][ T6664] do_syscall_64+0xfa/0x3b0 [ 167.619660][ T6664] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.619682][ T6664] ? clear_bhb_loop+0x60/0xb0 [ 167.619708][ T6664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.619732][ T6664] RIP: 0033:0x7fb47156b94a [ 167.619751][ T6664] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 167.619771][ T6664] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 167.619796][ T6664] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 167.619814][ T6664] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 167.619832][ T6664] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 167.619849][ T6664] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6679] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6667] <... ioctl resumed>) = 0 [pid 6667] close(3 [pid 6676] <... openat resumed>) = 4 [pid 6674] <... openat resumed>) = ? [pid 6667] <... close resumed>) = 0 [pid 6665] <... ioctl resumed>) = 0 [pid 6662] <... ioctl resumed>) = ? [pid 6678] <... openat resumed>) = 4 [pid 6676] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] +++ exited with 0 +++ [pid 6667] close(4 [pid 6665] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... ioctl resumed>) = 0 [pid 6667] <... close resumed>) = 0 [pid 6667] mkdir("./file0", 0777 [pid 6664] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6676] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 0 [pid 6662] +++ exited with 0 +++ [pid 6678] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] exit_group(0 [pid 6660] +++ exited with 0 +++ [pid 6678] <... futex resumed>) = 0 [pid 6678] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6677] <... futex resumed>) = ? [pid 6663] <... exit_group resumed>) = ? [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6660, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- [pid 6676] +++ exited with 0 +++ [pid 6665] +++ exited with 0 +++ [pid 6677] +++ exited with 0 +++ [pid 6667] <... mkdir resumed>) = 0 [pid 6664] <... futex resumed>) = 0 [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 6664] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6661] exit_group(0 [pid 6679] <... futex resumed>) = ? [pid 6678] <... futex resumed>) = ? [pid 6661] <... exit_group resumed>) = ? [pid 6679] +++ exited with 0 +++ [pid 6664] <... futex resumed>) = ? [pid 6664] +++ exited with 0 +++ [pid 6678] +++ exited with 0 +++ [pid 6667] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6663] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6663, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=35 /* 0.35 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6661] +++ exited with 0 +++ [pid 5867] <... restart_syscall resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6661, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=75 /* 0.75 s */} --- [pid 5870] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 167.619864][ T6664] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 167.619890][ T6664] [ 167.619912][ T6664] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 167.656026][ T6665] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 167.698946][ T6664] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 168.056041][ T6667] loop2: detected capacity change from 0 to 32768 [pid 5867] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5867] <... openat resumed>) = 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] <... openat resumed>) = 3 [pid 5867] newfstatat(3, "", [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] newfstatat(3, "", [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, [pid 5870] getdents64(4, [pid 5868] getdents64(3, [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] getdents64(4, [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] close(4 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./39/file0", [pid 5868] newfstatat(AT_FDCWD, "./40/file0", [pid 5870] rmdir("./39/file0" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... rmdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... openat resumed>) = 4 [pid 5867] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] newfstatat(4, "", [pid 5870] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5867] <... openat resumed>) = 4 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] newfstatat(4, "", [pid 5868] getdents64(4, [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] unlink("./39/binderfs" [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, [pid 5868] getdents64(4, [pid 5870] <... unlink resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] close(4 [pid 5867] getdents64(4, [pid 5870] umount2("./39/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5867] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] close(4 [pid 5868] rmdir("./40/file0" [pid 5867] <... close resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./39/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./39/cpuset.effective_mems" [pid 5868] <... rmdir resumed>) = 0 [pid 5867] rmdir("./39/file0" [pid 5868] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, [pid 5867] <... rmdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(AT_FDCWD, "./40/binderfs", [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./39") = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] newfstatat(AT_FDCWD, "./39/binderfs", [pid 5868] unlink("./40/binderfs" [pid 5870] mkdir("./40", 0777 [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5867] unlink("./39/binderfs" [pid 5868] umount2("./40/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... unlink resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./40/cpuset.effective_mems", [pid 5867] umount2("./39/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [ 168.601532][ T6667] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 168.629207][ T6667] CPU: 0 UID: 0 PID: 6667 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] unlink("./40/cpuset.effective_mems" [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./39/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./39/cpuset.effective_mems") = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5868] getdents64(3, [pid 5867] rmdir("./39" [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 5868] close(3 [pid 5867] mkdir("./40", 0777 [pid 5868] <... close resumed>) = 0 [pid 5867] <... mkdir resumed>) = 0 [pid 5868] rmdir("./40" [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6682 attached [pid 5868] <... rmdir resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 6682] set_robust_list(0x55558d547760, 24) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6682 [pid 6682] chdir("./40") = 0 [pid 6682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6682] setpgid(0, 0) = 0 [pid 6682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] mkdir("./41", 0777 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 6682] write(3, "1000", 4 [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6682] <... write resumed>) = 4 [ 168.629239][ T6667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 168.629253][ T6667] Call Trace: [ 168.629261][ T6667] [ 168.629270][ T6667] dump_stack_lvl+0x189/0x250 [ 168.629301][ T6667] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.629326][ T6667] ? __pfx__printk+0x10/0x10 [ 168.629353][ T6667] ? kernfs_root+0x1c/0x230 [ 168.629378][ T6667] ? kernfs_path_from_node+0x250/0x290 [ 168.629400][ T6667] ? kernfs_path_from_node+0x2f/0x290 [ 168.629424][ T6667] sysfs_create_dir_ns+0x259/0x280 [ 168.629447][ T6667] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [pid 5867] close(3 [pid 6682] close(3 [pid 5868] <... mkdir resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 6682] <... close resumed>) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6682] symlink("/dev/binderfs", "./binderfs" [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 6683 attached [pid 6682] <... symlink resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6683 [pid 6683] set_robust_list(0x55558d547760, 24 [pid 6682] write(1, "executing program\n", 18executing program [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6683] <... set_robust_list resumed>) = 0 [pid 6682] <... write resumed>) = 18 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6683] chdir("./40" [pid 6682] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 6682] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6683] <... chdir resumed>) = 0 [pid 6682] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6682] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6683] <... prctl resumed>) = 0 [pid 6682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6683] setpgid(0, 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6683] <... setpgid resumed>) = 0 [pid 6682] <... mmap resumed>) = 0x7fb4714f6000 [pid 6683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6682] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6683] <... openat resumed>) = 3 [pid 6682] <... mprotect resumed>) = 0 [pid 6682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6683] write(3, "1000", 4 [pid 6682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6683] <... write resumed>) = 4 [pid 6683] close(3 [pid 6682] <... clone3 resumed> => {parent_tid=[6684]}, 88) = 6684 [ 168.629470][ T6667] ? do_raw_spin_unlock+0x122/0x240 [ 168.629498][ T6667] kobject_add_internal+0x59f/0xb40 [ 168.629527][ T6667] kobject_init_and_add+0x125/0x190 [ 168.629552][ T6667] ? __pfx_kobject_init_and_add+0x10/0x10 [ 168.629575][ T6667] ? __raw_spin_lock_init+0x45/0x100 [ 168.629601][ T6667] ? __init_swait_queue_head+0xa9/0x150 [ 168.629627][ T6667] gfs2_sys_fs_add+0x234/0x450 [ 168.629648][ T6667] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 168.629672][ T6667] ? __pfx_alloc_workqueue_noprof+0x10/0x10 executing program [pid 6683] <... close resumed>) = 0 [pid 6682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] symlink("/dev/binderfs", "./binderfs" [pid 6682] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... symlink resumed>) = 0 [pid 6682] <... futex resumed>) = 0 [pid 6682] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6685 [pid 6683] write(1, "executing program\n", 18) = 18 [pid 6683] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6683] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6686]}, 88) = 6686 [pid 6683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6684 attached ./strace-static-x86_64: Process 6686 attached ./strace-static-x86_64: Process 6685 attached [pid 6684] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6686] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6685] set_robust_list(0x55558d547760, 24 [pid 6686] <... rseq resumed>) = 0 [pid 6685] <... set_robust_list resumed>) = 0 [pid 6684] <... rseq resumed>) = 0 [pid 6686] set_robust_list(0x7fb4715169a0, 24 [pid 6685] chdir("./41" [pid 6684] set_robust_list(0x7fb4715169a0, 24 [pid 6686] <... set_robust_list resumed>) = 0 [pid 6684] <... set_robust_list resumed>) = 0 [pid 6686] rt_sigprocmask(SIG_SETMASK, [], [pid 6685] <... chdir resumed>) = 0 [pid 6686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6684] rt_sigprocmask(SIG_SETMASK, [], [pid 6686] memfd_create("syzkaller", 0 [pid 6684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6684] memfd_create("syzkaller", 0 [pid 6686] <... memfd_create resumed>) = 3 [pid 6685] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 168.629706][ T6667] gfs2_fill_super+0x13c0/0x20d0 [ 168.629740][ T6667] ? __pfx_gfs2_fill_super+0x10/0x10 [ 168.629767][ T6667] ? sb_set_blocksize+0x104/0x180 [ 168.629796][ T6667] ? setup_bdev_super+0x4c1/0x5b0 [ 168.629827][ T6667] get_tree_bdev_flags+0x40b/0x4d0 [ 168.629865][ T6667] ? __pfx_gfs2_fill_super+0x10/0x10 [ 168.629892][ T6667] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 168.629925][ T6667] gfs2_get_tree+0x51/0x1e0 [ 168.629963][ T6667] vfs_get_tree+0x8f/0x2b0 [ 168.629992][ T6667] do_new_mount+0x2a2/0xa30 [ 168.630025][ T6667] ? ns_capable+0x8a/0xf0 [pid 6685] <... prctl resumed>) = 0 [ 168.630044][ T6667] ? __pfx_do_new_mount+0x10/0x10 [ 168.630073][ T6667] ? path_mount+0x61c/0xfe0 [ 168.630100][ T6667] ? user_path_at+0x44/0x60 [ 168.630127][ T6667] __se_sys_mount+0x317/0x410 [ 168.630159][ T6667] ? __pfx___se_sys_mount+0x10/0x10 [ 168.630189][ T6667] ? rcu_is_watching+0x15/0xb0 [ 168.630211][ T6667] ? __x64_sys_mount+0x20/0xc0 [ 168.630241][ T6667] do_syscall_64+0xfa/0x3b0 [ 168.630261][ T6667] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.630281][ T6667] ? clear_bhb_loop+0x60/0xb0 [pid 6685] setpgid(0, 0 [pid 6684] <... memfd_create resumed>) = 3 [ 168.630303][ T6667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.630322][ T6667] RIP: 0033:0x7fb47156b94a [ 168.630339][ T6667] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 168.630356][ T6667] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 168.630379][ T6667] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6685] <... setpgid resumed>) = 0 [pid 6684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6685] write(3, "1000", 4) = 4 [pid 6685] close(3) = 0 [pid 6685] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6685] write(1, "executing program\n", 18) = 18 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6685] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6685] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6685] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6685] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 168.630394][ T6667] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 168.630408][ T6667] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 168.630423][ T6667] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 168.630437][ T6667] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 168.630457][ T6667] [ 168.630479][ T6667] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6685] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6687 attached => {parent_tid=[6687]}, 88) = 6687 [pid 6685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6685] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6667] <... mount resumed>) = -1 EEXIST (File exists) [pid 6687] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6687] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6687] memfd_create("syzkaller", 0) = 3 [pid 6687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6667] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6667] ioctl(3, LOOP_CLR_FD) = 0 [ 168.947020][ T6667] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6667] close(3 [pid 6686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6667] <... close resumed>) = 0 [pid 6667] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6667] openat(AT_FDCWD, ".", O_RDONLY [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... openat resumed>) = 3 [pid 6667] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] <... futex resumed>) = 0 [pid 6667] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... ioctl resumed>) = 0 [pid 6667] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6667] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6666] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6667] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... openat resumed>) = 4 [pid 6667] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6667] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6667] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6666] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6666] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6686] <... write resumed>) = 16777216 [pid 6686] munmap(0x7fb469000000, 138412032 [pid 6684] <... write resumed>) = 16777216 [pid 6684] munmap(0x7fb469000000, 138412032 [pid 6686] <... munmap resumed>) = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6686] close(3) = 0 [pid 6686] close(4) = 0 [pid 6686] mkdir("./file0", 0777) = 0 [pid 6686] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6684] <... munmap resumed>) = 0 [pid 6684] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 169.451698][ T6686] loop0: detected capacity change from 0 to 32768 [ 169.480579][ T6686] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 169.505680][ T6686] CPU: 0 UID: 0 PID: 6686 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 169.505713][ T6686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.505726][ T6686] Call Trace: [ 169.505735][ T6686] [ 169.505744][ T6686] dump_stack_lvl+0x189/0x250 [ 169.505786][ T6686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.505812][ T6686] ? __pfx__printk+0x10/0x10 [ 169.505839][ T6686] ? kernfs_root+0x1c/0x230 [ 169.505865][ T6686] ? kernfs_path_from_node+0x250/0x290 [ 169.505888][ T6686] ? kernfs_path_from_node+0x2f/0x290 [ 169.505913][ T6686] sysfs_create_dir_ns+0x259/0x280 [ 169.505936][ T6686] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 169.505959][ T6686] ? do_raw_spin_unlock+0x122/0x240 [ 169.505987][ T6686] kobject_add_internal+0x59f/0xb40 [ 169.506030][ T6686] kobject_init_and_add+0x125/0x190 [ 169.506056][ T6686] ? __pfx_kobject_init_and_add+0x10/0x10 [ 169.506080][ T6686] ? __raw_spin_lock_init+0x45/0x100 [pid 6684] ioctl(4, LOOP_SET_FD, 3 [pid 6687] <... write resumed>) = 16777216 [pid 6687] munmap(0x7fb469000000, 138412032 [pid 6666] exit_group(0) = ? [pid 6667] <... write resumed>) = ? [ 169.506105][ T6686] ? __init_swait_queue_head+0xa9/0x150 [ 169.506132][ T6686] gfs2_sys_fs_add+0x234/0x450 [ 169.506154][ T6686] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 169.506179][ T6686] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 169.506213][ T6686] gfs2_fill_super+0x13c0/0x20d0 [ 169.506248][ T6686] ? __pfx_gfs2_fill_super+0x10/0x10 [ 169.506277][ T6686] ? sb_set_blocksize+0x104/0x180 [ 169.506307][ T6686] ? setup_bdev_super+0x4c1/0x5b0 [ 169.506338][ T6686] get_tree_bdev_flags+0x40b/0x4d0 [ 169.506367][ T6686] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6687] <... munmap resumed>) = 0 [pid 6667] +++ exited with 0 +++ [pid 6666] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6666, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=131 /* 1.31 s */} --- [pid 5869] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./38/file0") = 0 [pid 5869] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./38/binderfs") = 0 [pid 5869] umount2("./38/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./38/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=12705792, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 169.506394][ T6686] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 169.506427][ T6686] gfs2_get_tree+0x51/0x1e0 [ 169.506455][ T6686] vfs_get_tree+0x8f/0x2b0 [ 169.506483][ T6686] do_new_mount+0x2a2/0xa30 [ 169.506516][ T6686] ? ns_capable+0x8a/0xf0 [ 169.506535][ T6686] ? __pfx_do_new_mount+0x10/0x10 [ 169.506565][ T6686] ? path_mount+0x61c/0xfe0 [ 169.506593][ T6686] ? user_path_at+0x44/0x60 [ 169.506620][ T6686] __se_sys_mount+0x317/0x410 [ 169.506654][ T6686] ? __pfx___se_sys_mount+0x10/0x10 [ 169.506684][ T6686] ? rcu_is_watching+0x15/0xb0 [pid 5869] unlink("./38/cpuset.effective_mems" [pid 6687] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 169.506707][ T6686] ? __x64_sys_mount+0x20/0xc0 [ 169.506739][ T6686] do_syscall_64+0xfa/0x3b0 [ 169.506768][ T6686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.506789][ T6686] ? clear_bhb_loop+0x60/0xb0 [ 169.506812][ T6686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.506833][ T6686] RIP: 0033:0x7fb47156b94a [ 169.506851][ T6686] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 169.506869][ T6686] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.506892][ T6686] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 169.506908][ T6686] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 169.506923][ T6686] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 169.506939][ T6686] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 169.506953][ T6686] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6687] ioctl(4, LOOP_SET_FD, 3 [pid 6684] <... ioctl resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6684] close(3 [pid 5869] getdents64(3, [pid 6684] <... close resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6684] close(4) = 0 [pid 5869] close(3 [pid 6687] <... ioctl resumed>) = 0 [pid 6687] close(3 [pid 6686] <... mount resumed>) = -1 EEXIST (File exists) [pid 6684] mkdir("./file0", 0777 [pid 5869] <... close resumed>) = 0 [pid 6687] <... close resumed>) = 0 [pid 6687] close(4) = 0 [pid 6687] mkdir("./file0", 0777) = 0 [pid 6686] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6684] <... mkdir resumed>) = 0 [pid 5869] rmdir("./38") = 0 [pid 6684] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6687] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] mkdir("./39", 0777 [pid 6686] <... openat resumed>) = 3 [pid 5869] <... mkdir resumed>) = 0 [pid 6686] ioctl(3, LOOP_CLR_FD [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6686] <... ioctl resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6686] close(3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 169.506974][ T6686] [ 169.506996][ T6686] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 169.664622][ T6684] loop3: detected capacity change from 0 to 32768 [ 169.674928][ T6686] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 169.716944][ T6687] loop1: detected capacity change from 0 to 32768 [pid 5869] close(3) = 0 [ 169.897285][ T6687] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 169.904736][ T6687] CPU: 1 UID: 0 PID: 6687 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 169.904767][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.904781][ T6687] Call Trace: [ 169.904789][ T6687] [ 169.904798][ T6687] dump_stack_lvl+0x189/0x250 [ 169.904830][ T6687] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6692 attached [pid 6686] <... close resumed>) = 0 [pid 6692] set_robust_list(0x55558d547760, 24 [pid 6686] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... set_robust_list resumed>) = 0 [pid 6686] <... futex resumed>) = 1 [pid 6692] chdir("./39" [pid 6686] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6692] <... chdir resumed>) = 0 [pid 6692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6692] setpgid(0, 0) = 0 [pid 6692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6692] write(3, "1000", 4) = 4 [pid 6692] close(3) = 0 [pid 6692] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6692] write(1, "executing program\n", 18) = 18 [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [ 169.904855][ T6687] ? __pfx__printk+0x10/0x10 [ 169.904882][ T6687] ? kernfs_root+0x1c/0x230 [ 169.904908][ T6687] ? kernfs_path_from_node+0x250/0x290 [ 169.904930][ T6687] ? kernfs_path_from_node+0x2f/0x290 [ 169.904956][ T6687] sysfs_create_dir_ns+0x259/0x280 [ 169.904980][ T6687] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 169.905003][ T6687] ? do_raw_spin_unlock+0x122/0x240 [ 169.905031][ T6687] kobject_add_internal+0x59f/0xb40 [ 169.905060][ T6687] kobject_init_and_add+0x125/0x190 [ 169.905085][ T6687] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 6692] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6693]}, 88) = 6693 [pid 6692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6692] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 169.905108][ T6687] ? __raw_spin_lock_init+0x45/0x100 [ 169.905134][ T6687] ? __init_swait_queue_head+0xa9/0x150 [ 169.905162][ T6687] gfs2_sys_fs_add+0x234/0x450 [ 169.905184][ T6687] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 169.905209][ T6687] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 169.905242][ T6687] gfs2_fill_super+0x13c0/0x20d0 [ 169.905276][ T6687] ? __pfx_gfs2_fill_super+0x10/0x10 [ 169.905305][ T6687] ? sb_set_blocksize+0x104/0x180 [ 169.905336][ T6687] ? setup_bdev_super+0x4c1/0x5b0 [ 169.905366][ T6687] get_tree_bdev_flags+0x40b/0x4d0 [ 169.905395][ T6687] ? __pfx_gfs2_fill_super+0x10/0x10 [ 169.905421][ T6687] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 169.905456][ T6687] gfs2_get_tree+0x51/0x1e0 [ 169.905484][ T6687] vfs_get_tree+0x8f/0x2b0 [ 169.905513][ T6687] do_new_mount+0x2a2/0xa30 [ 169.905545][ T6687] ? ns_capable+0x8a/0xf0 [ 169.905564][ T6687] ? __pfx_do_new_mount+0x10/0x10 [ 169.905593][ T6687] ? path_mount+0x61c/0xfe0 [ 169.905620][ T6687] ? user_path_at+0x44/0x60 [ 169.905648][ T6687] __se_sys_mount+0x317/0x410 [ 169.905682][ T6687] ? __pfx___se_sys_mount+0x10/0x10 [ 169.905712][ T6687] ? rcu_is_watching+0x15/0xb0 [ 169.905745][ T6687] ? __x64_sys_mount+0x20/0xc0 [ 169.905776][ T6687] do_syscall_64+0xfa/0x3b0 [ 169.905798][ T6687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.905819][ T6687] ? clear_bhb_loop+0x60/0xb0 [ 169.905841][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.905861][ T6687] RIP: 0033:0x7fb47156b94a [ 169.905881][ T6687] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 169.905899][ T6687] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.905923][ T6687] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 169.905939][ T6687] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 169.905954][ T6687] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 169.905969][ T6687] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6692 ./strace-static-x86_64: Process 6693 attached [pid 6683] <... futex resumed>) = 0 [pid 6693] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6683] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6693] memfd_create("syzkaller", 0) = 3 [pid 6693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6686] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] <... futex resumed>) = 0 [pid 6686] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6683] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6683] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6694]}, 88) = 6694 [pid 6683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6683] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6695]}, 88) = 6695 [pid 6683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6695 attached ./strace-static-x86_64: Process 6694 attached [pid 6695] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6694] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6694] <... rseq resumed>) = 0 [pid 6695] <... rseq resumed>) = 0 [pid 6695] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6694] set_robust_list(0x7fb4714f59a0, 24 [pid 6695] rt_sigprocmask(SIG_SETMASK, [], [pid 6694] <... set_robust_list resumed>) = 0 [pid 6695] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 169.905983][ T6687] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 169.906004][ T6687] [ 170.210884][ T6687] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 170.226213][ T6687] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6694] rt_sigprocmask(SIG_SETMASK, [], [pid 6695] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6686] <... ioctl resumed>) = 0 [pid 6695] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6694] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6686] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] <... openat resumed>) = 4 [pid 6695] <... futex resumed>) = 0 [pid 6694] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] exit_group(0 [pid 6686] <... futex resumed>) = ? [pid 6683] <... exit_group resumed>) = ? [pid 6686] +++ exited with 0 +++ [pid 6694] <... futex resumed>) = ? [pid 6695] +++ exited with 0 +++ [ 170.244624][ T6684] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 170.256190][ T6684] CPU: 0 UID: 0 PID: 6684 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 170.256223][ T6684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 170.256236][ T6684] Call Trace: [ 170.256245][ T6684] [ 170.256254][ T6684] dump_stack_lvl+0x189/0x250 [ 170.256286][ T6684] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.256311][ T6684] ? __pfx__printk+0x10/0x10 [ 170.256338][ T6684] ? kernfs_root+0x1c/0x230 [ 170.256363][ T6684] ? kernfs_path_from_node+0x250/0x290 [ 170.256385][ T6684] ? kernfs_path_from_node+0x2f/0x290 [ 170.256410][ T6684] sysfs_create_dir_ns+0x259/0x280 [ 170.256434][ T6684] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 170.256457][ T6684] ? do_raw_spin_unlock+0x122/0x240 [ 170.256485][ T6684] kobject_add_internal+0x59f/0xb40 [ 170.256514][ T6684] kobject_init_and_add+0x125/0x190 [ 170.256540][ T6684] ? __pfx_kobject_init_and_add+0x10/0x10 [ 170.256563][ T6684] ? __raw_spin_lock_init+0x45/0x100 [ 170.256588][ T6684] ? __init_swait_queue_head+0xa9/0x150 [ 170.256615][ T6684] gfs2_sys_fs_add+0x234/0x450 [ 170.256637][ T6684] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 170.256661][ T6684] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 170.256695][ T6684] gfs2_fill_super+0x13c0/0x20d0 [ 170.256729][ T6684] ? __pfx_gfs2_fill_super+0x10/0x10 [ 170.256758][ T6684] ? sb_set_blocksize+0x104/0x180 [ 170.256787][ T6684] ? setup_bdev_super+0x4c1/0x5b0 [pid 6694] +++ exited with 0 +++ [pid 6693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6687] <... mount resumed>) = -1 EEXIST (File exists) [pid 6683] +++ exited with 0 +++ [pid 6687] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6683, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=56 /* 0.56 s */} --- [ 170.256817][ T6684] get_tree_bdev_flags+0x40b/0x4d0 [ 170.256844][ T6684] ? __pfx_gfs2_fill_super+0x10/0x10 [ 170.256871][ T6684] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 170.256912][ T6684] gfs2_get_tree+0x51/0x1e0 [ 170.256941][ T6684] vfs_get_tree+0x8f/0x2b0 [ 170.256969][ T6684] do_new_mount+0x2a2/0xa30 [ 170.257002][ T6684] ? ns_capable+0x8a/0xf0 [ 170.257021][ T6684] ? __pfx_do_new_mount+0x10/0x10 [ 170.257051][ T6684] ? path_mount+0x61c/0xfe0 [ 170.257079][ T6684] ? user_path_at+0x44/0x60 [ 170.257106][ T6684] __se_sys_mount+0x317/0x410 [pid 6693] <... write resumed>) = 16777216 [pid 6687] <... openat resumed>) = 3 [pid 6693] munmap(0x7fb469000000, 138412032 [pid 6687] ioctl(3, LOOP_CLR_FD [pid 6693] <... munmap resumed>) = 0 [pid 6687] <... ioctl resumed>) = 0 [pid 5867] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6693] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6687] close(3 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 170.257140][ T6684] ? __pfx___se_sys_mount+0x10/0x10 [ 170.257171][ T6684] ? rcu_is_watching+0x15/0xb0 [ 170.257194][ T6684] ? __x64_sys_mount+0x20/0xc0 [ 170.257225][ T6684] do_syscall_64+0xfa/0x3b0 [ 170.257246][ T6684] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.257267][ T6684] ? clear_bhb_loop+0x60/0xb0 [ 170.257290][ T6684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.257310][ T6684] RIP: 0033:0x7fb47156b94a [ 170.257328][ T6684] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 170.257346][ T6684] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 170.257370][ T6684] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 170.257386][ T6684] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 170.257401][ T6684] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 170.257416][ T6684] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6693] <... openat resumed>) = 4 [pid 6687] <... close resumed>) = 0 [pid 5867] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6693] ioctl(4, LOOP_SET_FD, 3 [pid 6687] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... openat resumed>) = 3 [pid 5867] newfstatat(3, "", [pid 6693] <... ioctl resumed>) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./40/file0") = 0 [pid 5867] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6693] close(3 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./40/binderfs") = 0 [pid 5867] umount2("./40/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./40/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./40/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6693] <... close resumed>) = 0 [pid 6687] <... futex resumed>) = 1 [pid 6693] close(4 [pid 6685] <... futex resumed>) = 0 [pid 6684] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] close(3 [pid 6693] <... close resumed>) = 0 [pid 6693] mkdir("./file0", 0777 [pid 6685] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... close resumed>) = 0 [pid 5867] rmdir("./40" [pid 6693] <... mkdir resumed>) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 5867] mkdir("./41", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6687] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6687] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6685] <... futex resumed>) = 0 [pid 6685] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6684] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6684] ioctl(3, LOOP_CLR_FD) = 0 [ 170.257429][ T6684] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 170.257451][ T6684] [ 170.257513][ T6684] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 170.575805][ T6684] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 170.582694][ T6693] loop2: detected capacity change from 0 to 32768 [pid 6684] close(3./strace-static-x86_64: Process 6698 attached [pid 6693] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6698 [pid 6698] set_robust_list(0x55558d547760, 24 [pid 6687] <... ioctl resumed>) = 0 [pid 6687] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6685] <... futex resumed>) = 0 [pid 6685] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6687] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6685] <... futex resumed>) = 0 [pid 6687] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6685] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] <... set_robust_list resumed>) = 0 [pid 6687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6685] <... futex resumed>) = 0 [pid 6687] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6685] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6698] chdir("./41") = 0 [pid 6698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6698] setpgid(0, 0) = 0 [pid 6698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 170.653332][ T6693] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6685] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6684] <... close resumed>) = 0 [ 170.698517][ T6693] CPU: 0 UID: 0 PID: 6693 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 170.698548][ T6693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 170.698594][ T6693] Call Trace: [ 170.698603][ T6693] [ 170.698613][ T6693] dump_stack_lvl+0x189/0x250 [ 170.698643][ T6693] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.698667][ T6693] ? __pfx__printk+0x10/0x10 [ 170.698691][ T6693] ? kernfs_root+0x1c/0x230 [pid 6684] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] <... futex resumed>) = 0 [pid 6682] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] <... futex resumed>) = 1 [pid 6684] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6684] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 6684] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6682] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6682] <... futex resumed>) = 0 [pid 6684] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6682] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 6698] write(3, "1000", 4) = 4 [pid 6698] close(3) = 0 [pid 6698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6698] write(1, "executing program\n", 18) = 18 [pid 6698] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6698] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6701 attached => {parent_tid=[6701]}, 88) = 6701 [pid 6701] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [ 170.698715][ T6693] ? kernfs_path_from_node+0x250/0x290 [ 170.698736][ T6693] ? kernfs_path_from_node+0x2f/0x290 [ 170.698759][ T6693] sysfs_create_dir_ns+0x259/0x280 [ 170.698782][ T6693] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 170.698803][ T6693] ? do_raw_spin_unlock+0x122/0x240 [ 170.698830][ T6693] kobject_add_internal+0x59f/0xb40 [ 170.698857][ T6693] kobject_init_and_add+0x125/0x190 [ 170.698883][ T6693] ? __pfx_kobject_init_and_add+0x10/0x10 [ 170.698907][ T6693] ? __raw_spin_lock_init+0x45/0x100 [pid 6698] rt_sigprocmask(SIG_SETMASK, [], [pid 6701] <... rseq resumed>) = 0 [pid 6698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6701] set_robust_list(0x7fb4715169a0, 24 [pid 6698] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... set_robust_list resumed>) = 0 [pid 6698] <... futex resumed>) = 0 [pid 6701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6698] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6701] memfd_create("syzkaller", 0) = 3 [pid 6701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6682] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6682] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6682] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6702 attached [pid 6702] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6682] <... clone3 resumed> => {parent_tid=[6702]}, 88) = 6702 [pid 6702] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6682] rt_sigprocmask(SIG_SETMASK, [], [pid 6702] rt_sigprocmask(SIG_SETMASK, [], [pid 6682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6682] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6702] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6682] <... futex resumed>) = 0 [ 170.698932][ T6693] ? __init_swait_queue_head+0xa9/0x150 [ 170.698958][ T6693] gfs2_sys_fs_add+0x234/0x450 [ 170.698980][ T6693] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 170.699003][ T6693] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 170.699034][ T6693] gfs2_fill_super+0x13c0/0x20d0 [ 170.699066][ T6693] ? __pfx_gfs2_fill_super+0x10/0x10 [ 170.699094][ T6693] ? sb_set_blocksize+0x104/0x180 [ 170.699124][ T6693] ? setup_bdev_super+0x4c1/0x5b0 [ 170.699153][ T6693] get_tree_bdev_flags+0x40b/0x4d0 [ 170.699182][ T6693] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6682] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6685] exit_group(0) = ? [pid 6687] <... write resumed>) = ? [pid 6682] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6682] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6682] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 6703 attached [ 170.699209][ T6693] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 170.699242][ T6693] gfs2_get_tree+0x51/0x1e0 [ 170.699282][ T6693] vfs_get_tree+0x8f/0x2b0 [ 170.699312][ T6693] do_new_mount+0x2a2/0xa30 [ 170.699344][ T6693] ? ns_capable+0x8a/0xf0 [ 170.699363][ T6693] ? __pfx_do_new_mount+0x10/0x10 [ 170.699392][ T6693] ? path_mount+0x61c/0xfe0 [ 170.699419][ T6693] ? user_path_at+0x44/0x60 [ 170.699459][ T6693] __se_sys_mount+0x317/0x410 [ 170.699494][ T6693] ? __pfx___se_sys_mount+0x10/0x10 => {parent_tid=[6703]}, 88) = 6703 [pid 6703] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6682] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6682] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] <... rseq resumed>) = 0 [pid 6687] +++ exited with 0 +++ [pid 6685] +++ exited with 0 +++ [pid 6703] set_robust_list(0x7fb4714d49a0, 24 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6685, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=46 /* 0.46 s */} --- [pid 6703] <... set_robust_list resumed>) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6703] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6703] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6703] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6682] <... futex resumed>) = 0 [pid 5868] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6703] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./41/file0") = 0 [pid 5868] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./41/binderfs") = 0 [pid 5868] umount2("./41/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./41/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3272704, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 170.699535][ T6693] ? rcu_is_watching+0x15/0xb0 [ 170.699558][ T6693] ? __x64_sys_mount+0x20/0xc0 [ 170.699625][ T6693] do_syscall_64+0xfa/0x3b0 [ 170.699647][ T6693] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.699668][ T6693] ? clear_bhb_loop+0x60/0xb0 [ 170.699691][ T6693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.699712][ T6693] RIP: 0033:0x7fb47156b94a [ 170.699730][ T6693] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 170.699749][ T6693] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 170.699771][ T6693] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 170.699787][ T6693] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 170.699802][ T6693] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 170.699829][ T6693] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 170.699844][ T6693] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5868] unlink("./41/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./41") = 0 [pid 5868] mkdir("./42", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3 [pid 6702] <... openat resumed>) = 4 [pid 6684] <... ioctl resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6702] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... mount resumed>) = -1 EEXIST (File exists) [pid 6684] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6702] <... futex resumed>) = 0 [pid 6684] <... futex resumed>) = 0 [pid 6702] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6693] ioctl(3, LOOP_CLR_FD [pid 6682] exit_group(0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6703] <... futex resumed>) = ? [pid 6702] <... futex resumed>) = ? [pid 6693] <... ioctl resumed>) = 0 [pid 6684] <... futex resumed>) = ? [pid 6682] <... exit_group resumed>) = ? [pid 6703] +++ exited with 0 +++ [pid 6702] +++ exited with 0 +++ [pid 6693] close(3 [pid 6684] +++ exited with 0 +++ ./strace-static-x86_64: Process 6704 attached [pid 6682] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6682, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=63 /* 0.63 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6704 [pid 6704] set_robust_list(0x55558d547760, 24) = 0 [pid 6704] chdir("./42") = 0 [pid 6704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6704] setpgid(0, 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6704] <... setpgid resumed>) = 0 [pid 5870] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6704] <... openat resumed>) = 3 [pid 5870] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6704] write(3, "1000", 4 [pid 5870] getdents64(3, [pid 6704] <... write resumed>) = 4 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6704] close(3 [pid 5870] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6704] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6704] symlink("/dev/binderfs", "./binderfs" [pid 5870] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6704] <... symlink resumed>) = 0 [pid 5870] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5870] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6704] write(1, "executing program\n", 18 [pid 5870] <... openat resumed>) = 4 [pid 6704] <... write resumed>) = 18 [pid 5870] newfstatat(4, "", [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, [pid 6704] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6704] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [ 170.699866][ T6693] [ 170.699889][ T6693] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 171.017151][ T6693] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] getdents64(4, [pid 6704] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 6704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5870] close(4) = 0 [pid 5870] rmdir("./40/file0") = 0 [pid 5870] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./40/binderfs", [pid 6704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] unlink("./40/binderfs" [pid 6704] <... mmap resumed>) = 0x7fb4714f6000 [pid 5870] <... unlink resumed>) = 0 [pid 6704] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5870] umount2("./40/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6704] <... mprotect resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6704] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] newfstatat(AT_FDCWD, "./40/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6704] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5870] unlink("./40/cpuset.effective_mems" [pid 6704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5870] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6705 attached [pid 5870] getdents64(3, [pid 6704] <... clone3 resumed> => {parent_tid=[6705]}, 88) = 6705 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6704] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] close(3 [pid 6704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6704] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... close resumed>) = 0 [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] rmdir("./40") = 0 [pid 5870] mkdir("./41", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3 [pid 6705] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6705] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6705] memfd_create("syzkaller", 0) = 3 [pid 6705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6706 attached [pid 6706] set_robust_list(0x55558d547760, 24) = 0 [pid 6706] chdir("./41") = 0 [pid 6706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6706] setpgid(0, 0) = 0 [pid 6693] <... close resumed>) = 0 [pid 6706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6693] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... openat resumed>) = 3 [pid 6693] <... futex resumed>) = 1 [pid 6692] <... futex resumed>) = 0 [pid 6706] write(3, "1000", 4 [pid 6693] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6692] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... write resumed>) = 4 [pid 6693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6692] <... futex resumed>) = 0 [pid 6706] close(3 [pid 6693] openat(AT_FDCWD, ".", O_RDONLY [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] <... close resumed>) = 0 [pid 6706] symlink("/dev/binderfs", "./binderfs" [pid 6693] <... openat resumed>) = 3 executing program [pid 6706] <... symlink resumed>) = 0 [pid 6706] write(1, "executing program\n", 18) = 18 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6706 [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6706] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6706] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6693] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6692] <... futex resumed>) = 0 [pid 6693] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6692] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... mmap resumed>) = 0x7fb4714f6000 [pid 6706] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6692] <... futex resumed>) = 0 [pid 6706] <... mprotect resumed>) = 0 [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... ioctl resumed>) = 0 [pid 6693] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6693] <... futex resumed>) = 1 [pid 6692] <... futex resumed>) = 0 [pid 6706] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6692] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6693] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6692] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6707 attached [pid 6693] <... openat resumed>) = 4 [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6706] <... clone3 resumed> => {parent_tid=[6707]}, 88) = 6707 [pid 6693] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... rseq resumed>) = 0 [pid 6706] rt_sigprocmask(SIG_SETMASK, [], [pid 6693] <... futex resumed>) = 1 [pid 6692] <... futex resumed>) = 0 [pid 6707] set_robust_list(0x7fb4715169a0, 24 [pid 6706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6693] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6692] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... set_robust_list resumed>) = 0 [pid 6706] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6692] <... futex resumed>) = 0 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], [pid 6706] <... futex resumed>) = 0 [pid 6693] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6692] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6707] memfd_create("syzkaller", 0) = 3 [pid 6707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6692] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6692] exit_group(0) = ? [pid 6693] <... write resumed>) = ? [pid 6701] <... write resumed>) = 16777216 [pid 6707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6693] +++ exited with 0 +++ [pid 6692] +++ exited with 0 +++ [pid 6701] munmap(0x7fb469000000, 138412032 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6692, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=73 /* 0.73 s */} --- [pid 5869] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./39/file0") = 0 [pid 5869] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./39/binderfs") = 0 [pid 5869] umount2("./39/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./39/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7618560, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./39/cpuset.effective_mems" [pid 6705] <... write resumed>) = 16777216 [pid 6705] munmap(0x7fb469000000, 138412032 [pid 6701] <... munmap resumed>) = 0 [pid 6701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6705] <... munmap resumed>) = 0 [pid 6705] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6701] close(3 [pid 5869] <... unlink resumed>) = 0 [pid 6705] <... openat resumed>) = 4 [pid 6701] <... close resumed>) = 0 [pid 6705] ioctl(4, LOOP_SET_FD, 3 [pid 6701] close(4 [pid 5869] getdents64(3, [pid 6701] <... close resumed>) = 0 [pid 6701] mkdir("./file0", 0777) = 0 [pid 6701] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6705] <... ioctl resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6705] close(3 [pid 5869] rmdir("./39" [pid 6705] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [ 171.583776][ T6701] loop0: detected capacity change from 0 to 32768 [ 171.608995][ T6705] loop1: detected capacity change from 0 to 32768 [pid 6705] close(4 [pid 5869] mkdir("./40", 0777 [pid 6705] <... close resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6705] mkdir("./file0", 0777 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6705] <... mkdir resumed>) = 0 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3 [pid 6705] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6710 attached [pid 6710] set_robust_list(0x55558d547760, 24) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6710 [pid 6710] chdir("./40") = 0 [pid 6710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6710] setpgid(0, 0) = 0 [pid 6710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6710] write(3, "1000", 4) = 4 [pid 6710] close(3) = 0 [pid 6710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6710] write(1, "executing program\n", 18executing program ) = 18 [pid 6710] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6710] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [ 171.633730][ T6701] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6710] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6713]}, 88) = 6713 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6710] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6707] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 6713 attached [ 171.665424][ T6701] CPU: 0 UID: 0 PID: 6701 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 171.665456][ T6701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 171.665469][ T6701] Call Trace: [ 171.665476][ T6701] [ 171.665485][ T6701] dump_stack_lvl+0x189/0x250 [ 171.665518][ T6701] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.665542][ T6701] ? __pfx__printk+0x10/0x10 [ 171.665567][ T6701] ? kernfs_root+0x1c/0x230 [ 171.665591][ T6701] ? kernfs_path_from_node+0x250/0x290 [ 171.665613][ T6701] ? kernfs_path_from_node+0x2f/0x290 [ 171.665638][ T6701] sysfs_create_dir_ns+0x259/0x280 [ 171.665661][ T6701] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 171.665684][ T6701] ? do_raw_spin_unlock+0x122/0x240 [ 171.665712][ T6701] kobject_add_internal+0x59f/0xb40 [ 171.665741][ T6701] kobject_init_and_add+0x125/0x190 [ 171.665766][ T6701] ? __pfx_kobject_init_and_add+0x10/0x10 [ 171.665802][ T6701] ? __raw_spin_lock_init+0x45/0x100 [pid 6707] munmap(0x7fb469000000, 138412032 [pid 6713] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6713] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6713] memfd_create("syzkaller", 0) = 3 [pid 6713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6701] <... mount resumed>) = -1 EEXIST (File exists) [pid 6701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6701] ioctl(3, LOOP_CLR_FD) = 0 [ 171.665827][ T6701] ? __init_swait_queue_head+0xa9/0x150 [ 171.665852][ T6701] gfs2_sys_fs_add+0x234/0x450 [ 171.665872][ T6701] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 171.665895][ T6701] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 171.665928][ T6701] gfs2_fill_super+0x13c0/0x20d0 [ 171.665960][ T6701] ? __pfx_gfs2_fill_super+0x10/0x10 [ 171.665988][ T6701] ? sb_set_blocksize+0x104/0x180 [ 171.666016][ T6701] ? setup_bdev_super+0x4c1/0x5b0 [ 171.666045][ T6701] get_tree_bdev_flags+0x40b/0x4d0 [ 171.666072][ T6701] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6701] close(3) = 0 [pid 6701] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6698] <... futex resumed>) = 0 [pid 6701] openat(AT_FDCWD, ".", O_RDONLY [pid 6698] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... openat resumed>) = 3 [pid 6698] <... futex resumed>) = 0 [pid 6701] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6701] <... futex resumed>) = 0 [pid 6698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6701] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6698] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] <... munmap resumed>) = 0 [pid 6707] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 171.666097][ T6701] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 171.666128][ T6701] gfs2_get_tree+0x51/0x1e0 [ 171.666155][ T6701] vfs_get_tree+0x8f/0x2b0 [ 171.666183][ T6701] do_new_mount+0x2a2/0xa30 [ 171.666216][ T6701] ? ns_capable+0x8a/0xf0 [ 171.666234][ T6701] ? __pfx_do_new_mount+0x10/0x10 [ 171.666263][ T6701] ? path_mount+0x61c/0xfe0 [ 171.666290][ T6701] ? user_path_at+0x44/0x60 [ 171.666317][ T6701] __se_sys_mount+0x317/0x410 [ 171.666348][ T6701] ? __pfx___se_sys_mount+0x10/0x10 [pid 6707] ioctl(4, LOOP_SET_FD, 3 [pid 6698] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6698] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6698] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6714]}, 88) = 6714 [pid 6698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6698] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 171.666377][ T6701] ? rcu_is_watching+0x15/0xb0 [ 171.666397][ T6701] ? __x64_sys_mount+0x20/0xc0 [ 171.666427][ T6701] do_syscall_64+0xfa/0x3b0 [ 171.666449][ T6701] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.666471][ T6701] ? clear_bhb_loop+0x60/0xb0 [ 171.666493][ T6701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.666512][ T6701] RIP: 0033:0x7fb47156b94a [pid 6698] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6714 attached [pid 6714] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6714] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6698] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6714] rt_sigprocmask(SIG_SETMASK, [], [pid 6698] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 6714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6698] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6714] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6698] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6698] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [ 171.666530][ T6701] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 171.666550][ T6701] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 171.666573][ T6701] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 171.666589][ T6701] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 171.666605][ T6701] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 171.666619][ T6701] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6715]}, 88) = 6715 [pid 6698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6698] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6698] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 171.666633][ T6701] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 171.666655][ T6701] [ 171.703736][ T6701] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 171.718304][ T6705] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 171.718331][ T6705] CPU: 0 UID: 0 PID: 6705 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 171.718361][ T6705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 171.718377][ T6705] Call Trace: [ 171.718386][ T6705] [ 171.718395][ T6705] dump_stack_lvl+0x189/0x250 [ 171.718430][ T6705] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.718458][ T6705] ? __pfx__printk+0x10/0x10 [ 171.718489][ T6705] ? kernfs_root+0x1c/0x230 [ 171.718517][ T6705] ? kernfs_path_from_node+0x250/0x290 [ 171.718544][ T6705] ? kernfs_path_from_node+0x2f/0x290 [ 171.718575][ T6705] sysfs_create_dir_ns+0x259/0x280 [ 171.718607][ T6705] ? __pfx_sysfs_create_dir_ns+0x10/0x10 ./strace-static-x86_64: Process 6715 attached [pid 6715] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6715] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6715] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6715] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6715] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6705] <... mount resumed>) = -1 EEXIST (File exists) [pid 6705] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6705] ioctl(3, LOOP_CLR_FD) = 0 [ 171.718636][ T6705] ? do_raw_spin_unlock+0x122/0x240 [ 171.718671][ T6705] kobject_add_internal+0x59f/0xb40 [ 171.718708][ T6705] kobject_init_and_add+0x125/0x190 [ 171.718757][ T6705] ? __pfx_kobject_init_and_add+0x10/0x10 [ 171.718787][ T6705] ? __raw_spin_lock_init+0x45/0x100 [ 171.718819][ T6705] ? __init_swait_queue_head+0xa9/0x150 [ 171.718852][ T6705] gfs2_sys_fs_add+0x234/0x450 [ 171.718880][ T6705] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 171.718911][ T6705] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 171.718953][ T6705] gfs2_fill_super+0x13c0/0x20d0 [ 171.718997][ T6705] ? __pfx_gfs2_fill_super+0x10/0x10 [ 171.719031][ T6705] ? sb_set_blocksize+0x104/0x180 [ 171.719070][ T6705] ? setup_bdev_super+0x4c1/0x5b0 [ 171.719108][ T6705] get_tree_bdev_flags+0x40b/0x4d0 [ 171.719142][ T6705] ? __pfx_gfs2_fill_super+0x10/0x10 [ 171.719175][ T6705] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 171.719217][ T6705] gfs2_get_tree+0x51/0x1e0 [ 171.719253][ T6705] vfs_get_tree+0x8f/0x2b0 [ 171.719287][ T6705] do_new_mount+0x2a2/0xa30 [ 171.719328][ T6705] ? ns_capable+0x8a/0xf0 [ 171.719352][ T6705] ? __pfx_do_new_mount+0x10/0x10 [ 171.719390][ T6705] ? path_mount+0x61c/0xfe0 [ 171.719426][ T6705] ? user_path_at+0x44/0x60 [ 171.719459][ T6705] __se_sys_mount+0x317/0x410 [ 171.719500][ T6705] ? __pfx___se_sys_mount+0x10/0x10 [ 171.719537][ T6705] ? rcu_is_watching+0x15/0xb0 [ 171.719568][ T6705] ? __x64_sys_mount+0x20/0xc0 [ 171.719608][ T6705] do_syscall_64+0xfa/0x3b0 [ 171.719635][ T6705] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.719660][ T6705] ? clear_bhb_loop+0x60/0xb0 [ 171.719690][ T6705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.719723][ T6705] RIP: 0033:0x7fb47156b94a [ 171.719746][ T6705] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 171.719771][ T6705] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 171.719798][ T6705] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 171.719819][ T6705] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 171.719838][ T6705] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 171.719858][ T6705] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 171.719876][ T6705] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 171.719902][ T6705] [ 171.719929][ T6705] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6705] close(3) = 0 [pid 6707] <... ioctl resumed>) = 0 [pid 6707] close(3) = 0 [pid 6707] close(4 [pid 6714] <... openat resumed>) = 4 [pid 6707] <... close resumed>) = 0 [pid 6705] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... ioctl resumed>) = 0 [pid 6714] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] mkdir("./file0", 0777 [pid 6705] <... futex resumed>) = 1 [pid 6704] <... futex resumed>) = 0 [pid 6701] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6705] openat(AT_FDCWD, ".", O_RDONLY [pid 6704] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6698] exit_group(0 [pid 6714] exit_group(0 [pid 6707] <... mkdir resumed>) = 0 [pid 6715] <... futex resumed>) = ? [pid 6714] <... exit_group resumed>) = ? [pid 6715] +++ exited with 0 +++ [pid 6714] +++ exited with 0 +++ [pid 6705] <... openat resumed>) = 3 [pid 6704] <... futex resumed>) = 0 [pid 6698] <... exit_group resumed>) = ? [pid 6707] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6705] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6701] +++ exited with 0 +++ [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6698] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6698, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- [pid 6704] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 6705] <... futex resumed>) = 0 [pid 6704] <... futex resumed>) = 1 [pid 6705] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 171.739325][ T6701] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 171.744836][ T6705] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 171.855873][ T6707] loop3: detected capacity change from 0 to 32768 [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... restart_syscall resumed>) = 0 [pid 5867] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [ 172.372488][ T6707] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 172.381856][ T6707] CPU: 1 UID: 0 PID: 6707 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 172.381888][ T6707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 172.381904][ T6707] Call Trace: [ 172.381912][ T6707] [ 172.381922][ T6707] dump_stack_lvl+0x189/0x250 [pid 5867] rmdir("./41/file0") = 0 [pid 5867] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./41/binderfs") = 0 [pid 5867] umount2("./41/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./41/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./41/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./41") = 0 [ 172.381953][ T6707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.381977][ T6707] ? __pfx__printk+0x10/0x10 [ 172.382004][ T6707] ? kernfs_root+0x1c/0x230 [ 172.382030][ T6707] ? kernfs_path_from_node+0x250/0x290 [ 172.382052][ T6707] ? kernfs_path_from_node+0x2f/0x290 [ 172.382077][ T6707] sysfs_create_dir_ns+0x259/0x280 [ 172.382100][ T6707] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 172.382123][ T6707] ? do_raw_spin_unlock+0x122/0x240 [ 172.382151][ T6707] kobject_add_internal+0x59f/0xb40 [ 172.382178][ T6707] kobject_init_and_add+0x125/0x190 [ 172.382204][ T6707] ? __pfx_kobject_init_and_add+0x10/0x10 [ 172.382227][ T6707] ? __raw_spin_lock_init+0x45/0x100 [ 172.382252][ T6707] ? __init_swait_queue_head+0xa9/0x150 [ 172.382278][ T6707] gfs2_sys_fs_add+0x234/0x450 [ 172.382300][ T6707] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 172.382324][ T6707] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 172.382359][ T6707] gfs2_fill_super+0x13c0/0x20d0 [ 172.382420][ T6707] ? __pfx_gfs2_fill_super+0x10/0x10 [ 172.382454][ T6707] ? sb_set_blocksize+0x104/0x180 [ 172.382482][ T6707] ? setup_bdev_super+0x4c1/0x5b0 [ 172.382510][ T6707] get_tree_bdev_flags+0x40b/0x4d0 [ 172.382535][ T6707] ? __pfx_gfs2_fill_super+0x10/0x10 [ 172.382560][ T6707] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 172.382591][ T6707] gfs2_get_tree+0x51/0x1e0 [ 172.382618][ T6707] vfs_get_tree+0x8f/0x2b0 [ 172.382644][ T6707] do_new_mount+0x2a2/0xa30 [ 172.382790][ T6707] ? ns_capable+0x8a/0xf0 [ 172.382813][ T6707] ? __pfx_do_new_mount+0x10/0x10 [ 172.382842][ T6707] ? path_mount+0x61c/0xfe0 [ 172.382868][ T6707] ? user_path_at+0x44/0x60 [ 172.382896][ T6707] __se_sys_mount+0x317/0x410 [ 172.382929][ T6707] ? __pfx___se_sys_mount+0x10/0x10 [ 172.382960][ T6707] ? rcu_is_watching+0x15/0xb0 [ 172.382983][ T6707] ? __x64_sys_mount+0x20/0xc0 [ 172.383014][ T6707] do_syscall_64+0xfa/0x3b0 [ 172.383036][ T6707] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.383057][ T6707] ? clear_bhb_loop+0x60/0xb0 [ 172.383080][ T6707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.383100][ T6707] RIP: 0033:0x7fb47156b94a [ 172.383118][ T6707] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 172.383135][ T6707] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 172.383158][ T6707] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 172.383173][ T6707] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 172.383188][ T6707] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 5867] mkdir("./42", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6719 attached [pid 6713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6707] <... mount resumed>) = -1 EEXIST (File exists) [pid 6705] <... ioctl resumed>) = 0 [pid 6704] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6719] set_robust_list(0x55558d547760, 24 [pid 6707] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6705] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... set_robust_list resumed>) = 0 [pid 6707] <... openat resumed>) = 3 [pid 6705] <... futex resumed>) = 0 [pid 6704] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6719 [pid 6707] ioctl(3, LOOP_CLR_FD [pid 6705] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6707] <... ioctl resumed>) = 0 [pid 6705] <... openat resumed>) = 4 [pid 6707] close(3 [pid 6705] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... close resumed>) = 0 [pid 6705] <... futex resumed>) = 0 [pid 6707] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6719] chdir("./42" [pid 6707] <... futex resumed>) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6719] <... chdir resumed>) = 0 [pid 6707] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6706] <... futex resumed>) = 0 [pid 6719] <... prctl resumed>) = 0 [pid 6707] openat(AT_FDCWD, ".", O_RDONLY [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] setpgid(0, 0 [pid 6707] <... openat resumed>) = 3 [pid 6705] <... futex resumed>) = 0 [pid 6704] <... futex resumed>) = 1 [pid 6719] <... setpgid resumed>) = 0 [pid 6707] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6707] <... futex resumed>) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6719] <... openat resumed>) = 3 [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6706] <... futex resumed>) = 0 [pid 6704] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] write(3, "1000", 4 [pid 6707] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] <... futex resumed>) = 0 [pid 6704] <... futex resumed>) = 1 [pid 6719] <... write resumed>) = 4 [pid 6705] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6704] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 172.383203][ T6707] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 172.383217][ T6707] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 172.383238][ T6707] [ 172.685968][ T6707] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 172.700014][ T6707] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6719] close(3executing program ) = 0 [pid 6719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6707] <... ioctl resumed>) = 0 [pid 6719] write(1, "executing program\n", 18 [pid 6707] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... write resumed>) = 18 [pid 6707] <... futex resumed>) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6706] <... futex resumed>) = 0 [pid 6719] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6707] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6707] <... openat resumed>) = 4 [pid 6719] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6707] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6707] <... futex resumed>) = 1 [pid 6706] <... futex resumed>) = 0 [pid 6719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6707] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... mmap resumed>) = 0x7fb4714f6000 [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6706] <... futex resumed>) = 0 [pid 6719] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6707] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6706] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6719] <... mprotect resumed>) = 0 [pid 6719] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6720]}, 88) = 6720 [pid 6719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6719] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6720 attached [pid 6704] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6720] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6720] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6720] memfd_create("syzkaller", 0) = 3 [pid 6720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6706] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6704] exit_group(0) = ? [pid 6705] <... write resumed>) = ? [pid 6706] exit_group(0 [pid 6707] <... write resumed>) = ? [pid 6706] <... exit_group resumed>) = ? [pid 6707] +++ exited with 0 +++ [pid 6706] +++ exited with 0 +++ [pid 6705] +++ exited with 0 +++ [pid 6704] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6706, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=98 /* 0.98 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6704, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=51 /* 0.51 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6713] <... write resumed>) = 16777216 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6713] munmap(0x7fb469000000, 138412032 [pid 5870] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... openat resumed>) = 3 [pid 5868] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", [pid 5868] newfstatat(3, "", [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 5868] getdents64(3, [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./41/file0", [pid 5868] newfstatat(AT_FDCWD, "./42/file0", [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... openat resumed>) = 4 [pid 5870] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] newfstatat(4, "", [pid 5870] <... openat resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] newfstatat(4, "", [pid 5868] getdents64(4, [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 5868] getdents64(4, [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] getdents64(4, [pid 5868] close(4 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] <... close resumed>) = 0 [pid 5870] close(4 [pid 5868] rmdir("./42/file0" [pid 5870] <... close resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5870] rmdir("./41/file0" [pid 5868] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... rmdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] newfstatat(AT_FDCWD, "./41/binderfs", [pid 5868] unlink("./42/binderfs" [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5870] unlink("./41/binderfs" [pid 5868] umount2("./42/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] <... unlink resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./42/cpuset.effective_mems", [pid 5870] umount2("./41/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=3805184, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] unlink("./42/cpuset.effective_mems" [pid 5870] newfstatat(AT_FDCWD, "./41/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=14020608, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./41/cpuset.effective_mems" [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./42") = 0 [pid 5868] mkdir("./43", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 6713] <... munmap resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6713] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6721 attached ) = 4 [pid 6721] set_robust_list(0x55558d547760, 24 [pid 6713] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6721 [pid 6721] <... set_robust_list resumed>) = 0 [pid 6721] chdir("./43") = 0 [pid 6721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6721] setpgid(0, 0) = 0 [pid 6713] <... ioctl resumed>) = 0 [pid 6721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6713] close(3 [pid 6721] write(3, "1000", 4 [pid 6713] <... close resumed>) = 0 [pid 6713] close(4 [pid 6721] <... write resumed>) = 4 [pid 6713] <... close resumed>) = 0 [pid 6721] close(3 [pid 6713] mkdir("./file0", 0777 [pid 6721] <... close resumed>) = 0 [pid 6713] <... mkdir resumed>) = 0 [pid 6721] symlink("/dev/binderfs", "./binderfs" [pid 6713] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6721] <... symlink resumed>) = 0 [pid 6721] write(1, "executing program\n", 18executing program ) = 18 [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6721] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6724 attached [pid 6724] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6721] <... clone3 resumed> => {parent_tid=[6724]}, 88) = 6724 [pid 5870] <... unlink resumed>) = 0 [ 173.190291][ T6713] loop2: detected capacity change from 0 to 32768 [ 173.215833][ T6713] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6724] <... rseq resumed>) = 0 [pid 6721] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] getdents64(3, [pid 6724] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 173.243011][ T6713] CPU: 1 UID: 0 PID: 6713 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 173.243045][ T6713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 173.243059][ T6713] Call Trace: [ 173.243068][ T6713] [ 173.243077][ T6713] dump_stack_lvl+0x189/0x250 [ 173.243110][ T6713] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.243133][ T6713] ? __pfx__printk+0x10/0x10 [ 173.243160][ T6713] ? kernfs_root+0x1c/0x230 [pid 6724] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./41" [pid 6721] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 6721] <... futex resumed>) = 1 [pid 5870] mkdir("./42", 0777) = 0 [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6724] <... futex resumed>) = 0 [pid 6724] memfd_create("syzkaller", 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6725 [pid 6724] <... memfd_create resumed>) = 3 [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 173.243187][ T6713] ? kernfs_path_from_node+0x250/0x290 [ 173.243210][ T6713] ? kernfs_path_from_node+0x2f/0x290 [ 173.243234][ T6713] sysfs_create_dir_ns+0x259/0x280 [ 173.243255][ T6713] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 173.243275][ T6713] ? do_raw_spin_unlock+0x122/0x240 [ 173.243301][ T6713] kobject_add_internal+0x59f/0xb40 [ 173.243328][ T6713] kobject_init_and_add+0x125/0x190 [ 173.243362][ T6713] ? __pfx_kobject_init_and_add+0x10/0x10 [ 173.243385][ T6713] ? __raw_spin_lock_init+0x45/0x100 [ 173.243411][ T6713] ? __init_swait_queue_head+0xa9/0x150 [ 173.243436][ T6713] gfs2_sys_fs_add+0x234/0x450 [ 173.243457][ T6713] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 173.243480][ T6713] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 173.243512][ T6713] gfs2_fill_super+0x13c0/0x20d0 [ 173.243544][ T6713] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.243569][ T6713] ? sb_set_blocksize+0x104/0x180 [ 173.243599][ T6713] ? setup_bdev_super+0x4c1/0x5b0 [ 173.243628][ T6713] get_tree_bdev_flags+0x40b/0x4d0 [ 173.243655][ T6713] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.243681][ T6713] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 173.243713][ T6713] gfs2_get_tree+0x51/0x1e0 [ 173.243740][ T6713] vfs_get_tree+0x8f/0x2b0 [ 173.243767][ T6713] do_new_mount+0x2a2/0xa30 [ 173.243799][ T6713] ? ns_capable+0x8a/0xf0 [ 173.243818][ T6713] ? __pfx_do_new_mount+0x10/0x10 [ 173.243846][ T6713] ? path_mount+0x61c/0xfe0 [ 173.243872][ T6713] ? user_path_at+0x44/0x60 [ 173.243900][ T6713] __se_sys_mount+0x317/0x410 [ 173.243932][ T6713] ? __pfx___se_sys_mount+0x10/0x10 [ 173.243961][ T6713] ? rcu_is_watching+0x15/0xb0 [ 173.243983][ T6713] ? __x64_sys_mount+0x20/0xc0 [ 173.244012][ T6713] do_syscall_64+0xfa/0x3b0 [ 173.244032][ T6713] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.244053][ T6713] ? clear_bhb_loop+0x60/0xb0 [ 173.244076][ T6713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.244095][ T6713] RIP: 0033:0x7fb47156b94a [ 173.244112][ T6713] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 173.244130][ T6713] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 173.244152][ T6713] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 173.244167][ T6713] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 173.244182][ T6713] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 173.244196][ T6713] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 ./strace-static-x86_64: Process 6725 attached [pid 6725] set_robust_list(0x55558d547760, 24) = 0 [pid 6725] chdir("./42") = 0 [pid 6725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6725] setpgid(0, 0) = 0 [pid 6725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6725] write(3, "1000", 4) = 4 [pid 6725] close(3) = 0 [pid 6725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6720] <... write resumed>) = 16777216 executing program [pid 6713] <... mount resumed>) = -1 EEXIST (File exists) [pid 6725] write(1, "executing program\n", 18) = 18 [pid 6720] munmap(0x7fb469000000, 138412032 [pid 6713] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6725] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6725] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6725] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6725] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6726]}, 88) = 6726 [pid 6725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6725] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6726 attached [pid 6726] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6713] <... openat resumed>) = 3 [pid 6713] ioctl(3, LOOP_CLR_FD) = 0 [pid 6713] close(3 [pid 6726] <... rseq resumed>) = 0 [ 173.244209][ T6713] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 173.244230][ T6713] [ 173.244441][ T6713] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 173.563619][ T6713] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6726] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6726] memfd_create("syzkaller", 0) = 3 [pid 6726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6720] <... munmap resumed>) = 0 [pid 6720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6720] close(3) = 0 [pid 6720] close(4) = 0 [pid 6720] mkdir("./file0", 0777) = 0 [ 173.663975][ T6720] loop0: detected capacity change from 0 to 32768 [ 173.684001][ T6720] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6720] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6713] <... close resumed>) = 0 [pid 6713] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 173.702666][ T6720] CPU: 1 UID: 0 PID: 6720 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 173.702699][ T6720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 173.702712][ T6720] Call Trace: [ 173.702720][ T6720] [ 173.702730][ T6720] dump_stack_lvl+0x189/0x250 [ 173.702762][ T6720] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.702787][ T6720] ? __pfx__printk+0x10/0x10 [ 173.702815][ T6720] ? kernfs_root+0x1c/0x230 [ 173.702841][ T6720] ? kernfs_path_from_node+0x250/0x290 [ 173.702863][ T6720] ? kernfs_path_from_node+0x2f/0x290 [pid 6713] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6713] <... futex resumed>) = 0 [pid 6713] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6713] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 173.702887][ T6720] sysfs_create_dir_ns+0x259/0x280 [ 173.702912][ T6720] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 173.702935][ T6720] ? do_raw_spin_unlock+0x122/0x240 [ 173.702963][ T6720] kobject_add_internal+0x59f/0xb40 [ 173.702991][ T6720] kobject_init_and_add+0x125/0x190 [ 173.703017][ T6720] ? __pfx_kobject_init_and_add+0x10/0x10 [ 173.703040][ T6720] ? __raw_spin_lock_init+0x45/0x100 [ 173.703066][ T6720] ? __init_swait_queue_head+0xa9/0x150 [ 173.703092][ T6720] gfs2_sys_fs_add+0x234/0x450 [pid 6713] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6710] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6710] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6710] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6729 attached => {parent_tid=[6729]}, 88) = 6729 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6710] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6729] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 173.703114][ T6720] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 173.703138][ T6720] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 173.703173][ T6720] gfs2_fill_super+0x13c0/0x20d0 [ 173.703208][ T6720] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.703236][ T6720] ? sb_set_blocksize+0x104/0x180 [ 173.703266][ T6720] ? setup_bdev_super+0x4c1/0x5b0 [ 173.703296][ T6720] get_tree_bdev_flags+0x40b/0x4d0 [ 173.703339][ T6720] ? __pfx_gfs2_fill_super+0x10/0x10 [ 173.703366][ T6720] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 173.703398][ T6720] gfs2_get_tree+0x51/0x1e0 [pid 6729] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6710] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6710] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6710] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6710] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 6730 attached => {parent_tid=[6730]}, 88) = 6730 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6710] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6730] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6730] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6730] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] <... futex resumed>) = 0 [pid 6730] <... futex resumed>) = 1 [ 173.703425][ T6720] vfs_get_tree+0x8f/0x2b0 [ 173.703453][ T6720] do_new_mount+0x2a2/0xa30 [ 173.703484][ T6720] ? ns_capable+0x8a/0xf0 [ 173.703503][ T6720] ? __pfx_do_new_mount+0x10/0x10 [ 173.703532][ T6720] ? path_mount+0x61c/0xfe0 [ 173.703560][ T6720] ? user_path_at+0x44/0x60 [ 173.703587][ T6720] __se_sys_mount+0x317/0x410 [ 173.703620][ T6720] ? __pfx___se_sys_mount+0x10/0x10 [ 173.703648][ T6720] ? rcu_is_watching+0x15/0xb0 [ 173.703671][ T6720] ? __x64_sys_mount+0x20/0xc0 [ 173.703701][ T6720] do_syscall_64+0xfa/0x3b0 [ 173.703722][ T6720] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.703742][ T6720] ? clear_bhb_loop+0x60/0xb0 [ 173.703764][ T6720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.703784][ T6720] RIP: 0033:0x7fb47156b94a [ 173.703801][ T6720] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 173.703819][ T6720] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 173.703842][ T6720] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 173.703857][ T6720] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 173.703872][ T6720] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 173.703887][ T6720] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 173.703901][ T6720] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 173.703922][ T6720] [pid 6730] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] <... mount resumed>) = -1 EEXIST (File exists) [pid 6729] <... openat resumed>) = 4 [pid 6720] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6713] <... ioctl resumed>) = 0 [pid 6713] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... openat resumed>) = 3 [pid 6720] ioctl(3, LOOP_CLR_FD [pid 6713] <... futex resumed>) = 0 [pid 6720] <... ioctl resumed>) = 0 [pid 6713] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] exit_group(0 [pid 6730] <... futex resumed>) = ? [pid 6729] <... futex resumed>) = ? [pid 6713] <... futex resumed>) = ? [pid 6710] <... exit_group resumed>) = ? [pid 6730] +++ exited with 0 +++ [pid 6729] +++ exited with 0 +++ [pid 6713] +++ exited with 0 +++ [pid 6710] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6710, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=69 /* 0.69 s */} --- [pid 5869] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", [pid 6720] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./40/file0") = 0 [pid 5869] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./40/binderfs") = 0 [pid 5869] umount2("./40/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./40/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./40/cpuset.effective_mems") = 0 [ 173.703945][ T6720] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 174.024569][ T6720] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./40") = 0 [pid 5869] mkdir("./41", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6731 ./strace-static-x86_64: Process 6731 attached [pid 6731] set_robust_list(0x55558d547760, 24) = 0 [pid 6731] chdir("./41") = 0 [pid 6731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6731] setpgid(0, 0) = 0 [pid 6731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6731] write(3, "1000", 4) = 4 [pid 6731] close(3) = 0 [pid 6731] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6731] write(1, "executing program\n", 18) = 18 [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6731] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6724] <... write resumed>) = 16777216 [pid 6731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6733]}, 88) = 6733 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6731] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6733 attached [pid 6733] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6724] munmap(0x7fb469000000, 138412032 [pid 6733] <... rseq resumed>) = 0 [pid 6733] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6720] <... close resumed>) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6733] memfd_create("syzkaller", 0) = 3 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6720] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] openat(AT_FDCWD, ".", O_RDONLY [pid 6719] <... futex resumed>) = 0 [pid 6720] <... openat resumed>) = 3 [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6720] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6719] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6719] <... futex resumed>) = 0 [pid 6720] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... ioctl resumed>) = 0 [pid 6720] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6720] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6719] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... openat resumed>) = 4 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6720] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6719] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6719] <... futex resumed>) = 0 [pid 6720] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6719] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... munmap resumed>) = 0 [pid 6724] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6724] close(3) = 0 [pid 6724] close(4) = 0 [pid 6724] mkdir("./file0", 0777) = 0 [pid 6724] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6719] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 174.221367][ T6724] loop1: detected capacity change from 0 to 32768 [ 174.252233][ T6724] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 174.268231][ T6724] CPU: 1 UID: 0 PID: 6724 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 174.268265][ T6724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.268279][ T6724] Call Trace: [ 174.268288][ T6724] [ 174.268298][ T6724] dump_stack_lvl+0x189/0x250 [ 174.268330][ T6724] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.268354][ T6724] ? __pfx__printk+0x10/0x10 [ 174.268380][ T6724] ? kernfs_root+0x1c/0x230 [ 174.268404][ T6724] ? kernfs_path_from_node+0x250/0x290 [ 174.268425][ T6724] ? kernfs_path_from_node+0x2f/0x290 [ 174.268449][ T6724] sysfs_create_dir_ns+0x259/0x280 [ 174.268471][ T6724] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 174.268493][ T6724] ? do_raw_spin_unlock+0x122/0x240 [ 174.268521][ T6724] kobject_add_internal+0x59f/0xb40 [ 174.268558][ T6724] kobject_init_and_add+0x125/0x190 [ 174.268582][ T6724] ? __pfx_kobject_init_and_add+0x10/0x10 [ 174.268605][ T6724] ? __raw_spin_lock_init+0x45/0x100 [ 174.268629][ T6724] ? __init_swait_queue_head+0xa9/0x150 [ 174.268654][ T6724] gfs2_sys_fs_add+0x234/0x450 [ 174.268676][ T6724] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 174.268699][ T6724] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 174.268732][ T6724] gfs2_fill_super+0x13c0/0x20d0 [ 174.268765][ T6724] ? __pfx_gfs2_fill_super+0x10/0x10 [ 174.268793][ T6724] ? sb_set_blocksize+0x104/0x180 [ 174.268822][ T6724] ? setup_bdev_super+0x4c1/0x5b0 [ 174.268850][ T6724] get_tree_bdev_flags+0x40b/0x4d0 [ 174.268878][ T6724] ? __pfx_gfs2_fill_super+0x10/0x10 [ 174.268904][ T6724] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 174.268936][ T6724] gfs2_get_tree+0x51/0x1e0 [ 174.268963][ T6724] vfs_get_tree+0x8f/0x2b0 [ 174.268990][ T6724] do_new_mount+0x2a2/0xa30 [ 174.269022][ T6724] ? ns_capable+0x8a/0xf0 [ 174.269040][ T6724] ? __pfx_do_new_mount+0x10/0x10 [ 174.269069][ T6724] ? path_mount+0x61c/0xfe0 [ 174.269096][ T6724] ? user_path_at+0x44/0x60 [ 174.269123][ T6724] __se_sys_mount+0x317/0x410 [ 174.269156][ T6724] ? __pfx___se_sys_mount+0x10/0x10 [ 174.269185][ T6724] ? rcu_is_watching+0x15/0xb0 [pid 6726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6719] exit_group(0) = ? [pid 6720] <... write resumed>) = ? [ 174.269207][ T6724] ? __x64_sys_mount+0x20/0xc0 [ 174.269238][ T6724] do_syscall_64+0xfa/0x3b0 [ 174.269259][ T6724] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.269279][ T6724] ? clear_bhb_loop+0x60/0xb0 [ 174.269301][ T6724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.269318][ T6724] RIP: 0033:0x7fb47156b94a [ 174.269333][ T6724] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6720] +++ exited with 0 +++ [pid 6719] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6719, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=65 /* 0.65 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./42/file0") = 0 [pid 5867] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./42/binderfs") = 0 [pid 5867] umount2("./42/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./42/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5218304, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 174.269348][ T6724] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 174.269368][ T6724] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 174.269384][ T6724] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 174.269398][ T6724] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 174.269412][ T6724] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 174.269426][ T6724] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 174.269446][ T6724] [ 174.269508][ T6724] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5867] unlink("./42/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./42") = 0 [pid 5867] mkdir("./43", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6736 ./strace-static-x86_64: Process 6736 attached [pid 6736] set_robust_list(0x55558d547760, 24) = 0 [pid 6736] chdir("./43") = 0 [pid 6736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6736] setpgid(0, 0) = 0 [pid 6736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6736] write(3, "1000", 4) = 4 [pid 6736] close(3) = 0 [pid 6736] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6736] write(1, "executing program\n", 18) = 18 [pid 6736] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6736] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6737]}, 88) = 6737 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6736] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6726] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 6737 attached [pid 6733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6726] munmap(0x7fb469000000, 138412032 [pid 6724] <... mount resumed>) = -1 EEXIST (File exists) [pid 6737] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6737] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6737] memfd_create("syzkaller", 0 [pid 6724] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6724] ioctl(3, LOOP_CLR_FD) = 0 [pid 6724] close(3) = 0 [pid 6724] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6724] openat(AT_FDCWD, ".", O_RDONLY [pid 6721] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... openat resumed>) = 3 [pid 6721] <... futex resumed>) = 0 [pid 6737] <... memfd_create resumed>) = 3 [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6724] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 6721] <... futex resumed>) = 1 [pid 6724] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 174.672888][ T6724] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] <... ioctl resumed>) = 0 [pid 6724] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6724] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6724] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6724] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6724] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6721] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... munmap resumed>) = 0 [pid 6726] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6726] close(3) = 0 [pid 6726] close(4) = 0 [pid 6726] mkdir("./file0", 0777) = 0 [pid 6726] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6721] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 174.768715][ T6726] loop3: detected capacity change from 0 to 32768 [ 174.800850][ T6726] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 174.833257][ T6726] CPU: 0 UID: 0 PID: 6726 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 174.833291][ T6726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 174.833305][ T6726] Call Trace: [ 174.833314][ T6726] [ 174.833323][ T6726] dump_stack_lvl+0x189/0x250 [ 174.833355][ T6726] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.833379][ T6726] ? __pfx__printk+0x10/0x10 [ 174.833406][ T6726] ? kernfs_root+0x1c/0x230 [ 174.833431][ T6726] ? kernfs_path_from_node+0x250/0x290 [ 174.833453][ T6726] ? kernfs_path_from_node+0x2f/0x290 [ 174.833477][ T6726] sysfs_create_dir_ns+0x259/0x280 [ 174.833506][ T6726] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 174.833529][ T6726] ? do_raw_spin_unlock+0x122/0x240 [ 174.833557][ T6726] kobject_add_internal+0x59f/0xb40 [ 174.833585][ T6726] kobject_init_and_add+0x125/0x190 [ 174.833611][ T6726] ? __pfx_kobject_init_and_add+0x10/0x10 [ 174.833633][ T6726] ? __raw_spin_lock_init+0x45/0x100 [ 174.833658][ T6726] ? __init_swait_queue_head+0xa9/0x150 [ 174.833684][ T6726] gfs2_sys_fs_add+0x234/0x450 [ 174.833706][ T6726] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 174.833730][ T6726] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 174.833762][ T6726] gfs2_fill_super+0x13c0/0x20d0 [ 174.833796][ T6726] ? __pfx_gfs2_fill_super+0x10/0x10 [ 174.833825][ T6726] ? sb_set_blocksize+0x104/0x180 [ 174.833855][ T6726] ? setup_bdev_super+0x4c1/0x5b0 [ 174.833884][ T6726] get_tree_bdev_flags+0x40b/0x4d0 [ 174.833913][ T6726] ? __pfx_gfs2_fill_super+0x10/0x10 [ 174.833939][ T6726] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 174.833971][ T6726] gfs2_get_tree+0x51/0x1e0 [ 174.833998][ T6726] vfs_get_tree+0x8f/0x2b0 [ 174.834027][ T6726] do_new_mount+0x2a2/0xa30 [ 174.834058][ T6726] ? ns_capable+0x8a/0xf0 [ 174.834077][ T6726] ? __pfx_do_new_mount+0x10/0x10 [ 174.834106][ T6726] ? path_mount+0x61c/0xfe0 [ 174.834132][ T6726] ? user_path_at+0x44/0x60 [ 174.834160][ T6726] __se_sys_mount+0x317/0x410 [ 174.834195][ T6726] ? __pfx___se_sys_mount+0x10/0x10 [ 174.834223][ T6726] ? rcu_is_watching+0x15/0xb0 [ 174.834247][ T6726] ? __x64_sys_mount+0x20/0xc0 [ 174.834287][ T6726] do_syscall_64+0xfa/0x3b0 [ 174.834309][ T6726] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.834329][ T6726] ? clear_bhb_loop+0x60/0xb0 [ 174.834352][ T6726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.834372][ T6726] RIP: 0033:0x7fb47156b94a [ 174.834390][ T6726] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6733] <... write resumed>) = 16777216 [ 174.834407][ T6726] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 174.834431][ T6726] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 174.834447][ T6726] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 174.834468][ T6726] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 174.834483][ T6726] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 174.834504][ T6726] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 174.834526][ T6726] [ 174.905623][ T6726] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6733] munmap(0x7fb469000000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6733] close(3) = 0 [pid 6733] close(4) = 0 [pid 6733] mkdir("./file0", 0777) = 0 [ 175.209554][ T6733] loop2: detected capacity change from 0 to 32768 [ 175.237453][ T6726] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 175.267673][ T6733] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 175.283315][ T6733] CPU: 0 UID: 0 PID: 6733 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 175.283348][ T6733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 175.283362][ T6733] Call Trace: [ 175.283370][ T6733] [ 175.283380][ T6733] dump_stack_lvl+0x189/0x250 [pid 6733] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6726] <... mount resumed>) = -1 EEXIST (File exists) [pid 6726] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6726] ioctl(3, LOOP_CLR_FD) = 0 [pid 6726] close(3 [pid 6721] exit_group(0) = ? [ 175.283412][ T6733] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.283437][ T6733] ? __pfx__printk+0x10/0x10 [ 175.283472][ T6733] ? kernfs_root+0x1c/0x230 [ 175.283498][ T6733] ? kernfs_path_from_node+0x250/0x290 [ 175.283520][ T6733] ? kernfs_path_from_node+0x2f/0x290 [ 175.283545][ T6733] sysfs_create_dir_ns+0x259/0x280 [ 175.283568][ T6733] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 175.283591][ T6733] ? do_raw_spin_unlock+0x122/0x240 [ 175.283619][ T6733] kobject_add_internal+0x59f/0xb40 [pid 6724] <... write resumed>) = ? [pid 6724] +++ exited with 0 +++ [pid 6721] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6721, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=71 /* 0.71 s */} --- [pid 5868] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./43/file0") = 0 [ 175.283647][ T6733] kobject_init_and_add+0x125/0x190 [ 175.283673][ T6733] ? __pfx_kobject_init_and_add+0x10/0x10 [ 175.283696][ T6733] ? __raw_spin_lock_init+0x45/0x100 [ 175.283722][ T6733] ? __init_swait_queue_head+0xa9/0x150 [ 175.283748][ T6733] gfs2_sys_fs_add+0x234/0x450 [ 175.283770][ T6733] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 175.283794][ T6733] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 175.283828][ T6733] gfs2_fill_super+0x13c0/0x20d0 [ 175.283863][ T6733] ? __pfx_gfs2_fill_super+0x10/0x10 [ 175.283892][ T6733] ? sb_set_blocksize+0x104/0x180 [pid 5868] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./43/binderfs") = 0 [pid 5868] umount2("./43/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./43/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6594560, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 175.283922][ T6733] ? setup_bdev_super+0x4c1/0x5b0 [ 175.283951][ T6733] get_tree_bdev_flags+0x40b/0x4d0 [ 175.283979][ T6733] ? __pfx_gfs2_fill_super+0x10/0x10 [ 175.284005][ T6733] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 175.284036][ T6733] gfs2_get_tree+0x51/0x1e0 [ 175.284064][ T6733] vfs_get_tree+0x8f/0x2b0 [ 175.284092][ T6733] do_new_mount+0x2a2/0xa30 [ 175.284123][ T6733] ? ns_capable+0x8a/0xf0 [ 175.284141][ T6733] ? __pfx_do_new_mount+0x10/0x10 [ 175.284170][ T6733] ? path_mount+0x61c/0xfe0 [ 175.284197][ T6733] ? user_path_at+0x44/0x60 [ 175.284225][ T6733] __se_sys_mount+0x317/0x410 [ 175.284266][ T6733] ? __pfx___se_sys_mount+0x10/0x10 [ 175.284297][ T6733] ? rcu_is_watching+0x15/0xb0 [ 175.284321][ T6733] ? __x64_sys_mount+0x20/0xc0 [ 175.284356][ T6733] do_syscall_64+0xfa/0x3b0 [ 175.284377][ T6733] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.284398][ T6733] ? clear_bhb_loop+0x60/0xb0 [ 175.284421][ T6733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.284441][ T6733] RIP: 0033:0x7fb47156b94a [ 175.284466][ T6733] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 175.284484][ T6733] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 175.284508][ T6733] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 175.284523][ T6733] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 175.284537][ T6733] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 5868] unlink("./43/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./43") = 0 [pid 5868] mkdir("./44", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [ 175.284552][ T6733] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 175.284566][ T6733] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 175.284587][ T6733] [ 175.284629][ T6733] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6746 attached , child_tidptr=0x55558d547750) = 6746 [pid 6746] set_robust_list(0x55558d547760, 24) = 0 [pid 6746] chdir("./44") = 0 [pid 6746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6746] setpgid(0, 0) = 0 [pid 6746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6746] write(3, "1000", 4) = 4 [pid 6746] close(3) = 0 [pid 6746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6746] write(1, "executing program\n", 18) = 18 [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6746] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6747]}, 88) = 6747 [pid 6746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6746] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6726] <... close resumed>) = 0 ./strace-static-x86_64: Process 6747 attached [pid 6726] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... rseq resumed>) = 0 [pid 6726] openat(AT_FDCWD, ".", O_RDONLY [pid 6747] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6726] <... openat resumed>) = 3 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], [pid 6733] <... mount resumed>) = -1 EEXIST (File exists) [pid 6726] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] memfd_create("syzkaller", 0 [pid 6733] <... openat resumed>) = 3 [pid 6726] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6725] <... futex resumed>) = 0 [pid 6747] <... memfd_create resumed>) = 3 [pid 6747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6733] ioctl(3, LOOP_CLR_FD [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... mmap resumed>) = 0x7fb469000000 [pid 6733] <... ioctl resumed>) = 0 [pid 6733] close(3) = 0 [pid 6733] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6733] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 0 [pid 6731] <... futex resumed>) = 1 [pid 6733] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6733] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6731] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 0 [pid 6731] <... futex resumed>) = 1 [pid 6733] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... ioctl resumed>) = 0 [pid 6726] <... ioctl resumed>) = 0 [pid 6733] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6733] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6731] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6725] <... futex resumed>) = 0 [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6726] <... openat resumed>) = 4 [pid 6733] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6733] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6731] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6725] <... futex resumed>) = 0 [pid 6733] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6731] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 175.670981][ T6733] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6725] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] <... write resumed>) = 16777216 [pid 6731] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6737] munmap(0x7fb469000000, 138412032) = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6737] close(3) = 0 [pid 6737] close(4) = 0 [pid 6737] mkdir("./file0", 0777) = 0 [ 175.902666][ T6737] loop0: detected capacity change from 0 to 32768 [ 175.955583][ T6737] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 175.964548][ T6737] CPU: 1 UID: 0 PID: 6737 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 175.964580][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 175.964593][ T6737] Call Trace: [ 175.964602][ T6737] [ 175.964611][ T6737] dump_stack_lvl+0x189/0x250 [ 175.964644][ T6737] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.964670][ T6737] ? __pfx__printk+0x10/0x10 [ 175.964696][ T6737] ? kernfs_root+0x1c/0x230 [ 175.964723][ T6737] ? kernfs_path_from_node+0x250/0x290 [ 175.964745][ T6737] ? kernfs_path_from_node+0x2f/0x290 [ 175.964770][ T6737] sysfs_create_dir_ns+0x259/0x280 [ 175.964793][ T6737] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 175.964816][ T6737] ? do_raw_spin_unlock+0x122/0x240 [ 175.964845][ T6737] kobject_add_internal+0x59f/0xb40 [ 175.964877][ T6737] kobject_init_and_add+0x125/0x190 [ 175.964903][ T6737] ? __pfx_kobject_init_and_add+0x10/0x10 [ 175.964927][ T6737] ? __raw_spin_lock_init+0x45/0x100 [ 175.964952][ T6737] ? __init_swait_queue_head+0xa9/0x150 [ 175.964979][ T6737] gfs2_sys_fs_add+0x234/0x450 [ 175.965001][ T6737] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 175.965025][ T6737] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 175.965060][ T6737] gfs2_fill_super+0x13c0/0x20d0 [ 175.965095][ T6737] ? __pfx_gfs2_fill_super+0x10/0x10 [ 175.965124][ T6737] ? sb_set_blocksize+0x104/0x180 [ 175.965160][ T6737] ? setup_bdev_super+0x4c1/0x5b0 [ 175.965190][ T6737] get_tree_bdev_flags+0x40b/0x4d0 [ 175.965218][ T6737] ? __pfx_gfs2_fill_super+0x10/0x10 [ 175.965245][ T6737] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 175.965279][ T6737] gfs2_get_tree+0x51/0x1e0 [ 175.965306][ T6737] vfs_get_tree+0x8f/0x2b0 [ 175.965336][ T6737] do_new_mount+0x2a2/0xa30 [ 175.965369][ T6737] ? ns_capable+0x8a/0xf0 [ 175.965388][ T6737] ? __pfx_do_new_mount+0x10/0x10 [ 175.965418][ T6737] ? path_mount+0x61c/0xfe0 [ 175.965446][ T6737] ? user_path_at+0x44/0x60 [ 175.965475][ T6737] __se_sys_mount+0x317/0x410 [ 175.965508][ T6737] ? __pfx___se_sys_mount+0x10/0x10 [ 175.965539][ T6737] ? rcu_is_watching+0x15/0xb0 [ 175.965562][ T6737] ? __x64_sys_mount+0x20/0xc0 [ 175.965594][ T6737] do_syscall_64+0xfa/0x3b0 [ 175.965615][ T6737] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.965636][ T6737] ? clear_bhb_loop+0x60/0xb0 [ 175.965660][ T6737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.965680][ T6737] RIP: 0033:0x7fb47156b94a [ 175.965697][ T6737] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 175.965716][ T6737] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 175.965738][ T6737] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 175.965755][ T6737] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 175.965770][ T6737] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 175.965785][ T6737] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6737] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6731] exit_group(0) = ? [pid 6725] exit_group(0) = ? [pid 6733] <... write resumed>) = ? [pid 6726] <... write resumed>) = ? [pid 6726] +++ exited with 0 +++ [pid 6725] +++ exited with 0 +++ [pid 6747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6733] +++ exited with 0 +++ [pid 6731] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6725, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=92 /* 0.92 s */} --- [pid 5870] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./42/file0") = 0 [pid 5870] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./42/binderfs") = 0 [pid 5870] umount2("./42/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./42/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6033408, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 175.965798][ T6737] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 175.965820][ T6737] [ 176.272408][ T6737] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 176.287142][ T6737] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] unlink("./42/cpuset.effective_mems") = 0 [pid 6737] <... mount resumed>) = -1 EEXIST (File exists) [pid 6737] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] getdents64(3, [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6731, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=73 /* 0.73 s */} --- [pid 6737] <... openat resumed>) = 3 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6737] ioctl(3, LOOP_CLR_FD [pid 5870] close(3 [pid 6737] <... ioctl resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 6737] close(3 [pid 6747] <... write resumed>) = 16777216 [pid 5870] rmdir("./42" [pid 5869] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6747] munmap(0x7fb469000000, 138412032) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6747] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] mkdir("./43", 0777 [pid 5869] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6747] close(3) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6747] close(4) = 0 [pid 6747] mkdir("./file0", 0777) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6747] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 176.435086][ T6747] loop1: detected capacity change from 0 to 32768 [ 176.453953][ T6747] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 176.461455][ T6747] CPU: 1 UID: 0 PID: 6747 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 176.461484][ T6747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 176.461498][ T6747] Call Trace: [ 176.461507][ T6747] [ 176.461516][ T6747] dump_stack_lvl+0x189/0x250 [ 176.461548][ T6747] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.461573][ T6747] ? __pfx__printk+0x10/0x10 [ 176.461600][ T6747] ? kernfs_root+0x1c/0x230 [ 176.461626][ T6747] ? kernfs_path_from_node+0x250/0x290 [ 176.461648][ T6747] ? kernfs_path_from_node+0x2f/0x290 [ 176.461672][ T6747] sysfs_create_dir_ns+0x259/0x280 [ 176.461695][ T6747] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 176.461717][ T6747] ? do_raw_spin_unlock+0x122/0x240 [ 176.461744][ T6747] kobject_add_internal+0x59f/0xb40 [ 176.461773][ T6747] kobject_init_and_add+0x125/0x190 [ 176.461798][ T6747] ? __pfx_kobject_init_and_add+0x10/0x10 [ 176.461820][ T6747] ? __raw_spin_lock_init+0x45/0x100 [ 176.461846][ T6747] ? __init_swait_queue_head+0xa9/0x150 [ 176.461872][ T6747] gfs2_sys_fs_add+0x234/0x450 [ 176.461894][ T6747] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 176.461919][ T6747] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 176.461954][ T6747] gfs2_fill_super+0x13c0/0x20d0 [pid 6737] <... close resumed>) = 0 [pid 5869] getdents64(3, [pid 6737] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6737] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6737] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6736] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6736] <... futex resumed>) = 0 [pid 5870] close(3 [pid 5869] newfstatat(AT_FDCWD, "./41/file0", [pid 6737] openat(AT_FDCWD, ".", O_RDONLY [pid 6736] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 6737] <... openat resumed>) = 3 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6737] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6736] <... futex resumed>) = 0 [pid 5869] umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6737] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6736] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6736] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6736] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./41/file0") = 0 [pid 5869] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./41/binderfs") = 0 [pid 5869] umount2("./41/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./41/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5394432, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./41/cpuset.effective_mems"./strace-static-x86_64: Process 6752 attached [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6752 [pid 6752] set_robust_list(0x55558d547760, 24) = 0 [pid 6752] chdir("./43") = 0 [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6752] setpgid(0, 0) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6752] write(3, "1000", 4) = 4 [pid 6752] close(3) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6752] write(1, "executing program\n", 18) = 18 [pid 6752] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.461988][ T6747] ? __pfx_gfs2_fill_super+0x10/0x10 [ 176.462017][ T6747] ? sb_set_blocksize+0x104/0x180 [ 176.462047][ T6747] ? setup_bdev_super+0x4c1/0x5b0 [ 176.462076][ T6747] get_tree_bdev_flags+0x40b/0x4d0 [ 176.462105][ T6747] ? __pfx_gfs2_fill_super+0x10/0x10 [ 176.462131][ T6747] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 176.462164][ T6747] gfs2_get_tree+0x51/0x1e0 [ 176.462192][ T6747] vfs_get_tree+0x8f/0x2b0 [ 176.462220][ T6747] do_new_mount+0x2a2/0xa30 [pid 6752] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6752] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6753 attached => {parent_tid=[6753]}, 88) = 6753 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6753] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6736] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6736] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6736] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] memfd_create("syzkaller", 0 [pid 6736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6754]}, 88) = 6754 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6736] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6754 attached [pid 6753] <... memfd_create resumed>) = 3 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6754] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [ 176.462252][ T6747] ? ns_capable+0x8a/0xf0 [ 176.462272][ T6747] ? __pfx_do_new_mount+0x10/0x10 [ 176.462301][ T6747] ? path_mount+0x61c/0xfe0 [ 176.462340][ T6747] ? user_path_at+0x44/0x60 [ 176.462367][ T6747] __se_sys_mount+0x317/0x410 [ 176.462402][ T6747] ? __pfx___se_sys_mount+0x10/0x10 [ 176.462431][ T6747] ? rcu_is_watching+0x15/0xb0 [ 176.462454][ T6747] ? __x64_sys_mount+0x20/0xc0 [ 176.462486][ T6747] do_syscall_64+0xfa/0x3b0 [ 176.462509][ T6747] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6754] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] <... unlink resumed>) = 0 [pid 6736] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6736] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6736] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6755]}, 88) = 6755 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6736] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(3, ./strace-static-x86_64: Process 6755 attached 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6755] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 5869] <... close resumed>) = 0 [ 176.462529][ T6747] ? clear_bhb_loop+0x60/0xb0 [ 176.462552][ T6747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.462572][ T6747] RIP: 0033:0x7fb47156b94a [ 176.462590][ T6747] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 176.462609][ T6747] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 6755] <... rseq resumed>) = 0 [pid 5869] rmdir("./41" [pid 6755] set_robust_list(0x7fb4714d49a0, 24 [pid 5869] <... rmdir resumed>) = 0 [pid 6755] <... set_robust_list resumed>) = 0 [pid 5869] mkdir("./42", 0777 [pid 6755] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... mkdir resumed>) = 0 [pid 6755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6755] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] <... openat resumed>) = 3 [pid 6755] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6755] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6755] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6755] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6756 ./strace-static-x86_64: Process 6756 attached [pid 6756] set_robust_list(0x55558d547760, 24) = 0 [pid 6756] chdir("./42") = 0 [pid 6756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6756] setpgid(0, 0) = 0 [pid 6756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6756] write(3, "1000", 4) = 4 [pid 6756] close(3) = 0 [pid 6756] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6756] write(1, "executing program\n", 18) = 18 [pid 6756] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.462631][ T6747] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 176.462646][ T6747] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 176.462661][ T6747] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 176.462676][ T6747] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 176.462689][ T6747] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 176.462711][ T6747] [pid 6756] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6756] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6756] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6757 attached => {parent_tid=[6757]}, 88) = 6757 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6757] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6756] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... rseq resumed>) = 0 [pid 6756] <... futex resumed>) = 0 [pid 6757] set_robust_list(0x7fb4715169a0, 24 [pid 6756] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6757] <... set_robust_list resumed>) = 0 [pid 6757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6754] <... openat resumed>) = 4 [pid 6737] <... ioctl resumed>) = 0 [pid 6754] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6757] memfd_create("syzkaller", 0 [pid 6747] <... mount resumed>) = -1 EEXIST (File exists) [pid 6747] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6757] <... memfd_create resumed>) = 3 [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6737] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] exit_group(0 [pid 6755] <... futex resumed>) = ? [pid 6754] <... futex resumed>) = ? [pid 6736] <... exit_group resumed>) = ? [pid 6755] +++ exited with 0 +++ [pid 6754] +++ exited with 0 +++ [pid 6737] <... futex resumed>) = ? [pid 6737] +++ exited with 0 +++ [pid 6736] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6736, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=34 /* 0.34 s */} --- [pid 6747] ioctl(3, LOOP_CLR_FD [pid 5867] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", [pid 6747] <... ioctl resumed>) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6747] close(3 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./43/file0") = 0 [pid 5867] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 176.462732][ T6747] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 176.794005][ T6747] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] unlink("./43/binderfs") = 0 [pid 5867] umount2("./43/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./43/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./43/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./43") = 0 [pid 5867] mkdir("./44", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6758 attached [pid 6758] set_robust_list(0x55558d547760, 24 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6758 [pid 6758] <... set_robust_list resumed>) = 0 [pid 6758] chdir("./44") = 0 [pid 6758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6758] setpgid(0, 0) = 0 [pid 6758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6758] write(3, "1000", 4) = 4 [pid 6758] close(3) = 0 [pid 6758] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6758] write(1, "executing program\n", 18) = 18 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6758] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6759]}, 88) = 6759 [pid 6758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6758] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6759 attached [pid 6747] <... close resumed>) = 0 [pid 6759] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6747] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... rseq resumed>) = 0 [pid 6747] <... futex resumed>) = 1 [pid 6759] set_robust_list(0x7fb4715169a0, 24 [pid 6746] <... futex resumed>) = 0 [pid 6759] <... set_robust_list resumed>) = 0 [pid 6747] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] rt_sigprocmask(SIG_SETMASK, [], [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6746] <... futex resumed>) = 0 [pid 6759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] openat(AT_FDCWD, ".", O_RDONLY [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] memfd_create("syzkaller", 0) = 3 [pid 6747] <... openat resumed>) = 3 [pid 6759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6747] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6747] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6746] <... futex resumed>) = 0 [pid 6747] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... ioctl resumed>) = 0 [pid 6747] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6747] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6746] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] <... openat resumed>) = 4 [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6747] <... futex resumed>) = 0 [pid 6746] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6746] exit_group(0 [pid 6747] <... write resumed>) = ? [pid 6746] <... exit_group resumed>) = ? [pid 6747] +++ exited with 0 +++ [pid 6746] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6746, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=72 /* 0.72 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./44/file0") = 0 [pid 5868] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./44/binderfs") = 0 [pid 5868] umount2("./44/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./44/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6479808, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./44/cpuset.effective_mems" [pid 6757] <... write resumed>) = 16777216 [pid 6753] <... write resumed>) = 16777216 [pid 6757] munmap(0x7fb469000000, 138412032 [pid 6753] munmap(0x7fb469000000, 138412032 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./44") = 0 [pid 5868] mkdir("./45", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6760 ./strace-static-x86_64: Process 6760 attached [pid 6760] set_robust_list(0x55558d547760, 24) = 0 [pid 6760] chdir("./45") = 0 [pid 6760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6760] setpgid(0, 0) = 0 [pid 6760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6760] write(3, "1000", 4) = 4 [pid 6760] close(3) = 0 [pid 6760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6760] write(1, "executing program\n", 18executing program ) = 18 [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6760] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6761]}, 88) = 6761 [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6761 attached [pid 6760] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... write resumed>) = 16777216 [pid 6757] <... munmap resumed>) = 0 [pid 6753] <... munmap resumed>) = 0 [pid 6761] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6760] <... futex resumed>) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6759] munmap(0x7fb469000000, 138412032 [pid 6757] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6761] <... rseq resumed>) = 0 [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6761] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6761] memfd_create("syzkaller", 0) = 3 [pid 6757] <... openat resumed>) = 4 [pid 6753] <... openat resumed>) = 4 [pid 6757] ioctl(4, LOOP_SET_FD, 3 [pid 6753] ioctl(4, LOOP_SET_FD, 3 [pid 6761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6753] <... ioctl resumed>) = 0 [pid 6753] close(3 [pid 6757] <... ioctl resumed>) = 0 [ 177.429799][ T6753] loop3: detected capacity change from 0 to 32768 [ 177.436618][ T6757] loop2: detected capacity change from 0 to 32768 [pid 6759] <... munmap resumed>) = 0 [pid 6753] <... close resumed>) = 0 [pid 6757] close(3 [pid 6759] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6757] <... close resumed>) = 0 [pid 6753] close(4 [pid 6757] close(4 [pid 6753] <... close resumed>) = 0 [pid 6757] <... close resumed>) = 0 [pid 6753] mkdir("./file0", 0777 [pid 6759] <... openat resumed>) = 4 [pid 6757] mkdir("./file0", 0777 [pid 6753] <... mkdir resumed>) = 0 [pid 6759] ioctl(4, LOOP_SET_FD, 3 [pid 6757] <... mkdir resumed>) = 0 [pid 6753] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6757] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6759] <... ioctl resumed>) = 0 [pid 6759] close(3) = 0 [pid 6759] close(4) = 0 [pid 6759] mkdir("./file0", 0777) = 0 [ 177.498805][ T6759] loop0: detected capacity change from 0 to 32768 [ 177.548399][ T6757] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 177.560943][ T6757] CPU: 1 UID: 0 PID: 6757 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 177.560974][ T6757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 177.560987][ T6757] Call Trace: [ 177.560994][ T6757] [ 177.561004][ T6757] dump_stack_lvl+0x189/0x250 [ 177.561034][ T6757] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.561059][ T6757] ? __pfx__printk+0x10/0x10 [ 177.561085][ T6757] ? kernfs_root+0x1c/0x230 [ 177.561109][ T6757] ? kernfs_path_from_node+0x250/0x290 [ 177.561130][ T6757] ? kernfs_path_from_node+0x2f/0x290 [ 177.561153][ T6757] sysfs_create_dir_ns+0x259/0x280 [ 177.561176][ T6757] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 177.561197][ T6757] ? do_raw_spin_unlock+0x122/0x240 [ 177.561224][ T6757] kobject_add_internal+0x59f/0xb40 [ 177.561260][ T6757] kobject_init_and_add+0x125/0x190 [ 177.561284][ T6757] ? __pfx_kobject_init_and_add+0x10/0x10 [ 177.561307][ T6757] ? __raw_spin_lock_init+0x45/0x100 [ 177.561332][ T6757] ? __init_swait_queue_head+0xa9/0x150 [ 177.561358][ T6757] gfs2_sys_fs_add+0x234/0x450 [ 177.561380][ T6757] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 177.561402][ T6757] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 177.561435][ T6757] gfs2_fill_super+0x13c0/0x20d0 [ 177.561468][ T6757] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.561494][ T6757] ? sb_set_blocksize+0x104/0x180 [pid 6759] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 177.561523][ T6757] ? setup_bdev_super+0x4c1/0x5b0 [ 177.561551][ T6757] get_tree_bdev_flags+0x40b/0x4d0 [ 177.561579][ T6757] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.561605][ T6757] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 177.561638][ T6757] gfs2_get_tree+0x51/0x1e0 [ 177.561665][ T6757] vfs_get_tree+0x8f/0x2b0 [ 177.561693][ T6757] do_new_mount+0x2a2/0xa30 [ 177.561726][ T6757] ? ns_capable+0x8a/0xf0 [ 177.561746][ T6757] ? __pfx_do_new_mount+0x10/0x10 [ 177.561775][ T6757] ? path_mount+0x61c/0xfe0 [ 177.561802][ T6757] ? user_path_at+0x44/0x60 [ 177.561829][ T6757] __se_sys_mount+0x317/0x410 [ 177.561862][ T6757] ? __pfx___se_sys_mount+0x10/0x10 [ 177.561892][ T6757] ? rcu_is_watching+0x15/0xb0 [ 177.561915][ T6757] ? __x64_sys_mount+0x20/0xc0 [ 177.561952][ T6757] do_syscall_64+0xfa/0x3b0 [ 177.561974][ T6757] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.561995][ T6757] ? clear_bhb_loop+0x60/0xb0 [ 177.562018][ T6757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.562038][ T6757] RIP: 0033:0x7fb47156b94a [ 177.562057][ T6757] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 177.562076][ T6757] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 177.562100][ T6757] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 177.562116][ T6757] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 177.562131][ T6757] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 177.562147][ T6757] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 177.562161][ T6757] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 177.562183][ T6757] [ 177.562761][ T6757] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 177.616353][ T6753] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 177.616540][ T6757] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6757] <... mount resumed>) = -1 EEXIST (File exists) [pid 6753] <... mount resumed>) = -1 EEXIST (File exists) [pid 6761] munmap(0x7fb469000000, 138412032 [pid 6757] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6753] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6757] <... openat resumed>) = 3 [pid 6753] <... openat resumed>) = 3 [pid 6753] ioctl(3, LOOP_CLR_FD [pid 6757] ioctl(3, LOOP_CLR_FD [pid 6753] <... ioctl resumed>) = 0 [pid 6757] <... ioctl resumed>) = 0 [pid 6753] close(3 [ 177.625555][ T6753] CPU: 0 UID: 0 PID: 6753 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 177.625589][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 177.625606][ T6753] Call Trace: [ 177.625615][ T6753] [ 177.625625][ T6753] dump_stack_lvl+0x189/0x250 [ 177.625660][ T6753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.625687][ T6753] ? __pfx__printk+0x10/0x10 [ 177.625716][ T6753] ? kernfs_root+0x1c/0x230 [ 177.625745][ T6753] ? kernfs_path_from_node+0x250/0x290 [ 177.625769][ T6753] ? kernfs_path_from_node+0x2f/0x290 [ 177.625797][ T6753] sysfs_create_dir_ns+0x259/0x280 [ 177.625822][ T6753] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 177.625846][ T6753] ? do_raw_spin_unlock+0x122/0x240 [ 177.625877][ T6753] kobject_add_internal+0x59f/0xb40 [ 177.625908][ T6753] kobject_init_and_add+0x125/0x190 [ 177.625937][ T6753] ? __pfx_kobject_init_and_add+0x10/0x10 [ 177.625961][ T6753] ? __raw_spin_lock_init+0x45/0x100 [ 177.626000][ T6753] ? __init_swait_queue_head+0xa9/0x150 [ 177.626029][ T6753] gfs2_sys_fs_add+0x234/0x450 [ 177.626053][ T6753] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 177.626079][ T6753] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 177.626117][ T6753] gfs2_fill_super+0x13c0/0x20d0 [ 177.626155][ T6753] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.626186][ T6753] ? sb_set_blocksize+0x104/0x180 [ 177.626219][ T6753] ? setup_bdev_super+0x4c1/0x5b0 [ 177.626251][ T6753] get_tree_bdev_flags+0x40b/0x4d0 [ 177.626283][ T6753] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.626311][ T6753] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 177.626347][ T6753] gfs2_get_tree+0x51/0x1e0 [ 177.626376][ T6753] vfs_get_tree+0x8f/0x2b0 [ 177.626408][ T6753] do_new_mount+0x2a2/0xa30 [ 177.626443][ T6753] ? ns_capable+0x8a/0xf0 [ 177.626463][ T6753] ? __pfx_do_new_mount+0x10/0x10 [ 177.626495][ T6753] ? path_mount+0x61c/0xfe0 [ 177.626526][ T6753] ? user_path_at+0x44/0x60 [ 177.626555][ T6753] __se_sys_mount+0x317/0x410 [ 177.626592][ T6753] ? __pfx___se_sys_mount+0x10/0x10 [ 177.626623][ T6753] ? rcu_is_watching+0x15/0xb0 [ 177.626649][ T6753] ? __x64_sys_mount+0x20/0xc0 [pid 6757] close(3 [pid 6761] <... munmap resumed>) = 0 [pid 6761] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 177.626683][ T6753] do_syscall_64+0xfa/0x3b0 [ 177.626708][ T6753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.626729][ T6753] ? clear_bhb_loop+0x60/0xb0 [ 177.626755][ T6753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.626777][ T6753] RIP: 0033:0x7fb47156b94a [ 177.626797][ T6753] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 177.626817][ T6753] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 177.626841][ T6753] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 177.626859][ T6753] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 177.626876][ T6753] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 177.626892][ T6753] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 177.626908][ T6753] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 177.626931][ T6753] [ 177.626954][ T6753] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 177.865346][ T6759] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 177.865946][ T6753] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 177.891611][ T6759] CPU: 1 UID: 0 PID: 6759 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 177.891651][ T6759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 177.891666][ T6759] Call Trace: [pid 6761] ioctl(4, LOOP_SET_FD, 3 [pid 6753] <... close resumed>) = 0 [pid 6753] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6752] <... futex resumed>) = 1 [pid 6753] openat(AT_FDCWD, ".", O_RDONLY [pid 6752] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... openat resumed>) = 3 [pid 6753] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6753] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6752] <... futex resumed>) = 0 [pid 6753] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6752] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... close resumed>) = 0 [pid 6757] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 1 [pid 6757] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6757] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6757] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6756] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 1 [pid 6757] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6756] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6761] <... ioctl resumed>) = 0 [pid 6761] close(3) = 0 [pid 6761] close(4) = 0 [pid 6761] mkdir("./file0", 0777) = 0 [ 177.891676][ T6759] [ 177.891688][ T6759] dump_stack_lvl+0x189/0x250 [ 177.891724][ T6759] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.891752][ T6759] ? __pfx__printk+0x10/0x10 [ 177.891784][ T6759] ? kernfs_root+0x1c/0x230 [ 177.891815][ T6759] ? kernfs_path_from_node+0x250/0x290 [ 177.891840][ T6759] ? kernfs_path_from_node+0x2f/0x290 [ 177.891870][ T6759] sysfs_create_dir_ns+0x259/0x280 [ 177.891896][ T6759] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [pid 6761] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6752] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6768]}, 88) = 6768 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 177.891922][ T6759] ? do_raw_spin_unlock+0x122/0x240 [ 177.891953][ T6759] kobject_add_internal+0x59f/0xb40 [ 177.891986][ T6759] kobject_init_and_add+0x125/0x190 [ 177.892015][ T6759] ? __pfx_kobject_init_and_add+0x10/0x10 [ 177.892041][ T6759] ? __raw_spin_lock_init+0x45/0x100 [ 177.892071][ T6759] ? __init_swait_queue_head+0xa9/0x150 [ 177.892100][ T6759] gfs2_sys_fs_add+0x234/0x450 [ 177.892126][ T6759] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 177.892153][ T6759] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 6756] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6756] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6770 attached [pid 6770] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6756] <... clone3 resumed> => {parent_tid=[6770]}, 88) = 6770 [pid 6770] <... rseq resumed>) = 0 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6770] set_robust_list(0x7fb4714f59a0, 24 [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] <... set_robust_list resumed>) = 0 [pid 6756] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], [pid 6756] <... futex resumed>) = 0 [pid 6770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6756] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6752] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6771]}, 88) = 6771 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6768 attached ./strace-static-x86_64: Process 6771 attached [pid 6768] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6771] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6768] <... rseq resumed>) = 0 [pid 6771] <... rseq resumed>) = 0 [pid 6768] set_robust_list(0x7fb4714f59a0, 24 [pid 6771] set_robust_list(0x7fb4714d49a0, 24 [pid 6768] <... set_robust_list resumed>) = 0 [pid 6771] <... set_robust_list resumed>) = 0 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6771] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6771] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6771] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [ 177.892191][ T6759] gfs2_fill_super+0x13c0/0x20d0 [ 177.892238][ T6759] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.892271][ T6759] ? sb_set_blocksize+0x104/0x180 [ 177.892305][ T6759] ? setup_bdev_super+0x4c1/0x5b0 [ 177.892340][ T6759] get_tree_bdev_flags+0x40b/0x4d0 [ 177.892371][ T6759] ? __pfx_gfs2_fill_super+0x10/0x10 [ 177.892400][ T6759] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 177.892437][ T6759] gfs2_get_tree+0x51/0x1e0 [ 177.892469][ T6759] vfs_get_tree+0x8f/0x2b0 [ 177.892501][ T6759] do_new_mount+0x2a2/0xa30 [pid 6771] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] <... mount resumed>) = -1 EEXIST (File exists) [pid 6759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6759] ioctl(3, LOOP_CLR_FD [pid 6756] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6759] <... ioctl resumed>) = 0 [pid 6756] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] close(3 [pid 6756] <... futex resumed>) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6756] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6773]}, 88) = 6773 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6756] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 177.892538][ T6759] ? ns_capable+0x8a/0xf0 [ 177.892560][ T6759] ? __pfx_do_new_mount+0x10/0x10 [ 177.892594][ T6759] ? path_mount+0x61c/0xfe0 [ 177.892624][ T6759] ? user_path_at+0x44/0x60 [ 177.892657][ T6759] __se_sys_mount+0x317/0x410 [ 177.892694][ T6759] ? __pfx___se_sys_mount+0x10/0x10 [ 177.892728][ T6759] ? rcu_is_watching+0x15/0xb0 [ 177.892754][ T6759] ? __x64_sys_mount+0x20/0xc0 [ 177.892788][ T6759] do_syscall_64+0xfa/0x3b0 [ 177.892813][ T6759] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6756] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 177.892837][ T6759] ? clear_bhb_loop+0x60/0xb0 [ 177.892863][ T6759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.892885][ T6759] RIP: 0033:0x7fb47156b94a [ 177.892907][ T6759] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 177.892927][ T6759] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 177.892953][ T6759] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 177.892970][ T6759] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 177.892988][ T6759] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 177.893006][ T6759] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 177.893022][ T6759] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 177.893047][ T6759] [ 177.893074][ T6759] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6759] <... close resumed>) = 0 ./strace-static-x86_64: Process 6773 attached [pid 6759] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6773] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6773] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6773] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 178.138030][ T6761] loop1: detected capacity change from 0 to 32768 [ 178.154415][ T6759] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 178.400804][ T6761] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 178.574595][ T6761] CPU: 1 UID: 0 PID: 6761 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 178.574626][ T6761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 178.574640][ T6761] Call Trace: [ 178.574648][ T6761] [ 178.574657][ T6761] dump_stack_lvl+0x189/0x250 [ 178.574688][ T6761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.574713][ T6761] ? __pfx__printk+0x10/0x10 [ 178.574740][ T6761] ? kernfs_root+0x1c/0x230 [ 178.574765][ T6761] ? kernfs_path_from_node+0x250/0x290 [ 178.574787][ T6761] ? kernfs_path_from_node+0x2f/0x290 [ 178.574812][ T6761] sysfs_create_dir_ns+0x259/0x280 [ 178.574835][ T6761] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 178.574857][ T6761] ? do_raw_spin_unlock+0x122/0x240 [ 178.574894][ T6761] kobject_add_internal+0x59f/0xb40 [ 178.574923][ T6761] kobject_init_and_add+0x125/0x190 [ 178.574948][ T6761] ? __pfx_kobject_init_and_add+0x10/0x10 [ 178.574971][ T6761] ? __raw_spin_lock_init+0x45/0x100 [ 178.574997][ T6761] ? __init_swait_queue_head+0xa9/0x150 [ 178.575022][ T6761] gfs2_sys_fs_add+0x234/0x450 [ 178.575044][ T6761] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 178.575068][ T6761] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 178.575101][ T6761] gfs2_fill_super+0x13c0/0x20d0 [ 178.575136][ T6761] ? __pfx_gfs2_fill_super+0x10/0x10 [ 178.575168][ T6761] ? sb_set_blocksize+0x104/0x180 [ 178.575198][ T6761] ? setup_bdev_super+0x4c1/0x5b0 [ 178.575225][ T6761] get_tree_bdev_flags+0x40b/0x4d0 [ 178.575251][ T6761] ? __pfx_gfs2_fill_super+0x10/0x10 [ 178.575276][ T6761] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 178.575306][ T6761] gfs2_get_tree+0x51/0x1e0 [ 178.575331][ T6761] vfs_get_tree+0x8f/0x2b0 [ 178.575358][ T6761] do_new_mount+0x2a2/0xa30 [ 178.575388][ T6761] ? ns_capable+0x8a/0xf0 [ 178.575406][ T6761] ? __pfx_do_new_mount+0x10/0x10 [ 178.575435][ T6761] ? path_mount+0x61c/0xfe0 [ 178.575462][ T6761] ? user_path_at+0x44/0x60 [ 178.575488][ T6761] __se_sys_mount+0x317/0x410 [ 178.575533][ T6761] ? __pfx___se_sys_mount+0x10/0x10 [ 178.575561][ T6761] ? rcu_is_watching+0x15/0xb0 [ 178.575584][ T6761] ? __x64_sys_mount+0x20/0xc0 [ 178.575614][ T6761] do_syscall_64+0xfa/0x3b0 [ 178.575634][ T6761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.575671][ T6761] ? clear_bhb_loop+0x60/0xb0 [ 178.575694][ T6761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.575715][ T6761] RIP: 0033:0x7fb47156b94a [ 178.575732][ T6761] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 178.575750][ T6761] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 178.575771][ T6761] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 178.575787][ T6761] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 6773] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 0 [pid 6759] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6759] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... ioctl resumed>) = 0 [pid 6753] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] <... openat resumed>) = 4 [pid 6768] <... openat resumed>) = 4 [pid 6758] <... futex resumed>) = 0 [pid 6757] <... ioctl resumed>) = 0 [pid 6770] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... mount resumed>) = -1 EEXIST (File exists) [pid 6758] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6768] <... futex resumed>) = 0 [pid 6759] <... futex resumed>) = 0 [pid 6757] <... futex resumed>) = 0 [pid 6759] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6770] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] <... futex resumed>) = 1 [pid 6761] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6759] <... ioctl resumed>) = 0 [pid 6757] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] <... openat resumed>) = 3 [pid 6759] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] exit_group(0 [pid 6752] exit_group(0 [pid 6773] <... futex resumed>) = ? [pid 6771] <... futex resumed>) = ? [pid 6768] <... futex resumed>) = ? [pid 6761] ioctl(3, LOOP_CLR_FD [pid 6759] <... futex resumed>) = 0 [pid 6758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] <... futex resumed>) = ? [pid 6752] <... exit_group resumed>) = ? [pid 6773] +++ exited with 0 +++ [pid 6771] +++ exited with 0 +++ [pid 6770] <... futex resumed>) = ? [pid 6768] +++ exited with 0 +++ [pid 6761] <... ioctl resumed>) = 0 [pid 6759] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = ? [pid 6756] <... exit_group resumed>) = ? [pid 6753] +++ exited with 0 +++ [pid 6761] close(3 [pid 6759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] <... futex resumed>) = 0 [pid 6757] +++ exited with 0 +++ [pid 6770] +++ exited with 0 +++ [pid 6756] +++ exited with 0 +++ [pid 6752] +++ exited with 0 +++ [ 178.575802][ T6761] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 178.575816][ T6761] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 178.575830][ T6761] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 178.575852][ T6761] [ 178.881125][ T6761] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 178.895556][ T6761] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6759] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6756, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=37 /* 0.37 s */} --- [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6752, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=59 /* 0.59 s */} --- [pid 6759] <... openat resumed>) = 4 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6759] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 6759] <... futex resumed>) = 1 [pid 6758] <... futex resumed>) = 0 [pid 6759] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] <... futex resumed>) = 0 [pid 6759] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6758] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 5870] getdents64(3, [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] newfstatat(AT_FDCWD, "./43/file0", [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 4 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 5869] newfstatat(4, "", [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5870] getdents64(4, [pid 5869] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] getdents64(4, [pid 5870] close(4 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./43/file0" [pid 5869] close(4 [pid 5870] <... rmdir resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5870] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] rmdir("./42/file0" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... rmdir resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5869] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] unlink("./43/binderfs" [pid 5869] newfstatat(AT_FDCWD, "./42/binderfs", [pid 5870] <... unlink resumed>) = 0 [pid 5870] umount2("./43/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] unlink("./42/binderfs" [pid 5870] newfstatat(AT_FDCWD, "./43/cpuset.effective_mems", [pid 5869] <... unlink resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./42/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] unlink("./43/cpuset.effective_mems" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... unlink resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./42/cpuset.effective_mems", [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] close(3 [pid 5869] unlink("./42/cpuset.effective_mems" [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./43" [pid 5869] <... unlink resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5869] getdents64(3, [pid 5870] mkdir("./44", 0777 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5869] rmdir("./42" [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5869] <... rmdir resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] mkdir("./43", 0777 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5870] close(3 [pid 5869] <... mkdir resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 ./strace-static-x86_64: Process 6774 attached [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6774 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6775 attached [pid 6774] set_robust_list(0x55558d547760, 24 [pid 6758] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6775 [pid 6774] <... set_robust_list resumed>) = 0 [pid 6774] chdir("./44" [pid 6775] set_robust_list(0x55558d547760, 24 [pid 6774] <... chdir resumed>) = 0 [pid 6775] <... set_robust_list resumed>) = 0 [pid 6774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6774] setpgid(0, 0) = 0 [pid 6775] chdir("./43") = 0 [pid 6774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6774] <... openat resumed>) = 3 [pid 6775] setpgid(0, 0) = 0 [pid 6775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6774] write(3, "1000", 4 [pid 6775] <... openat resumed>) = 3 [pid 6774] <... write resumed>) = 4 [pid 6775] write(3, "1000", 4 [pid 6774] close(3 [pid 6775] <... write resumed>) = 4 [pid 6774] <... close resumed>) = 0 [pid 6775] close(3 [pid 6774] symlink("/dev/binderfs", "./binderfs" [pid 6775] <... close resumed>) = 0 [pid 6774] <... symlink resumed>) = 0 [pid 6775] symlink("/dev/binderfs", "./binderfs" [pid 6774] write(1, "executing program\n", 18executing program [pid 6775] <... symlink resumed>) = 0 executing program [pid 6774] <... write resumed>) = 18 [pid 6775] write(1, "executing program\n", 18 [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... write resumed>) = 18 [pid 6774] <... futex resumed>) = 0 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6775] <... futex resumed>) = 0 [pid 6774] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6775] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6775] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6774] <... mmap resumed>) = 0x7fb4714f6000 [pid 6775] <... mmap resumed>) = 0x7fb4714f6000 [pid 6774] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6775] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6774] <... mprotect resumed>) = 0 [pid 6775] <... mprotect resumed>) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6775] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6774] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6776 attached [pid 6775] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6774] <... clone3 resumed> => {parent_tid=[6776]}, 88) = 6776 ./strace-static-x86_64: Process 6777 attached [pid 6774] rt_sigprocmask(SIG_SETMASK, [], [pid 6777] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] <... rseq resumed>) = 0 [pid 6774] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6774] <... futex resumed>) = 0 [pid 6777] set_robust_list(0x7fb4715169a0, 24 [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6777] <... set_robust_list resumed>) = 0 [pid 6776] <... rseq resumed>) = 0 [pid 6776] set_robust_list(0x7fb4715169a0, 24 [pid 6775] <... clone3 resumed> => {parent_tid=[6777]}, 88) = 6777 [pid 6776] <... set_robust_list resumed>) = 0 [pid 6775] rt_sigprocmask(SIG_SETMASK, [], [pid 6777] rt_sigprocmask(SIG_SETMASK, [], [pid 6776] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6776] memfd_create("syzkaller", 0 [pid 6775] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6776] <... memfd_create resumed>) = 3 [pid 6777] memfd_create("syzkaller", 0 [pid 6776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6777] <... memfd_create resumed>) = 3 [pid 6776] <... mmap resumed>) = 0x7fb469000000 [pid 6777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6761] <... close resumed>) = 0 [pid 6761] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6761] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6761] openat(AT_FDCWD, ".", O_RDONLY [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6761] <... openat resumed>) = 3 [pid 6761] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6761] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6760] <... futex resumed>) = 0 [pid 6761] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6760] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... ioctl resumed>) = 0 [pid 6760] <... futex resumed>) = 0 [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6761] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] <... mmap resumed>) = 0x7fb4714d5000 [pid 6761] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6778]}, 88) = 6778 [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6778 attached [pid 6760] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... rseq resumed>) = 0 [pid 6778] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6778] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6778] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] <... futex resumed>) = 0 [pid 6761] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... futex resumed>) = 1 [pid 6778] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6760] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6758] exit_group(0) = ? [pid 6759] <... write resumed>) = ? [pid 6759] +++ exited with 0 +++ [pid 6758] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6758, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=97 /* 0.97 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./44/file0") = 0 [pid 5867] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./44/binderfs") = 0 [pid 5867] umount2("./44/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./44/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5328832, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./44/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./44") = 0 [pid 5867] mkdir("./45", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6779 ./strace-static-x86_64: Process 6779 attached [pid 6779] set_robust_list(0x55558d547760, 24) = 0 [pid 6779] chdir("./45") = 0 [pid 6779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6779] setpgid(0, 0) = 0 [pid 6779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6779] write(3, "1000", 4) = 4 [pid 6779] close(3) = 0 [pid 6779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6779] write(1, "executing program\n", 18executing program ) = 18 [pid 6779] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6779] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6780 attached => {parent_tid=[6780]}, 88) = 6780 [pid 6779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6779] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6780] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6780] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6780] memfd_create("syzkaller", 0) = 3 [pid 6780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6760] exit_group(0) = ? [pid 6778] <... futex resumed>) = ? [pid 6778] +++ exited with 0 +++ [pid 6761] <... write resumed>) = ? [pid 6761] +++ exited with 0 +++ [pid 6760] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6760, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=87 /* 0.87 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./45/file0") = 0 [pid 5868] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./45/binderfs") = 0 [pid 5868] umount2("./45/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./45/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=14229504, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./45/cpuset.effective_mems" [pid 6780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6776] <... write resumed>) = 16777216 [pid 6776] munmap(0x7fb469000000, 138412032 [pid 6777] <... write resumed>) = 16777216 [pid 6777] munmap(0x7fb469000000, 138412032 [pid 5868] <... unlink resumed>) = 0 [pid 6776] <... munmap resumed>) = 0 [pid 5868] getdents64(3, [pid 6776] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6776] <... openat resumed>) = 4 [pid 5868] close(3 [pid 6776] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./45") = 0 [pid 5868] mkdir("./46", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6776] <... ioctl resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6776] close(3 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6776] <... close resumed>) = 0 [pid 5868] close(3) = 0 [pid 6776] close(4 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6776] <... close resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6781 ./strace-static-x86_64: Process 6781 attached [pid 6776] mkdir("./file0", 0777 [pid 6781] set_robust_list(0x55558d547760, 24) = 0 [pid 6776] <... mkdir resumed>) = 0 [pid 6781] chdir("./46") = 0 [pid 6776] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6781] setpgid(0, 0) = 0 [pid 6781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6781] write(3, "1000", 4) = 4 [pid 6781] close(3) = 0 [pid 6781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6781] write(1, "executing program\n", 18) = 18 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6781] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6782 attached => {parent_tid=[6782]}, 88) = 6782 [pid 6781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6781] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6782] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6782] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6782] memfd_create("syzkaller", 0) = 3 [pid 6782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 179.747151][ T6776] loop3: detected capacity change from 0 to 32768 [ 179.806436][ T6776] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 179.813878][ T6776] CPU: 0 UID: 0 PID: 6776 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 179.813907][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 179.813921][ T6776] Call Trace: [ 179.813930][ T6776] [ 179.813939][ T6776] dump_stack_lvl+0x189/0x250 [ 179.813978][ T6776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.814004][ T6776] ? __pfx__printk+0x10/0x10 [ 179.814031][ T6776] ? kernfs_root+0x1c/0x230 [ 179.814056][ T6776] ? kernfs_path_from_node+0x250/0x290 [ 179.814078][ T6776] ? kernfs_path_from_node+0x2f/0x290 [ 179.814103][ T6776] sysfs_create_dir_ns+0x259/0x280 [ 179.814126][ T6776] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 179.814148][ T6776] ? do_raw_spin_unlock+0x122/0x240 [ 179.814177][ T6776] kobject_add_internal+0x59f/0xb40 [ 179.814205][ T6776] kobject_init_and_add+0x125/0x190 [ 179.814232][ T6776] ? __pfx_kobject_init_and_add+0x10/0x10 [ 179.814255][ T6776] ? __raw_spin_lock_init+0x45/0x100 [ 179.814281][ T6776] ? __init_swait_queue_head+0xa9/0x150 [ 179.814307][ T6776] gfs2_sys_fs_add+0x234/0x450 [ 179.814329][ T6776] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 179.814353][ T6776] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 179.814387][ T6776] gfs2_fill_super+0x13c0/0x20d0 [ 179.814423][ T6776] ? __pfx_gfs2_fill_super+0x10/0x10 [ 179.814453][ T6776] ? sb_set_blocksize+0x104/0x180 [ 179.814484][ T6776] ? setup_bdev_super+0x4c1/0x5b0 [ 179.814513][ T6776] get_tree_bdev_flags+0x40b/0x4d0 [ 179.814542][ T6776] ? __pfx_gfs2_fill_super+0x10/0x10 [ 179.814568][ T6776] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 179.814602][ T6776] gfs2_get_tree+0x51/0x1e0 [ 179.814628][ T6776] vfs_get_tree+0x8f/0x2b0 [ 179.814656][ T6776] do_new_mount+0x2a2/0xa30 [ 179.814690][ T6776] ? ns_capable+0x8a/0xf0 [ 179.814710][ T6776] ? __pfx_do_new_mount+0x10/0x10 [ 179.814739][ T6776] ? path_mount+0x61c/0xfe0 [ 179.814765][ T6776] ? user_path_at+0x44/0x60 [ 179.814810][ T6776] __se_sys_mount+0x317/0x410 [ 179.814844][ T6776] ? __pfx___se_sys_mount+0x10/0x10 [ 179.814873][ T6776] ? rcu_is_watching+0x15/0xb0 [ 179.814898][ T6776] ? __x64_sys_mount+0x20/0xc0 [ 179.814930][ T6776] do_syscall_64+0xfa/0x3b0 [ 179.814961][ T6776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.814982][ T6776] ? clear_bhb_loop+0x60/0xb0 [ 179.815006][ T6776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.815027][ T6776] RIP: 0033:0x7fb47156b94a [ 179.815046][ T6776] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 179.815066][ T6776] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.815089][ T6776] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 179.815106][ T6776] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 179.815122][ T6776] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 179.815137][ T6776] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6780] <... write resumed>) = 16777216 [pid 6780] munmap(0x7fb469000000, 138412032 [pid 6777] <... munmap resumed>) = 0 [pid 6777] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6777] ioctl(4, LOOP_SET_FD, 3) = 0 [ 179.815150][ T6776] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 179.815170][ T6776] [ 180.123265][ T6777] loop2: detected capacity change from 0 to 32768 [pid 6777] close(3) = 0 [pid 6777] close(4) = 0 [pid 6777] mkdir("./file0", 0777) = 0 [pid 6777] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6776] <... mount resumed>) = -1 EEXIST (File exists) [pid 6776] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6776] ioctl(3, LOOP_CLR_FD) = 0 [ 180.145260][ T6776] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 180.159234][ T6776] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 180.218353][ T6777] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 180.234762][ T6777] CPU: 1 UID: 0 PID: 6777 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 180.234797][ T6777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 180.234810][ T6777] Call Trace: [ 180.234819][ T6777] [ 180.234827][ T6777] dump_stack_lvl+0x189/0x250 [ 180.234860][ T6777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.234885][ T6777] ? __pfx__printk+0x10/0x10 [ 180.234913][ T6777] ? kernfs_root+0x1c/0x230 [ 180.234938][ T6777] ? kernfs_path_from_node+0x250/0x290 [ 180.234961][ T6777] ? kernfs_path_from_node+0x2f/0x290 [ 180.234986][ T6777] sysfs_create_dir_ns+0x259/0x280 [ 180.235010][ T6777] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 180.235033][ T6777] ? do_raw_spin_unlock+0x122/0x240 [ 180.235061][ T6777] kobject_add_internal+0x59f/0xb40 [ 180.235089][ T6777] kobject_init_and_add+0x125/0x190 [ 180.235115][ T6777] ? __pfx_kobject_init_and_add+0x10/0x10 [ 180.235143][ T6777] ? __raw_spin_lock_init+0x45/0x100 [ 180.235168][ T6777] ? __init_swait_queue_head+0xa9/0x150 [ 180.235193][ T6777] gfs2_sys_fs_add+0x234/0x450 [ 180.235213][ T6777] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 180.235236][ T6777] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 180.235269][ T6777] gfs2_fill_super+0x13c0/0x20d0 [ 180.235304][ T6777] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.235333][ T6777] ? sb_set_blocksize+0x104/0x180 [ 180.235364][ T6777] ? setup_bdev_super+0x4c1/0x5b0 [ 180.235393][ T6777] get_tree_bdev_flags+0x40b/0x4d0 [ 180.235422][ T6777] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.235449][ T6777] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 180.235482][ T6777] gfs2_get_tree+0x51/0x1e0 [ 180.235510][ T6777] vfs_get_tree+0x8f/0x2b0 [ 180.235538][ T6777] do_new_mount+0x2a2/0xa30 [ 180.235571][ T6777] ? ns_capable+0x8a/0xf0 [ 180.235589][ T6777] ? __pfx_do_new_mount+0x10/0x10 [ 180.235619][ T6777] ? path_mount+0x61c/0xfe0 [ 180.235647][ T6777] ? user_path_at+0x44/0x60 [ 180.235681][ T6777] __se_sys_mount+0x317/0x410 [ 180.235713][ T6777] ? __pfx___se_sys_mount+0x10/0x10 [ 180.235743][ T6777] ? rcu_is_watching+0x15/0xb0 [ 180.235766][ T6777] ? __x64_sys_mount+0x20/0xc0 [ 180.235797][ T6777] do_syscall_64+0xfa/0x3b0 [ 180.235819][ T6777] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.235840][ T6777] ? clear_bhb_loop+0x60/0xb0 [ 180.235863][ T6777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.235883][ T6777] RIP: 0033:0x7fb47156b94a [ 180.235901][ T6777] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 180.235919][ T6777] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.235942][ T6777] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 180.235957][ T6777] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 180.235972][ T6777] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 180.235987][ T6777] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 180.236001][ T6777] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 180.236022][ T6777] [ 180.556072][ T6777] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6776] close(3 [pid 6782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6780] <... munmap resumed>) = 0 [pid 6780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6780] close(3) = 0 [pid 6780] close(4) = 0 [pid 6780] mkdir("./file0", 0777) = 0 [ 180.570064][ T6777] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 180.580746][ T6780] loop0: detected capacity change from 0 to 32768 [ 180.599290][ T6780] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 180.611098][ T6780] CPU: 0 UID: 0 PID: 6780 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 180.611130][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 180.611144][ T6780] Call Trace: [ 180.611152][ T6780] [ 180.611161][ T6780] dump_stack_lvl+0x189/0x250 [ 180.611192][ T6780] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.611217][ T6780] ? __pfx__printk+0x10/0x10 [ 180.611244][ T6780] ? kernfs_root+0x1c/0x230 [ 180.611270][ T6780] ? kernfs_path_from_node+0x250/0x290 [ 180.611292][ T6780] ? kernfs_path_from_node+0x2f/0x290 [ 180.611317][ T6780] sysfs_create_dir_ns+0x259/0x280 [ 180.611340][ T6780] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 180.611363][ T6780] ? do_raw_spin_unlock+0x122/0x240 [ 180.611392][ T6780] kobject_add_internal+0x59f/0xb40 [ 180.611421][ T6780] kobject_init_and_add+0x125/0x190 [ 180.611447][ T6780] ? __pfx_kobject_init_and_add+0x10/0x10 [ 180.611471][ T6780] ? __raw_spin_lock_init+0x45/0x100 [ 180.611497][ T6780] ? __init_swait_queue_head+0xa9/0x150 [ 180.611523][ T6780] gfs2_sys_fs_add+0x234/0x450 [ 180.611545][ T6780] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 180.611569][ T6780] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 180.611604][ T6780] gfs2_fill_super+0x13c0/0x20d0 [ 180.611639][ T6780] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.611667][ T6780] ? sb_set_blocksize+0x104/0x180 [ 180.611697][ T6780] ? setup_bdev_super+0x4c1/0x5b0 [ 180.611727][ T6780] get_tree_bdev_flags+0x40b/0x4d0 [ 180.611756][ T6780] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.611782][ T6780] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 180.611816][ T6780] gfs2_get_tree+0x51/0x1e0 [ 180.611844][ T6780] vfs_get_tree+0x8f/0x2b0 [ 180.611873][ T6780] do_new_mount+0x2a2/0xa30 [ 180.611913][ T6780] ? ns_capable+0x8a/0xf0 [ 180.611933][ T6780] ? __pfx_do_new_mount+0x10/0x10 [ 180.611962][ T6780] ? path_mount+0x61c/0xfe0 [ 180.611990][ T6780] ? user_path_at+0x44/0x60 [ 180.612017][ T6780] __se_sys_mount+0x317/0x410 [ 180.612051][ T6780] ? __pfx___se_sys_mount+0x10/0x10 [ 180.612081][ T6780] ? rcu_is_watching+0x15/0xb0 [ 180.612104][ T6780] ? __x64_sys_mount+0x20/0xc0 [ 180.612135][ T6780] do_syscall_64+0xfa/0x3b0 [ 180.612157][ T6780] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.612177][ T6780] ? clear_bhb_loop+0x60/0xb0 [ 180.612200][ T6780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.612221][ T6780] RIP: 0033:0x7fb47156b94a [ 180.612239][ T6780] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6780] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6782] <... write resumed>) = 16777216 [pid 6776] <... close resumed>) = 0 [pid 6782] munmap(0x7fb469000000, 138412032 [pid 6776] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] <... munmap resumed>) = 0 [pid 6776] <... futex resumed>) = 1 [pid 6782] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6776] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] <... openat resumed>) = 4 [pid 6782] ioctl(4, LOOP_SET_FD, 3 [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 180.612257][ T6780] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.612280][ T6780] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 180.612295][ T6780] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 180.612310][ T6780] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 180.612325][ T6780] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 180.612339][ T6780] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 180.612360][ T6780] [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... mount resumed>) = -1 EEXIST (File exists) [pid 6776] <... futex resumed>) = 0 [pid 6776] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6776] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6777] ioctl(3, LOOP_CLR_FD) = 0 [pid 6777] close(3 [pid 6774] <... futex resumed>) = 0 [pid 6782] <... ioctl resumed>) = 0 [pid 6780] <... mount resumed>) = -1 EEXIST (File exists) [pid 6774] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] close(3 [pid 6780] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6776] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6776] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... openat resumed>) = 3 [pid 6782] <... close resumed>) = 0 [pid 6780] ioctl(3, LOOP_CLR_FD [pid 6782] close(4 [pid 6780] <... ioctl resumed>) = 0 [pid 6782] <... close resumed>) = 0 [pid 6780] close(3 [pid 6782] mkdir("./file0", 0777 [pid 6780] <... close resumed>) = 0 [pid 6780] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6780] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6779] <... futex resumed>) = 0 [pid 6780] openat(AT_FDCWD, ".", O_RDONLY [pid 6779] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... openat resumed>) = 3 [pid 6780] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6780] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6780] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] <... mkdir resumed>) = 0 [ 180.612380][ T6780] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 180.855065][ T6782] loop1: detected capacity change from 0 to 32768 [ 180.890758][ T6780] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6782] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6776] <... ioctl resumed>) = 0 [pid 6776] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6776] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6776] <... openat resumed>) = 4 [pid 6776] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... futex resumed>) = 0 [pid 6774] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6774] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 180.964615][ T6782] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 180.984552][ T6782] CPU: 0 UID: 0 PID: 6782 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 180.984584][ T6782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 180.984598][ T6782] Call Trace: [ 180.984605][ T6782] [pid 6776] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6779] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6779] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6779] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6779] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6791]}, 88) = 6791 [pid 6779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6779] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... ioctl resumed>) = 0 [pid 6780] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6780] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6791 attached [pid 6791] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6791] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6791] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6791] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6791] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 0 [pid 6779] <... futex resumed>) = 1 [ 180.984614][ T6782] dump_stack_lvl+0x189/0x250 [ 180.984647][ T6782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.984672][ T6782] ? __pfx__printk+0x10/0x10 [ 180.984697][ T6782] ? kernfs_root+0x1c/0x230 [ 180.984721][ T6782] ? kernfs_path_from_node+0x250/0x290 [ 180.984742][ T6782] ? kernfs_path_from_node+0x2f/0x290 [ 180.984766][ T6782] sysfs_create_dir_ns+0x259/0x280 [ 180.984790][ T6782] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 180.984813][ T6782] ? do_raw_spin_unlock+0x122/0x240 [ 180.984843][ T6782] kobject_add_internal+0x59f/0xb40 [pid 6780] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 180.984881][ T6782] kobject_init_and_add+0x125/0x190 [ 180.984908][ T6782] ? __pfx_kobject_init_and_add+0x10/0x10 [ 180.984931][ T6782] ? __raw_spin_lock_init+0x45/0x100 [ 180.984958][ T6782] ? __init_swait_queue_head+0xa9/0x150 [ 180.984985][ T6782] gfs2_sys_fs_add+0x234/0x450 [ 180.985008][ T6782] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 180.985033][ T6782] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 180.985068][ T6782] gfs2_fill_super+0x13c0/0x20d0 [ 180.985103][ T6782] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.985130][ T6782] ? sb_set_blocksize+0x104/0x180 [ 180.985165][ T6782] ? setup_bdev_super+0x4c1/0x5b0 [ 180.985193][ T6782] get_tree_bdev_flags+0x40b/0x4d0 [ 180.985220][ T6782] ? __pfx_gfs2_fill_super+0x10/0x10 [ 180.985246][ T6782] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 180.985279][ T6782] gfs2_get_tree+0x51/0x1e0 [ 180.985307][ T6782] vfs_get_tree+0x8f/0x2b0 [ 180.985335][ T6782] do_new_mount+0x2a2/0xa30 [ 180.985368][ T6782] ? ns_capable+0x8a/0xf0 [ 180.985387][ T6782] ? __pfx_do_new_mount+0x10/0x10 [ 180.985415][ T6782] ? path_mount+0x61c/0xfe0 [ 180.985443][ T6782] ? user_path_at+0x44/0x60 [ 180.985471][ T6782] __se_sys_mount+0x317/0x410 [ 180.985504][ T6782] ? __pfx___se_sys_mount+0x10/0x10 [ 180.985535][ T6782] ? rcu_is_watching+0x15/0xb0 [ 180.985558][ T6782] ? __x64_sys_mount+0x20/0xc0 [ 180.985589][ T6782] do_syscall_64+0xfa/0x3b0 [ 180.985611][ T6782] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.985632][ T6782] ? clear_bhb_loop+0x60/0xb0 [ 180.985655][ T6782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.985675][ T6782] RIP: 0033:0x7fb47156b94a [ 180.985693][ T6782] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 180.985711][ T6782] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.985734][ T6782] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 180.985749][ T6782] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 6779] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6777] <... close resumed>) = 0 [ 180.985764][ T6782] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 180.985779][ T6782] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 180.985793][ T6782] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 180.985814][ T6782] [pid 6777] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] <... futex resumed>) = 0 [pid 6775] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = 0 [pid 6775] <... futex resumed>) = 1 [pid 6777] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] <... futex resumed>) = 0 [pid 6775] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6775] <... futex resumed>) = 0 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... ioctl resumed>) = 0 [pid 6777] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6777] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6777] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... openat resumed>) = 4 [pid 6777] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6777] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6775] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] exit_group(0 [pid 6791] <... futex resumed>) = ? [pid 6780] <... write resumed>) = ? [pid 6779] <... exit_group resumed>) = ? [pid 6780] +++ exited with 0 +++ [pid 6774] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6775] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6782] <... mount resumed>) = -1 EEXIST (File exists) [pid 6791] +++ exited with 0 +++ [pid 6779] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6779, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=92 /* 0.92 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6782] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5867] getdents64(4, [pid 6782] ioctl(3, LOOP_CLR_FD) = 0 [pid 5867] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6782] close(3 [pid 5867] getdents64(4, [pid 6782] <... close resumed>) = 0 [pid 5867] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./45/file0" [pid 6782] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... rmdir resumed>) = 0 [pid 6782] <... futex resumed>) = 1 [pid 6781] <... futex resumed>) = 0 [pid 5867] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6782] openat(AT_FDCWD, ".", O_RDONLY [pid 6781] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6782] <... openat resumed>) = 3 [pid 6781] <... futex resumed>) = 0 [pid 5867] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6782] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.471781][ T6782] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 181.485768][ T6782] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6782] <... futex resumed>) = 0 [pid 6781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] unlink("./45/binderfs" [pid 6782] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6781] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... unlink resumed>) = 0 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] umount2("./45/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./45/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9830400, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./45/cpuset.effective_mems" [pid 6782] <... ioctl resumed>) = 0 [pid 6782] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6782] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6781] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6781] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6775] exit_group(0) = ? [pid 6777] <... write resumed>) = ? [pid 6777] +++ exited with 0 +++ [pid 6774] exit_group(0) = ? [pid 6776] <... write resumed>) = ? [pid 6776] +++ exited with 0 +++ [pid 6774] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6774, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=44 /* 0.44 s */} --- [pid 6775] +++ exited with 0 +++ [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6775, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=49 /* 0.49 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 5870] newfstatat(3, "", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 5870] getdents64(3, [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./43/file0", [pid 5870] newfstatat(AT_FDCWD, "./44/file0", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 4 [pid 5870] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 5870] newfstatat(4, "", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 5870] getdents64(4, [pid 5869] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5870] getdents64(4, [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5870] close(4 [pid 5869] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./44/file0" [pid 5869] rmdir("./43/file0" [pid 5870] <... rmdir resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5870] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5869] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./44/binderfs" [pid 5869] unlink("./43/binderfs" [pid 5870] <... unlink resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5870] umount2("./44/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./43/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./44/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4874240, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] newfstatat(AT_FDCWD, "./43/cpuset.effective_mems", [pid 5870] unlink("./44/cpuset.effective_mems" [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=8601600, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./43/cpuset.effective_mems" [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./45") = 0 [pid 5867] mkdir("./46", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6792 ./strace-static-x86_64: Process 6792 attached [pid 6792] set_robust_list(0x55558d547760, 24) = 0 [pid 6792] chdir("./46") = 0 [pid 6792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6792] setpgid(0, 0 [pid 5870] <... unlink resumed>) = 0 [pid 6792] <... setpgid resumed>) = 0 [pid 6792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6792] write(3, "1000", 4) = 4 [pid 6792] close(3executing program ) = 0 [pid 5870] getdents64(3, [pid 6792] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6792] <... symlink resumed>) = 0 [pid 5870] close(3 [pid 6792] write(1, "executing program\n", 18) = 18 [pid 5870] <... close resumed>) = 0 [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("./44" [pid 6792] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 6792] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 5870] mkdir("./45", 0777 [pid 6792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6792] <... mmap resumed>) = 0x7fb4714f6000 [pid 6792] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5870] <... openat resumed>) = 3 [pid 6792] <... mprotect resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6792] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] close(3 [pid 6792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5870] <... close resumed>) = 0 ./strace-static-x86_64: Process 6793 attached [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6792] <... clone3 resumed> => {parent_tid=[6793]}, 88) = 6793 [pid 6792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6792] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6794 attached [pid 6793] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6792] <... futex resumed>) = 0 [pid 6794] set_robust_list(0x55558d547760, 24 [pid 6793] <... rseq resumed>) = 0 [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6794 [pid 6794] <... set_robust_list resumed>) = 0 [pid 6793] set_robust_list(0x7fb4715169a0, 24 [pid 6794] chdir("./45" [pid 6793] <... set_robust_list resumed>) = 0 [pid 6794] <... chdir resumed>) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] <... prctl resumed>) = 0 [pid 6794] setpgid(0, 0 [pid 6793] memfd_create("syzkaller", 0 [pid 6794] <... setpgid resumed>) = 0 [pid 6793] <... memfd_create resumed>) = 3 [pid 6794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6794] <... openat resumed>) = 3 [pid 6781] exit_group(0 [pid 6794] write(3, "1000", 4 [pid 6793] <... mmap resumed>) = 0x7fb469000000 [pid 6782] <... write resumed>) = ? [pid 6781] <... exit_group resumed>) = ? [pid 6794] <... write resumed>) = 4 [pid 6794] close(3) = 0 [pid 6794] symlink("/dev/binderfs", "./binderfs" [pid 6782] +++ exited with 0 +++ [pid 6781] +++ exited with 0 +++ [pid 6794] <... symlink resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6781, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=49 /* 0.49 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6794] write(1, "executing program\n", 18) = 18 [pid 6794] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5869] <... unlink resumed>) = 0 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6794] <... mmap resumed>) = 0x7fb4714f6000 [pid 5868] <... openat resumed>) = 3 [pid 6794] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5868] newfstatat(3, "", [pid 6794] <... mprotect resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6794] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6795 attached [pid 5868] newfstatat(AT_FDCWD, "./46/file0", [pid 6794] <... clone3 resumed> => {parent_tid=[6795]}, 88) = 6795 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6795] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6795] <... rseq resumed>) = 0 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6795] set_robust_list(0x7fb4715169a0, 24 [pid 6794] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6795] <... set_robust_list resumed>) = 0 [pid 6794] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6794] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] newfstatat(4, "", [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, [pid 6795] memfd_create("syzkaller", 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./46/file0") = 0 [pid 5868] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./46/binderfs") = 0 [pid 5868] umount2("./46/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./46/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9322496, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6795] <... memfd_create resumed>) = 3 [pid 5868] unlink("./46/cpuset.effective_mems" [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./43") = 0 [pid 5869] mkdir("./44", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6796 ./strace-static-x86_64: Process 6796 attached [pid 6796] set_robust_list(0x55558d547760, 24) = 0 [pid 6796] chdir("./44") = 0 [pid 6796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6796] setpgid(0, 0) = 0 [pid 6796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6796] write(3, "1000", 4) = 4 [pid 6796] close(3) = 0 [pid 6796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6796] write(1, "executing program\n", 18executing program ) = 18 [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6796] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6796] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6797 attached [pid 6797] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6797] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6796] <... clone3 resumed> => {parent_tid=[6797]}, 88) = 6797 [pid 6797] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6796] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... futex resumed>) = 0 [pid 6796] <... futex resumed>) = 1 [pid 6797] memfd_create("syzkaller", 0 [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6797] <... memfd_create resumed>) = 3 [pid 6797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./46") = 0 [pid 5868] mkdir("./47", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6798 ./strace-static-x86_64: Process 6798 attached [pid 6798] set_robust_list(0x55558d547760, 24) = 0 [pid 6798] chdir("./47") = 0 [pid 6798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6798] setpgid(0, 0) = 0 [pid 6798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6798] write(3, "1000", 4) = 4 [pid 6798] close(3) = 0 [pid 6798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6798] write(1, "executing program\n", 18executing program ) = 18 [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6798] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6799 attached => {parent_tid=[6799]}, 88) = 6799 [pid 6799] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6798] rt_sigprocmask(SIG_SETMASK, [], [pid 6799] <... rseq resumed>) = 0 [pid 6798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6798] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] set_robust_list(0x7fb4715169a0, 24 [pid 6798] <... futex resumed>) = 0 [pid 6799] <... set_robust_list resumed>) = 0 [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6799] memfd_create("syzkaller", 0) = 3 [pid 6799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6795] <... write resumed>) = 16777216 [pid 6795] munmap(0x7fb469000000, 138412032 [pid 6793] <... write resumed>) = 16777216 [pid 6793] munmap(0x7fb469000000, 138412032 [pid 6799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6795] <... munmap resumed>) = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] close(3) = 0 [pid 6795] close(4) = 0 [pid 6795] mkdir("./file0", 0777) = 0 [ 182.476069][ T6795] loop3: detected capacity change from 0 to 32768 [pid 6795] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6793] <... munmap resumed>) = 0 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6793] close(3) = 0 [pid 6793] close(4) = 0 [pid 6793] mkdir("./file0", 0777) = 0 [ 182.526855][ T6795] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 182.533832][ T6793] loop0: detected capacity change from 0 to 32768 [ 182.541478][ T6795] CPU: 1 UID: 0 PID: 6795 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 182.541511][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 182.541525][ T6795] Call Trace: [ 182.541534][ T6795] [ 182.541543][ T6795] dump_stack_lvl+0x189/0x250 [ 182.541575][ T6795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.541600][ T6795] ? __pfx__printk+0x10/0x10 [ 182.541628][ T6795] ? kernfs_root+0x1c/0x230 [ 182.541653][ T6795] ? kernfs_path_from_node+0x250/0x290 [ 182.541676][ T6795] ? kernfs_path_from_node+0x2f/0x290 [ 182.541700][ T6795] sysfs_create_dir_ns+0x259/0x280 [ 182.541732][ T6795] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 182.541754][ T6795] ? do_raw_spin_unlock+0x122/0x240 [ 182.541782][ T6795] kobject_add_internal+0x59f/0xb40 [ 182.541811][ T6795] kobject_init_and_add+0x125/0x190 [ 182.541837][ T6795] ? __pfx_kobject_init_and_add+0x10/0x10 [ 182.541861][ T6795] ? __raw_spin_lock_init+0x45/0x100 [ 182.541887][ T6795] ? __init_swait_queue_head+0xa9/0x150 [ 182.541913][ T6795] gfs2_sys_fs_add+0x234/0x450 [ 182.541935][ T6795] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 182.541960][ T6795] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 182.541993][ T6795] gfs2_fill_super+0x13c0/0x20d0 [ 182.542027][ T6795] ? __pfx_gfs2_fill_super+0x10/0x10 [ 182.542057][ T6795] ? sb_set_blocksize+0x104/0x180 [pid 6793] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6797] <... write resumed>) = 16777216 [ 182.542088][ T6795] ? setup_bdev_super+0x4c1/0x5b0 [ 182.542117][ T6795] get_tree_bdev_flags+0x40b/0x4d0 [ 182.542147][ T6795] ? __pfx_gfs2_fill_super+0x10/0x10 [ 182.542174][ T6795] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 182.542208][ T6795] gfs2_get_tree+0x51/0x1e0 [ 182.542236][ T6795] vfs_get_tree+0x8f/0x2b0 [ 182.542265][ T6795] do_new_mount+0x2a2/0xa30 [ 182.542298][ T6795] ? ns_capable+0x8a/0xf0 [ 182.542318][ T6795] ? __pfx_do_new_mount+0x10/0x10 [ 182.542347][ T6795] ? path_mount+0x61c/0xfe0 [pid 6797] munmap(0x7fb469000000, 138412032 [pid 6799] <... write resumed>) = 16777216 [ 182.542375][ T6795] ? user_path_at+0x44/0x60 [ 182.542403][ T6795] __se_sys_mount+0x317/0x410 [ 182.542438][ T6795] ? __pfx___se_sys_mount+0x10/0x10 [ 182.542482][ T6795] ? rcu_is_watching+0x15/0xb0 [ 182.542506][ T6795] ? __x64_sys_mount+0x20/0xc0 [ 182.542537][ T6795] do_syscall_64+0xfa/0x3b0 [ 182.542559][ T6795] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.542579][ T6795] ? clear_bhb_loop+0x60/0xb0 [ 182.542602][ T6795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.542622][ T6795] RIP: 0033:0x7fb47156b94a [pid 6799] munmap(0x7fb469000000, 138412032 [pid 6797] <... munmap resumed>) = 0 [pid 6797] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 182.542641][ T6795] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 182.542660][ T6795] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 182.542683][ T6795] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 182.542699][ T6795] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 182.542713][ T6795] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 182.542727][ T6795] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 182.542741][ T6795] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 182.542763][ T6795] [ 182.543279][ T6795] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 182.559684][ T6793] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 182.605277][ T6795] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 182.675209][ T6793] CPU: 0 UID: 0 PID: 6793 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 182.675245][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 182.675261][ T6793] Call Trace: [ 182.675270][ T6793] [ 182.675281][ T6793] dump_stack_lvl+0x189/0x250 [ 182.675317][ T6793] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.675345][ T6793] ? __pfx__printk+0x10/0x10 [ 182.675377][ T6793] ? kernfs_root+0x1c/0x230 [ 182.675406][ T6793] ? kernfs_path_from_node+0x250/0x290 [ 182.675431][ T6793] ? kernfs_path_from_node+0x2f/0x290 [ 182.675458][ T6793] sysfs_create_dir_ns+0x259/0x280 [ 182.675484][ T6793] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 182.675510][ T6793] ? do_raw_spin_unlock+0x122/0x240 [ 182.675542][ T6793] kobject_add_internal+0x59f/0xb40 [ 182.675574][ T6793] kobject_init_and_add+0x125/0x190 [ 182.675602][ T6793] ? __pfx_kobject_init_and_add+0x10/0x10 [ 182.675629][ T6793] ? __raw_spin_lock_init+0x45/0x100 [ 182.675657][ T6793] ? __init_swait_queue_head+0xa9/0x150 [ 182.675694][ T6793] gfs2_sys_fs_add+0x234/0x450 [ 182.675720][ T6793] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 182.675747][ T6793] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 182.675787][ T6793] gfs2_fill_super+0x13c0/0x20d0 [ 182.675825][ T6793] ? __pfx_gfs2_fill_super+0x10/0x10 [ 182.675858][ T6793] ? sb_set_blocksize+0x104/0x180 [ 182.675893][ T6793] ? setup_bdev_super+0x4c1/0x5b0 [ 182.675926][ T6793] get_tree_bdev_flags+0x40b/0x4d0 [ 182.675958][ T6793] ? __pfx_gfs2_fill_super+0x10/0x10 [ 182.675989][ T6793] ? __pfx_get_tree_bdev_flags+0x10/0x10 [pid 6797] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] <... mount resumed>) = -1 EEXIST (File exists) [pid 6797] close(3 [pid 6795] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6797] <... close resumed>) = 0 [pid 6795] <... openat resumed>) = 3 [pid 6797] close(4) = 0 [pid 6797] mkdir("./file0", 0777 [pid 6795] ioctl(3, LOOP_CLR_FD [pid 6797] <... mkdir resumed>) = 0 [pid 6795] <... ioctl resumed>) = 0 [pid 6797] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6795] close(3) = 0 [pid 6795] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 182.676028][ T6793] gfs2_get_tree+0x51/0x1e0 [ 182.676058][ T6793] vfs_get_tree+0x8f/0x2b0 [ 182.676091][ T6793] do_new_mount+0x2a2/0xa30 [ 182.676127][ T6793] ? ns_capable+0x8a/0xf0 [ 182.676148][ T6793] ? __pfx_do_new_mount+0x10/0x10 [ 182.676182][ T6793] ? path_mount+0x61c/0xfe0 [ 182.676213][ T6793] ? user_path_at+0x44/0x60 [ 182.676244][ T6793] __se_sys_mount+0x317/0x410 [ 182.676281][ T6793] ? __pfx___se_sys_mount+0x10/0x10 [ 182.676315][ T6793] ? rcu_is_watching+0x15/0xb0 [pid 6795] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6799] <... munmap resumed>) = 0 [pid 6799] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 182.676341][ T6793] ? __x64_sys_mount+0x20/0xc0 [ 182.676374][ T6793] do_syscall_64+0xfa/0x3b0 [ 182.676399][ T6793] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.676423][ T6793] ? clear_bhb_loop+0x60/0xb0 [ 182.676447][ T6793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.676471][ T6793] RIP: 0033:0x7fb47156b94a [ 182.676491][ T6793] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6799] ioctl(4, LOOP_SET_FD, 3 [pid 6794] <... futex resumed>) = 0 [pid 6794] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... futex resumed>) = 0 [pid 6795] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6795] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6794] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 182.676511][ T6793] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 182.676538][ T6793] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 182.676556][ T6793] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 182.676574][ T6793] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 182.676591][ T6793] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 182.676607][ T6793] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 182.676632][ T6793] [pid 6794] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... ioctl resumed>) = 0 [pid 6799] close(3) = 0 [pid 6799] close(4) = 0 [pid 6799] mkdir("./file0", 0777) = 0 [ 182.676659][ T6793] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 182.805824][ T6797] loop2: detected capacity change from 0 to 32768 [ 182.848443][ T6793] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 183.082726][ T6799] loop1: detected capacity change from 0 to 32768 [ 183.187151][ T6797] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 183.226486][ T6797] CPU: 0 UID: 0 PID: 6797 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 183.226516][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.226531][ T6797] Call Trace: [ 183.226539][ T6797] [ 183.226548][ T6797] dump_stack_lvl+0x189/0x250 [ 183.226580][ T6797] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.226604][ T6797] ? __pfx__printk+0x10/0x10 [ 183.226631][ T6797] ? kernfs_root+0x1c/0x230 [pid 6799] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6793] <... mount resumed>) = -1 EEXIST (File exists) [pid 6794] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6794] <... futex resumed>) = 0 [pid 6793] <... openat resumed>) = 3 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6793] ioctl(3, LOOP_CLR_FD [pid 6794] <... mmap resumed>) = 0x7fb4714d5000 [pid 6793] <... ioctl resumed>) = 0 [pid 6794] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [ 183.226656][ T6797] ? kernfs_path_from_node+0x250/0x290 [ 183.226677][ T6797] ? kernfs_path_from_node+0x2f/0x290 [ 183.226702][ T6797] sysfs_create_dir_ns+0x259/0x280 [ 183.226725][ T6797] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 183.226747][ T6797] ? do_raw_spin_unlock+0x122/0x240 [ 183.226775][ T6797] kobject_add_internal+0x59f/0xb40 [ 183.226803][ T6797] kobject_init_and_add+0x125/0x190 [ 183.226829][ T6797] ? __pfx_kobject_init_and_add+0x10/0x10 [ 183.226852][ T6797] ? __raw_spin_lock_init+0x45/0x100 [ 183.226877][ T6797] ? __init_swait_queue_head+0xa9/0x150 [pid 6793] close(3 [pid 6795] <... ioctl resumed>) = 0 [pid 6794] <... mprotect resumed>) = 0 [pid 6794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6807]}, 88) = 6807 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6794] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 183.226903][ T6797] gfs2_sys_fs_add+0x234/0x450 [ 183.226925][ T6797] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 183.226948][ T6797] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 183.226981][ T6797] gfs2_fill_super+0x13c0/0x20d0 [ 183.227016][ T6797] ? __pfx_gfs2_fill_super+0x10/0x10 [ 183.227045][ T6797] ? sb_set_blocksize+0x104/0x180 [ 183.227075][ T6797] ? setup_bdev_super+0x4c1/0x5b0 [ 183.227106][ T6797] get_tree_bdev_flags+0x40b/0x4d0 [ 183.227134][ T6797] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6795] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6807 attached [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6795] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6794] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6795] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6807] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6807] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] exit_group(0 [pid 6807] <... futex resumed>) = ? [pid 6795] <... futex resumed>) = ? [pid 6794] <... exit_group resumed>) = ? [pid 6795] +++ exited with 0 +++ [pid 6807] +++ exited with 0 +++ [pid 6794] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6794, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=40 /* 0.40 s */} --- [pid 5870] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./45/file0") = 0 [pid 5870] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./45/binderfs") = 0 [ 183.227160][ T6797] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 183.227193][ T6797] gfs2_get_tree+0x51/0x1e0 [ 183.227241][ T6797] vfs_get_tree+0x8f/0x2b0 [ 183.227271][ T6797] do_new_mount+0x2a2/0xa30 [ 183.227302][ T6797] ? ns_capable+0x8a/0xf0 [ 183.227322][ T6797] ? __pfx_do_new_mount+0x10/0x10 [ 183.227351][ T6797] ? path_mount+0x61c/0xfe0 [ 183.227379][ T6797] ? user_path_at+0x44/0x60 [ 183.227413][ T6797] __se_sys_mount+0x317/0x410 [ 183.227445][ T6797] ? __pfx___se_sys_mount+0x10/0x10 [pid 5870] umount2("./45/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./45/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./45/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./45") = 0 [pid 5870] mkdir("./46", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [ 183.227475][ T6797] ? rcu_is_watching+0x15/0xb0 [ 183.227499][ T6797] ? __x64_sys_mount+0x20/0xc0 [ 183.227530][ T6797] do_syscall_64+0xfa/0x3b0 [ 183.227552][ T6797] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.227572][ T6797] ? clear_bhb_loop+0x60/0xb0 [ 183.227601][ T6797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.227621][ T6797] RIP: 0033:0x7fb47156b94a [ 183.227639][ T6797] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 183.227657][ T6797] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 183.227680][ T6797] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 183.227695][ T6797] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 183.227710][ T6797] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 183.227724][ T6797] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 183.227738][ T6797] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6809 [pid 6793] <... close resumed>) = 0 ./strace-static-x86_64: Process 6809 attached [pid 6793] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] set_robust_list(0x55558d547760, 24 [pid 6793] <... futex resumed>) = 1 [pid 6809] <... set_robust_list resumed>) = 0 [pid 6793] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] chdir("./46" [pid 6792] <... futex resumed>) = 0 executing program [pid 6809] <... chdir resumed>) = 0 [pid 6809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6809] setpgid(0, 0) = 0 [pid 6809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6809] write(3, "1000", 4) = 4 [pid 6809] close(3) = 0 [pid 6809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6809] write(1, "executing program\n", 18) = 18 [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6809] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6809] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6792] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = 1 [pid 6793] openat(AT_FDCWD, ".", O_RDONLY [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6793] <... openat resumed>) = 3 [pid 6793] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6810 attached [pid 6809] <... clone3 resumed> => {parent_tid=[6810]}, 88) = 6810 [pid 6793] <... futex resumed>) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6810] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6793] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... rseq resumed>) = 0 [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] <... futex resumed>) = 0 [pid 6809] rt_sigprocmask(SIG_SETMASK, [], [pid 6810] set_robust_list(0x7fb4715169a0, 24 [pid 6809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6797] <... mount resumed>) = -1 EEXIST (File exists) [pid 6793] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6810] <... set_robust_list resumed>) = 0 [pid 6810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 183.227759][ T6797] [ 183.227826][ T6797] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 183.545248][ T6799] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 183.549063][ T6797] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 183.566007][ T6799] CPU: 0 UID: 0 PID: 6799 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 6810] memfd_create("syzkaller", 0) = 3 [pid 6797] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6793] <... ioctl resumed>) = 0 [pid 6810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6797] <... openat resumed>) = 3 [pid 6793] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... mmap resumed>) = 0x7fb469000000 [pid 6793] <... futex resumed>) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6797] ioctl(3, LOOP_CLR_FD [pid 6793] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6793] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6797] <... ioctl resumed>) = 0 [pid 6793] <... openat resumed>) = 4 [pid 6792] <... futex resumed>) = 0 [pid 6797] close(3 [pid 6793] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 183.566040][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 183.566053][ T6799] Call Trace: [ 183.566061][ T6799] [ 183.566070][ T6799] dump_stack_lvl+0x189/0x250 [ 183.566102][ T6799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.566127][ T6799] ? __pfx__printk+0x10/0x10 [ 183.566154][ T6799] ? kernfs_root+0x1c/0x230 [ 183.566179][ T6799] ? kernfs_path_from_node+0x250/0x290 [ 183.566201][ T6799] ? kernfs_path_from_node+0x2f/0x290 [ 183.566225][ T6799] sysfs_create_dir_ns+0x259/0x280 [ 183.566249][ T6799] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 183.566271][ T6799] ? do_raw_spin_unlock+0x122/0x240 [ 183.566299][ T6799] kobject_add_internal+0x59f/0xb40 [ 183.566328][ T6799] kobject_init_and_add+0x125/0x190 [ 183.566353][ T6799] ? __pfx_kobject_init_and_add+0x10/0x10 [ 183.566376][ T6799] ? __raw_spin_lock_init+0x45/0x100 [ 183.566402][ T6799] ? __init_swait_queue_head+0xa9/0x150 [ 183.566439][ T6799] gfs2_sys_fs_add+0x234/0x450 [ 183.566462][ T6799] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 6792] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 183.566486][ T6799] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 183.566520][ T6799] gfs2_fill_super+0x13c0/0x20d0 [ 183.566554][ T6799] ? __pfx_gfs2_fill_super+0x10/0x10 [ 183.566581][ T6799] ? sb_set_blocksize+0x104/0x180 [ 183.566612][ T6799] ? setup_bdev_super+0x4c1/0x5b0 [ 183.566641][ T6799] get_tree_bdev_flags+0x40b/0x4d0 [ 183.566670][ T6799] ? __pfx_gfs2_fill_super+0x10/0x10 [ 183.566696][ T6799] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 183.566730][ T6799] gfs2_get_tree+0x51/0x1e0 [ 183.566757][ T6799] vfs_get_tree+0x8f/0x2b0 [ 183.566786][ T6799] do_new_mount+0x2a2/0xa30 [ 183.566818][ T6799] ? ns_capable+0x8a/0xf0 [ 183.566837][ T6799] ? __pfx_do_new_mount+0x10/0x10 [ 183.566867][ T6799] ? path_mount+0x61c/0xfe0 [ 183.566895][ T6799] ? user_path_at+0x44/0x60 [ 183.566922][ T6799] __se_sys_mount+0x317/0x410 [ 183.566955][ T6799] ? __pfx___se_sys_mount+0x10/0x10 [ 183.566986][ T6799] ? rcu_is_watching+0x15/0xb0 [ 183.567008][ T6799] ? __x64_sys_mount+0x20/0xc0 [ 183.567040][ T6799] do_syscall_64+0xfa/0x3b0 [ 183.567061][ T6799] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.567081][ T6799] ? clear_bhb_loop+0x60/0xb0 [ 183.567105][ T6799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.567124][ T6799] RIP: 0033:0x7fb47156b94a [ 183.567141][ T6799] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 183.567159][ T6799] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 6793] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6792] <... futex resumed>) = 0 [ 183.567182][ T6799] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 183.567222][ T6799] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 183.567238][ T6799] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 183.567253][ T6799] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 183.567267][ T6799] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 183.567288][ T6799] [ 183.567310][ T6799] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6792] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6797] <... close resumed>) = 0 [pid 6797] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6797] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... futex resumed>) = 0 [pid 6796] <... futex resumed>) = 1 [pid 6797] openat(AT_FDCWD, ".", O_RDONLY [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] <... openat resumed>) = 3 [pid 6797] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] <... ioctl resumed>) = 0 [pid 6797] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6792] exit_group(0) = ? [pid 6797] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6796] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] <... futex resumed>) = 1 [pid 6799] <... mount resumed>) = -1 EEXIST (File exists) [pid 6797] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6799] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6799] ioctl(3, LOOP_CLR_FD) = 0 [ 184.023850][ T6799] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6799] close(3 [pid 6793] <... write resumed>) = ? [pid 6793] +++ exited with 0 +++ [pid 6792] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6792, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=96 /* 0.96 s */} --- [pid 6796] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./46/file0") = 0 [pid 5867] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./46/binderfs") = 0 [pid 5867] umount2("./46/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./46/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=12374016, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./46/cpuset.effective_mems" [pid 6810] <... write resumed>) = 16777216 [pid 6810] munmap(0x7fb469000000, 138412032 [pid 6799] <... close resumed>) = 0 [pid 6799] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] <... futex resumed>) = 0 [pid 6798] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 0 [pid 6798] <... futex resumed>) = 1 [pid 6799] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6799] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6798] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 6799] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6799] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6798] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... openat resumed>) = 4 [pid 6798] <... futex resumed>) = 0 [pid 6799] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6798] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6798] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6810] <... munmap resumed>) = 0 [pid 6810] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6810] close(3) = 0 [pid 6810] close(4) = 0 [pid 6810] mkdir("./file0", 0777) = 0 [pid 6810] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6798] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./46") = 0 [pid 5867] mkdir("./47", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6813 ./strace-static-x86_64: Process 6813 attached [ 184.296006][ T6810] loop3: detected capacity change from 0 to 32768 [ 184.319210][ T6810] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 184.358554][ T6810] CPU: 0 UID: 0 PID: 6810 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 184.358586][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 184.358600][ T6810] Call Trace: [ 184.358609][ T6810] [ 184.358618][ T6810] dump_stack_lvl+0x189/0x250 [ 184.358650][ T6810] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.358674][ T6810] ? __pfx__printk+0x10/0x10 [ 184.358701][ T6810] ? kernfs_root+0x1c/0x230 [ 184.358727][ T6810] ? kernfs_path_from_node+0x250/0x290 [ 184.358750][ T6810] ? kernfs_path_from_node+0x2f/0x290 [ 184.358775][ T6810] sysfs_create_dir_ns+0x259/0x280 [ 184.358798][ T6810] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 184.358821][ T6810] ? do_raw_spin_unlock+0x122/0x240 [ 184.358849][ T6810] kobject_add_internal+0x59f/0xb40 [ 184.358878][ T6810] kobject_init_and_add+0x125/0x190 [ 184.358904][ T6810] ? __pfx_kobject_init_and_add+0x10/0x10 [ 184.358928][ T6810] ? __raw_spin_lock_init+0x45/0x100 [pid 6813] set_robust_list(0x55558d547760, 24) = 0 [pid 6813] chdir("./47") = 0 [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6813] setpgid(0, 0) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6813] write(3, "1000", 4) = 4 executing program [pid 6813] close(3) = 0 [pid 6813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6813] write(1, "executing program\n", 18) = 18 [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6813] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6814]}, 88) = 6814 [pid 6813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6813] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6814 attached [pid 6814] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6814] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6814] memfd_create("syzkaller", 0) = 3 [ 184.358954][ T6810] ? __init_swait_queue_head+0xa9/0x150 [ 184.358980][ T6810] gfs2_sys_fs_add+0x234/0x450 [ 184.359003][ T6810] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 184.359028][ T6810] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 184.359062][ T6810] gfs2_fill_super+0x13c0/0x20d0 [ 184.359097][ T6810] ? __pfx_gfs2_fill_super+0x10/0x10 [ 184.359126][ T6810] ? sb_set_blocksize+0x104/0x180 [ 184.359157][ T6810] ? setup_bdev_super+0x4c1/0x5b0 [ 184.359187][ T6810] get_tree_bdev_flags+0x40b/0x4d0 [ 184.359216][ T6810] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 184.359242][ T6810] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 184.359275][ T6810] gfs2_get_tree+0x51/0x1e0 [ 184.359304][ T6810] vfs_get_tree+0x8f/0x2b0 [ 184.359333][ T6810] do_new_mount+0x2a2/0xa30 [ 184.359365][ T6810] ? ns_capable+0x8a/0xf0 [ 184.359385][ T6810] ? __pfx_do_new_mount+0x10/0x10 [ 184.359415][ T6810] ? path_mount+0x61c/0xfe0 [ 184.359443][ T6810] ? user_path_at+0x44/0x60 [ 184.359470][ T6810] __se_sys_mount+0x317/0x410 [ 184.359504][ T6810] ? __pfx___se_sys_mount+0x10/0x10 [ 184.359554][ T6810] ? rcu_is_watching+0x15/0xb0 [ 184.359577][ T6810] ? __x64_sys_mount+0x20/0xc0 [ 184.359609][ T6810] do_syscall_64+0xfa/0x3b0 [ 184.359642][ T6810] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.359662][ T6810] ? clear_bhb_loop+0x60/0xb0 [ 184.359685][ T6810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.359705][ T6810] RIP: 0033:0x7fb47156b94a [ 184.359722][ T6810] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 184.359739][ T6810] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 184.359762][ T6810] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 184.359777][ T6810] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 184.359791][ T6810] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 184.359805][ T6810] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 184.359818][ T6810] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6810] <... mount resumed>) = -1 EEXIST (File exists) [pid 6810] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6810] ioctl(3, LOOP_CLR_FD) = 0 [ 184.359839][ T6810] [ 184.359860][ T6810] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 184.677023][ T6810] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6810] close(3 [pid 6796] exit_group(0) = ? [pid 6797] <... write resumed>) = ? [pid 6797] +++ exited with 0 +++ [pid 6796] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6796, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=105 /* 1.05 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./44/file0") = 0 [pid 5869] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./44/binderfs") = 0 [pid 5869] umount2("./44/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./44/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=14659584, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./44/cpuset.effective_mems" [pid 6810] <... close resumed>) = 0 [pid 6810] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6809] <... futex resumed>) = 1 [pid 6810] openat(AT_FDCWD, ".", O_RDONLY [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... openat resumed>) = 3 [pid 6810] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6809] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... ioctl resumed>) = 0 [pid 6810] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] <... futex resumed>) = 0 [pid 6810] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6809] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] exit_group(0) = ? [pid 6814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6799] <... write resumed>) = ? [pid 6799] +++ exited with 0 +++ [pid 6798] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6798, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=92 /* 0.92 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./47/file0") = 0 [pid 5868] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./47/binderfs") = 0 [pid 5868] umount2("./47/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./47/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9785344, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./47/cpuset.effective_mems" [pid 6809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./44" [pid 5868] getdents64(3, [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5869] mkdir("./45", 0777 [pid 5868] rmdir("./47" [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./48", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3 [pid 6814] <... write resumed>) = 16777216 [pid 5869] <... close resumed>) = 0 [pid 6814] munmap(0x7fb469000000, 138412032 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6815 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 6815 attached [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6815] set_robust_list(0x55558d547760, 24) = 0 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6815] chdir("./45" [pid 5868] close(3 [pid 6815] <... chdir resumed>) = 0 [pid 6815] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... close resumed>) = 0 [pid 6815] <... prctl resumed>) = 0 [pid 6815] setpgid(0, 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6815] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 6816 attached [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6816 [pid 6815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6816] set_robust_list(0x55558d547760, 24) = 0 [pid 6815] <... openat resumed>) = 3 [pid 6815] write(3, "1000", 4) = 4 [pid 6816] chdir("./48") = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6816] setpgid(0, 0) = 0 [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6815] close(3 [pid 6816] write(3, "1000", 4) = 4 [pid 6815] <... close resumed>) = 0 [pid 6816] close(3) = 0 [pid 6815] symlink("/dev/binderfs", "./binderfs" [pid 6816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6815] <... symlink resumed>) = 0 executing program [pid 6816] write(1, "executing program\n", 18 [pid 6815] write(1, "executing program\n", 18executing program [pid 6816] <... write resumed>) = 18 [pid 6816] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... write resumed>) = 18 [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6816] <... futex resumed>) = 0 [pid 6815] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6816] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6815] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6816] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6816] <... mmap resumed>) = 0x7fb4714f6000 [pid 6815] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6816] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6815] <... mprotect resumed>) = 0 [pid 6816] <... mprotect resumed>) = 0 [pid 6815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6817 attached [], 8) = 0 [pid 6815] <... clone3 resumed> => {parent_tid=[6817]}, 88) = 6817 [pid 6817] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6815] rt_sigprocmask(SIG_SETMASK, [], [pid 6817] <... rseq resumed>) = 0 [pid 6815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6817] set_robust_list(0x7fb4715169a0, 24 [pid 6816] <... clone3 resumed> => {parent_tid=[6818]}, 88) = 6818 [pid 6815] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6818 attached [pid 6817] <... set_robust_list resumed>) = 0 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6815] <... futex resumed>) = 0 [pid 6818] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6817] rt_sigprocmask(SIG_SETMASK, [], [pid 6818] <... rseq resumed>) = 0 [pid 6817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6818] set_robust_list(0x7fb4715169a0, 24 [pid 6816] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... set_robust_list resumed>) = 0 [pid 6816] <... futex resumed>) = 0 [pid 6818] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6818] memfd_create("syzkaller", 0) = 3 [pid 6818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6817] memfd_create("syzkaller", 0) = 3 [pid 6814] <... munmap resumed>) = 0 [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6814] close(3) = 0 [pid 6814] close(4) = 0 [pid 6814] mkdir("./file0", 0777) = 0 [ 185.156201][ T6814] loop0: detected capacity change from 0 to 32768 [ 185.185395][ T6814] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 185.222488][ T6814] CPU: 1 UID: 0 PID: 6814 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 185.222521][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.222536][ T6814] Call Trace: [ 185.222544][ T6814] [ 185.222554][ T6814] dump_stack_lvl+0x189/0x250 [ 185.222586][ T6814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.222612][ T6814] ? __pfx__printk+0x10/0x10 [ 185.222639][ T6814] ? kernfs_root+0x1c/0x230 [ 185.222665][ T6814] ? kernfs_path_from_node+0x250/0x290 [ 185.222687][ T6814] ? kernfs_path_from_node+0x2f/0x290 [ 185.222712][ T6814] sysfs_create_dir_ns+0x259/0x280 [ 185.222736][ T6814] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 185.222759][ T6814] ? do_raw_spin_unlock+0x122/0x240 [ 185.222788][ T6814] kobject_add_internal+0x59f/0xb40 [ 185.222817][ T6814] kobject_init_and_add+0x125/0x190 [ 185.222843][ T6814] ? __pfx_kobject_init_and_add+0x10/0x10 [ 185.222866][ T6814] ? __raw_spin_lock_init+0x45/0x100 [ 185.222892][ T6814] ? __init_swait_queue_head+0xa9/0x150 [ 185.222919][ T6814] gfs2_sys_fs_add+0x234/0x450 [ 185.222941][ T6814] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 185.222965][ T6814] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 185.223000][ T6814] gfs2_fill_super+0x13c0/0x20d0 [ 185.223035][ T6814] ? __pfx_gfs2_fill_super+0x10/0x10 [ 185.223064][ T6814] ? sb_set_blocksize+0x104/0x180 [ 185.223095][ T6814] ? setup_bdev_super+0x4c1/0x5b0 [ 185.223125][ T6814] get_tree_bdev_flags+0x40b/0x4d0 [ 185.223153][ T6814] ? __pfx_gfs2_fill_super+0x10/0x10 [ 185.223180][ T6814] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 185.223214][ T6814] gfs2_get_tree+0x51/0x1e0 [ 185.223242][ T6814] vfs_get_tree+0x8f/0x2b0 [ 185.223270][ T6814] do_new_mount+0x2a2/0xa30 [ 185.223304][ T6814] ? ns_capable+0x8a/0xf0 [ 185.223323][ T6814] ? __pfx_do_new_mount+0x10/0x10 [ 185.223353][ T6814] ? path_mount+0x61c/0xfe0 [ 185.223381][ T6814] ? user_path_at+0x44/0x60 [ 185.223409][ T6814] __se_sys_mount+0x317/0x410 [ 185.223450][ T6814] ? __pfx___se_sys_mount+0x10/0x10 [ 185.223480][ T6814] ? rcu_is_watching+0x15/0xb0 [ 185.223504][ T6814] ? __x64_sys_mount+0x20/0xc0 [ 185.223535][ T6814] do_syscall_64+0xfa/0x3b0 [ 185.223557][ T6814] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.223578][ T6814] ? clear_bhb_loop+0x60/0xb0 [ 185.223601][ T6814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.223622][ T6814] RIP: 0033:0x7fb47156b94a [ 185.223640][ T6814] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6814] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6810] <... write resumed>) = 16777152 [pid 6810] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6810] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] exit_group(0) = ? [pid 6810] <... futex resumed>) = ? [pid 6810] +++ exited with 0 +++ [pid 6809] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6809, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=93 /* 0.93 s */} --- [ 185.223659][ T6814] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 185.223682][ T6814] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 185.223698][ T6814] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 185.223713][ T6814] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 185.223728][ T6814] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 185.223741][ T6814] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./46/file0") = 0 [pid 5870] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./46/binderfs") = 0 [pid 5870] umount2("./46/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./46/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=16777152, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./46/cpuset.effective_mems" [pid 6814] <... mount resumed>) = -1 EEXIST (File exists) [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6814] ioctl(3, LOOP_CLR_FD) = 0 [pid 6814] close(3) = 0 [pid 6814] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6814] openat(AT_FDCWD, ".", O_RDONLY [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... openat resumed>) = 3 [pid 6814] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 185.223762][ T6814] [ 185.223784][ T6814] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 185.542504][ T6814] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6814] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6814] <... ioctl resumed>) = 0 [pid 6814] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... openat resumed>) = 4 [pid 6814] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6813] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6817] <... write resumed>) = 16777216 [pid 6817] munmap(0x7fb469000000, 138412032 [pid 5870] <... unlink resumed>) = 0 [pid 6817] <... munmap resumed>) = 0 [pid 5870] getdents64(3, [pid 6817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6817] <... openat resumed>) = 4 [pid 5870] close(3) = 0 [pid 5870] rmdir("./46" [pid 6817] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./47", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 6817] <... ioctl resumed>) = 0 [pid 6817] close(3) = 0 [pid 6817] close(4) = 0 [pid 6817] mkdir("./file0", 0777 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6817] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6821 attached [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6821 [pid 6821] set_robust_list(0x55558d547760, 24 [pid 6818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6817] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6821] <... set_robust_list resumed>) = 0 [pid 6821] chdir("./47") = 0 [pid 6821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6821] setpgid(0, 0) = 0 [pid 6821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6821] write(3, "1000", 4) = 4 [pid 6821] close(3) = 0 [pid 6821] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6821] write(1, "executing program\n", 18) = 18 [pid 6821] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6821] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6824]}, 88) = 6824 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6821] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6824 attached ) = 0 [pid 6821] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6824] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6824] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6824] memfd_create("syzkaller", 0) = 3 [pid 6824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 185.866265][ T6817] loop2: detected capacity change from 0 to 32768 [ 185.887916][ T6817] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 185.917814][ T6817] CPU: 1 UID: 0 PID: 6817 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 185.917846][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 185.917860][ T6817] Call Trace: [ 185.917868][ T6817] [ 185.917877][ T6817] dump_stack_lvl+0x189/0x250 [ 185.917908][ T6817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.917932][ T6817] ? __pfx__printk+0x10/0x10 [ 185.917959][ T6817] ? kernfs_root+0x1c/0x230 [ 185.917985][ T6817] ? kernfs_path_from_node+0x250/0x290 [ 185.918007][ T6817] ? kernfs_path_from_node+0x2f/0x290 [ 185.918031][ T6817] sysfs_create_dir_ns+0x259/0x280 [ 185.918054][ T6817] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 185.918077][ T6817] ? do_raw_spin_unlock+0x122/0x240 [ 185.918106][ T6817] kobject_add_internal+0x59f/0xb40 [ 185.918133][ T6817] kobject_init_and_add+0x125/0x190 [ 185.918159][ T6817] ? __pfx_kobject_init_and_add+0x10/0x10 [ 185.918182][ T6817] ? __raw_spin_lock_init+0x45/0x100 [ 185.918207][ T6817] ? __init_swait_queue_head+0xa9/0x150 [ 185.918233][ T6817] gfs2_sys_fs_add+0x234/0x450 [ 185.918255][ T6817] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 185.918279][ T6817] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 185.918312][ T6817] gfs2_fill_super+0x13c0/0x20d0 [ 185.918345][ T6817] ? __pfx_gfs2_fill_super+0x10/0x10 [ 185.918373][ T6817] ? sb_set_blocksize+0x104/0x180 [ 185.918410][ T6817] ? setup_bdev_super+0x4c1/0x5b0 [ 185.918438][ T6817] get_tree_bdev_flags+0x40b/0x4d0 [ 185.918466][ T6817] ? __pfx_gfs2_fill_super+0x10/0x10 [ 185.918499][ T6817] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 185.918531][ T6817] gfs2_get_tree+0x51/0x1e0 [ 185.918558][ T6817] vfs_get_tree+0x8f/0x2b0 [ 185.918587][ T6817] do_new_mount+0x2a2/0xa30 [ 185.918618][ T6817] ? ns_capable+0x8a/0xf0 [ 185.918637][ T6817] ? __pfx_do_new_mount+0x10/0x10 [ 185.918667][ T6817] ? path_mount+0x61c/0xfe0 [ 185.918693][ T6817] ? user_path_at+0x44/0x60 [ 185.918721][ T6817] __se_sys_mount+0x317/0x410 [ 185.918753][ T6817] ? __pfx___se_sys_mount+0x10/0x10 [pid 6813] exit_group(0) = ? [pid 6814] <... write resumed>) = ? [pid 6814] +++ exited with 0 +++ [pid 6813] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6813, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=64 /* 0.64 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 185.918783][ T6817] ? rcu_is_watching+0x15/0xb0 [ 185.918806][ T6817] ? __x64_sys_mount+0x20/0xc0 [ 185.918837][ T6817] do_syscall_64+0xfa/0x3b0 [ 185.918857][ T6817] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.918878][ T6817] ? clear_bhb_loop+0x60/0xb0 [ 185.918900][ T6817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.918920][ T6817] RIP: 0033:0x7fb47156b94a [pid 5867] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./47/file0") = 0 [pid 5867] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./47/binderfs") = 0 [pid 5867] umount2("./47/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./47/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8421376, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 185.918937][ T6817] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 185.918956][ T6817] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 185.918978][ T6817] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 185.918992][ T6817] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 185.919007][ T6817] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 185.919022][ T6817] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 185.919036][ T6817] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 185.919057][ T6817] [ 185.922294][ T6817] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5867] unlink("./47/cpuset.effective_mems") = 0 [pid 6817] <... mount resumed>) = -1 EEXIST (File exists) [pid 6817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] getdents64(3, [pid 6817] <... openat resumed>) = 3 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6817] ioctl(3, LOOP_CLR_FD [pid 5867] close(3 [pid 6817] <... ioctl resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 6817] close(3 [pid 5867] rmdir("./47") = 0 [pid 5867] mkdir("./48", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6825 attached [pid 6818] <... write resumed>) = 16777216 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6825 [pid 6825] set_robust_list(0x55558d547760, 24 [ 186.294709][ T6817] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6818] munmap(0x7fb469000000, 138412032 [pid 6825] <... set_robust_list resumed>) = 0 [pid 6825] chdir("./48") = 0 [pid 6825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6825] setpgid(0, 0) = 0 [pid 6825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6825] write(3, "1000", 4) = 4 [pid 6825] close(3) = 0 [pid 6825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6825] write(1, "executing program\n", 18executing program ) = 18 [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6825] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6826 attached [pid 6826] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6825] <... clone3 resumed> => {parent_tid=[6826]}, 88) = 6826 [pid 6826] <... rseq resumed>) = 0 [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [pid 6826] set_robust_list(0x7fb4715169a0, 24 [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6826] <... set_robust_list resumed>) = 0 [pid 6825] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], [pid 6825] <... futex resumed>) = 0 [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6826] memfd_create("syzkaller", 0) = 3 [pid 6826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6818] <... munmap resumed>) = 0 [pid 6826] <... mmap resumed>) = 0x7fb469000000 [pid 6818] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6818] close(3) = 0 [pid 6818] close(4) = 0 [pid 6818] mkdir("./file0", 0777) = 0 [pid 6818] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6817] <... close resumed>) = 0 [pid 6817] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] <... futex resumed>) = 0 [pid 6815] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6817] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] <... futex resumed>) = 0 [pid 6815] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 186.423193][ T6818] loop1: detected capacity change from 0 to 32768 [ 186.454288][ T6818] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6817] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6815] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6815] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [ 186.466827][ T6818] CPU: 1 UID: 0 PID: 6818 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 186.466859][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 186.466874][ T6818] Call Trace: [ 186.466882][ T6818] [ 186.466891][ T6818] dump_stack_lvl+0x189/0x250 [ 186.466947][ T6818] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.466971][ T6818] ? __pfx__printk+0x10/0x10 [ 186.466998][ T6818] ? kernfs_root+0x1c/0x230 [ 186.467023][ T6818] ? kernfs_path_from_node+0x250/0x290 [pid 6815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6829]}, 88) = 6829 [pid 6815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6815] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 186.467057][ T6818] ? kernfs_path_from_node+0x2f/0x290 [ 186.467083][ T6818] sysfs_create_dir_ns+0x259/0x280 [ 186.467107][ T6818] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 186.467130][ T6818] ? do_raw_spin_unlock+0x122/0x240 [ 186.467158][ T6818] kobject_add_internal+0x59f/0xb40 [ 186.467195][ T6818] kobject_init_and_add+0x125/0x190 [ 186.467221][ T6818] ? __pfx_kobject_init_and_add+0x10/0x10 [ 186.467245][ T6818] ? __raw_spin_lock_init+0x45/0x100 [ 186.467271][ T6818] ? __init_swait_queue_head+0xa9/0x150 [pid 6815] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6815] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6830]}, 88) = 6830 [pid 6815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6815] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 186.467304][ T6818] gfs2_sys_fs_add+0x234/0x450 [ 186.467325][ T6818] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 186.467350][ T6818] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 186.467384][ T6818] gfs2_fill_super+0x13c0/0x20d0 [ 186.467419][ T6818] ? __pfx_gfs2_fill_super+0x10/0x10 [ 186.467448][ T6818] ? sb_set_blocksize+0x104/0x180 [ 186.467478][ T6818] ? setup_bdev_super+0x4c1/0x5b0 [ 186.467508][ T6818] get_tree_bdev_flags+0x40b/0x4d0 [ 186.467537][ T6818] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6815] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 186.467564][ T6818] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 186.467597][ T6818] gfs2_get_tree+0x51/0x1e0 [ 186.467625][ T6818] vfs_get_tree+0x8f/0x2b0 [ 186.467655][ T6818] do_new_mount+0x2a2/0xa30 [ 186.467689][ T6818] ? ns_capable+0x8a/0xf0 [ 186.467708][ T6818] ? __pfx_do_new_mount+0x10/0x10 [ 186.467739][ T6818] ? path_mount+0x61c/0xfe0 [ 186.467767][ T6818] ? user_path_at+0x44/0x60 [ 186.467795][ T6818] __se_sys_mount+0x317/0x410 [ 186.467830][ T6818] ? __pfx___se_sys_mount+0x10/0x10 [ 186.467859][ T6818] ? rcu_is_watching+0x15/0xb0 ./strace-static-x86_64: Process 6829 attached [pid 6829] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6829] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 186.467883][ T6818] ? __x64_sys_mount+0x20/0xc0 [ 186.467915][ T6818] do_syscall_64+0xfa/0x3b0 [ 186.467938][ T6818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.467958][ T6818] ? clear_bhb_loop+0x60/0xb0 [ 186.467982][ T6818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.468003][ T6818] RIP: 0033:0x7fb47156b94a [ 186.468020][ T6818] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 186.468040][ T6818] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 186.468063][ T6818] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 186.468079][ T6818] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 186.468094][ T6818] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 186.468109][ T6818] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 186.468123][ T6818] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6829] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 6830 attached [pid 6824] <... write resumed>) = 16777216 [pid 6818] <... mount resumed>) = -1 EEXIST (File exists) [pid 6830] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6829] <... openat resumed>) = 4 [pid 6824] munmap(0x7fb469000000, 138412032 [pid 6818] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6817] <... ioctl resumed>) = 0 [pid 6830] <... rseq resumed>) = 0 [pid 6829] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6830] set_robust_list(0x7fb4714d49a0, 24 [pid 6817] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... set_robust_list resumed>) = 0 [pid 6830] rt_sigprocmask(SIG_SETMASK, [], [pid 6817] <... futex resumed>) = 0 [pid 6817] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6830] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6818] <... openat resumed>) = 3 [pid 6818] ioctl(3, LOOP_CLR_FD) = 0 [ 186.468143][ T6818] [ 186.469363][ T6818] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 186.794615][ T6818] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6818] close(3 [pid 6826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6815] exit_group(0 [pid 6829] <... futex resumed>) = ? [pid 6817] <... futex resumed>) = ? [pid 6829] +++ exited with 0 +++ [pid 6817] +++ exited with 0 +++ [pid 6815] <... exit_group resumed>) = ? [pid 6830] <... write resumed>) = ? [pid 6830] +++ exited with 0 +++ [pid 6815] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6815, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=66 /* 0.66 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6824] <... munmap resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./45/file0") = 0 [pid 5869] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6824] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6824] <... openat resumed>) = 4 [pid 6824] ioctl(4, LOOP_SET_FD, 3 [pid 5869] unlink("./45/binderfs") = 0 [pid 5869] umount2("./45/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./45/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=1142784, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./45/cpuset.effective_mems" [pid 6824] <... ioctl resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6824] close(3) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./45" [pid 6824] close(4 [pid 5869] <... rmdir resumed>) = 0 [pid 6824] <... close resumed>) = 0 [pid 5869] mkdir("./46", 0777 [pid 6824] mkdir("./file0", 0777 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6824] <... mkdir resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6824] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6833 attached [pid 6833] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6833 [ 186.937563][ T6824] loop3: detected capacity change from 0 to 32768 [ 186.985569][ T6824] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 186.993019][ T6824] CPU: 0 UID: 0 PID: 6824 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 186.993050][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 186.993063][ T6824] Call Trace: [ 186.993072][ T6824] [ 186.993081][ T6824] dump_stack_lvl+0x189/0x250 [ 186.993114][ T6824] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6826] <... write resumed>) = 16777216 [ 186.993139][ T6824] ? __pfx__printk+0x10/0x10 [ 186.993167][ T6824] ? kernfs_root+0x1c/0x230 [ 186.993193][ T6824] ? kernfs_path_from_node+0x250/0x290 [ 186.993216][ T6824] ? kernfs_path_from_node+0x2f/0x290 [ 186.993242][ T6824] sysfs_create_dir_ns+0x259/0x280 [ 186.993266][ T6824] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 186.993290][ T6824] ? do_raw_spin_unlock+0x122/0x240 [ 186.993318][ T6824] kobject_add_internal+0x59f/0xb40 [ 186.993347][ T6824] kobject_init_and_add+0x125/0x190 [ 186.993373][ T6824] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 6826] munmap(0x7fb469000000, 138412032 [pid 6818] <... close resumed>) = 0 [pid 6818] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6818] openat(AT_FDCWD, ".", O_RDONLY [pid 6816] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... openat resumed>) = 3 [pid 6816] <... futex resumed>) = 0 [pid 6818] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6816] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6818] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 186.993396][ T6824] ? __raw_spin_lock_init+0x45/0x100 [ 186.993422][ T6824] ? __init_swait_queue_head+0xa9/0x150 [ 186.993449][ T6824] gfs2_sys_fs_add+0x234/0x450 [ 186.993472][ T6824] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 186.993495][ T6824] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 186.993529][ T6824] gfs2_fill_super+0x13c0/0x20d0 [ 186.993563][ T6824] ? __pfx_gfs2_fill_super+0x10/0x10 [ 186.993592][ T6824] ? sb_set_blocksize+0x104/0x180 [ 186.993622][ T6824] ? setup_bdev_super+0x4c1/0x5b0 [pid 6816] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... munmap resumed>) = 0 [pid 6833] <... set_robust_list resumed>) = 0 [pid 6833] chdir("./46") = 0 [pid 6833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6833] setpgid(0, 0) = 0 [pid 6833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6833] write(3, "1000", 4) = 4 [pid 6833] close(3) = 0 [pid 6833] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6833] write(1, "executing program\n", 18) = 18 [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6826] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6826] <... openat resumed>) = 4 [pid 6833] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 186.993652][ T6824] get_tree_bdev_flags+0x40b/0x4d0 [ 186.993680][ T6824] ? __pfx_gfs2_fill_super+0x10/0x10 [ 186.993707][ T6824] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 186.993741][ T6824] gfs2_get_tree+0x51/0x1e0 [ 186.993769][ T6824] vfs_get_tree+0x8f/0x2b0 [ 186.993799][ T6824] do_new_mount+0x2a2/0xa30 [ 186.993831][ T6824] ? ns_capable+0x8a/0xf0 [ 186.993850][ T6824] ? __pfx_do_new_mount+0x10/0x10 [ 186.993880][ T6824] ? path_mount+0x61c/0xfe0 [ 186.993908][ T6824] ? user_path_at+0x44/0x60 [ 186.993936][ T6824] __se_sys_mount+0x317/0x410 [pid 6826] ioctl(4, LOOP_SET_FD, 3 [pid 6833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6826] <... ioctl resumed>) = 0 [pid 6833] <... mmap resumed>) = 0x7fb4714f6000 [pid 6818] <... ioctl resumed>) = 0 [pid 6816] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6833] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6826] close(3 [pid 6816] <... futex resumed>) = 0 [pid 6833] <... mprotect resumed>) = 0 [pid 6826] <... close resumed>) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6833] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6826] close(4 [pid 6816] <... mmap resumed>) = 0x7fb4714d5000 [pid 6833] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6826] <... close resumed>) = 0 [pid 6816] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 6833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6826] mkdir("./file0", 0777 [pid 6816] <... mprotect resumed>) = 0 [ 186.993970][ T6824] ? __pfx___se_sys_mount+0x10/0x10 [ 186.994008][ T6824] ? rcu_is_watching+0x15/0xb0 [ 186.994033][ T6824] ? __x64_sys_mount+0x20/0xc0 [ 186.994064][ T6824] do_syscall_64+0xfa/0x3b0 [ 186.994087][ T6824] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.994107][ T6824] ? clear_bhb_loop+0x60/0xb0 [ 186.994130][ T6824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.994151][ T6824] RIP: 0033:0x7fb47156b94a [pid 6826] <... mkdir resumed>) = 0 [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6834 attached [pid 6826] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6833] <... clone3 resumed> => {parent_tid=[6834]}, 88) = 6834 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6835 attached [pid 6834] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6833] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] <... rseq resumed>) = 0 [pid 6833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] <... clone3 resumed> => {parent_tid=[6835]}, 88) = 6835 [pid 6834] set_robust_list(0x7fb4715169a0, 24 [pid 6833] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] <... set_robust_list resumed>) = 0 [pid 6833] <... futex resumed>) = 0 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6816] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] <... futex resumed>) = 0 [pid 6834] memfd_create("syzkaller", 0 [pid 6816] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6835] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6835] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6835] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... memfd_create resumed>) = 3 [pid 6835] <... futex resumed>) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6816] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6834] <... mmap resumed>) = 0x7fb469000000 [pid 6818] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [ 186.994169][ T6824] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 186.994188][ T6824] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 186.994211][ T6824] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 186.994227][ T6824] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 186.994242][ T6824] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 186.994257][ T6824] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6818] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6816] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] <... mount resumed>) = -1 EEXIST (File exists) [pid 6816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6824] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 186.994276][ T6824] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 186.994298][ T6824] [ 186.994323][ T6824] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 187.181930][ T6826] loop0: detected capacity change from 0 to 32768 [ 187.206617][ T6824] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 187.325327][ T6826] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6824] ioctl(3, LOOP_CLR_FD) = 0 [ 187.389479][ T6826] CPU: 1 UID: 0 PID: 6826 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 187.389511][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 187.389525][ T6826] Call Trace: [ 187.389533][ T6826] [ 187.389543][ T6826] dump_stack_lvl+0x189/0x250 [ 187.389574][ T6826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.389599][ T6826] ? __pfx__printk+0x10/0x10 [ 187.389626][ T6826] ? kernfs_root+0x1c/0x230 [ 187.389652][ T6826] ? kernfs_path_from_node+0x250/0x290 [ 187.389675][ T6826] ? kernfs_path_from_node+0x2f/0x290 [ 187.389700][ T6826] sysfs_create_dir_ns+0x259/0x280 [ 187.389723][ T6826] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 187.389746][ T6826] ? do_raw_spin_unlock+0x122/0x240 [ 187.389775][ T6826] kobject_add_internal+0x59f/0xb40 [ 187.389804][ T6826] kobject_init_and_add+0x125/0x190 [ 187.389829][ T6826] ? __pfx_kobject_init_and_add+0x10/0x10 [ 187.389852][ T6826] ? __raw_spin_lock_init+0x45/0x100 [ 187.389877][ T6826] ? __init_swait_queue_head+0xa9/0x150 [ 187.389904][ T6826] gfs2_sys_fs_add+0x234/0x450 [ 187.389926][ T6826] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 187.389950][ T6826] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 187.389984][ T6826] gfs2_fill_super+0x13c0/0x20d0 [ 187.390019][ T6826] ? __pfx_gfs2_fill_super+0x10/0x10 [ 187.390058][ T6826] ? sb_set_blocksize+0x104/0x180 [ 187.390089][ T6826] ? setup_bdev_super+0x4c1/0x5b0 [ 187.390119][ T6826] get_tree_bdev_flags+0x40b/0x4d0 [ 187.390148][ T6826] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6824] close(3) = 0 [pid 6824] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6824] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6824] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6821] <... futex resumed>) = 0 [ 187.390175][ T6826] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 187.390209][ T6826] gfs2_get_tree+0x51/0x1e0 [ 187.390236][ T6826] vfs_get_tree+0x8f/0x2b0 [ 187.390265][ T6826] do_new_mount+0x2a2/0xa30 [ 187.390297][ T6826] ? ns_capable+0x8a/0xf0 [ 187.390316][ T6826] ? __pfx_do_new_mount+0x10/0x10 [ 187.390346][ T6826] ? path_mount+0x61c/0xfe0 [ 187.390373][ T6826] ? user_path_at+0x44/0x60 [ 187.390401][ T6826] __se_sys_mount+0x317/0x410 [ 187.390435][ T6826] ? __pfx___se_sys_mount+0x10/0x10 [pid 6821] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6821] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6821] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6838 attached => {parent_tid=[6838]}, 88) = 6838 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6821] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6838] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 187.390469][ T6826] ? rcu_is_watching+0x15/0xb0 [ 187.390492][ T6826] ? __x64_sys_mount+0x20/0xc0 [ 187.390525][ T6826] do_syscall_64+0xfa/0x3b0 [ 187.390546][ T6826] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.390566][ T6826] ? clear_bhb_loop+0x60/0xb0 [ 187.390589][ T6826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.390610][ T6826] RIP: 0033:0x7fb47156b94a [pid 6838] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6821] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6821] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6821] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6821] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6839]}, 88) = 6839 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6821] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6839 attached [ 187.390640][ T6826] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 187.390658][ T6826] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 187.390680][ T6826] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 187.390696][ T6826] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 187.390711][ T6826] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 187.390726][ T6826] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6821] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6839] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6839] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6839] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6839] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6839] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] <... ioctl resumed>) = 0 [pid 6824] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] <... openat resumed>) = 4 [pid 6838] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6838] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] exit_group(0 [pid 6839] <... futex resumed>) = ? [pid 6821] <... exit_group resumed>) = ? [pid 6839] +++ exited with 0 +++ [pid 6838] <... futex resumed>) = ? [pid 6838] +++ exited with 0 +++ [pid 6824] <... futex resumed>) = ? [pid 6816] exit_group(0) = ? [pid 6826] <... mount resumed>) = -1 EEXIST (File exists) [pid 6835] <... futex resumed>) = ? [pid 6826] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6824] +++ exited with 0 +++ [pid 6821] +++ exited with 0 +++ [pid 6818] <... write resumed>) = ? [pid 6835] +++ exited with 0 +++ [pid 6826] <... openat resumed>) = 3 [pid 6818] +++ exited with 0 +++ [pid 6816] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6821, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=61 /* 0.61 s */} --- [pid 6826] ioctl(3, LOOP_CLR_FD) = 0 [pid 6826] close(3 [pid 6834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6816, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=78 /* 0.78 s */} --- [pid 5868] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./48/file0") = 0 [pid 5868] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./48/binderfs") = 0 [pid 5868] umount2("./48/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./48/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5214208, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./48/cpuset.effective_mems" [ 187.390739][ T6826] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 187.390760][ T6826] [ 187.390938][ T6826] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 187.712243][ T6826] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./47/file0") = 0 [pid 5870] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./47/binderfs") = 0 [pid 5870] umount2("./47/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./47/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./47/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./47") = 0 [pid 5870] mkdir("./48", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6840 attached executing program [pid 6840] set_robust_list(0x55558d547760, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6840 [pid 6840] <... set_robust_list resumed>) = 0 [pid 6840] chdir("./48") = 0 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6840] setpgid(0, 0) = 0 [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6840] write(3, "1000", 4) = 4 [pid 6840] close(3) = 0 [pid 6840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6840] write(1, "executing program\n", 18) = 18 [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6840] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6841 attached => {parent_tid=[6841]}, 88) = 6841 [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6840] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6841] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6841] memfd_create("syzkaller", 0) = 3 [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./48") = 0 [pid 5868] mkdir("./49", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6842 attached , child_tidptr=0x55558d547750) = 6842 [pid 6842] set_robust_list(0x55558d547760, 24) = 0 [pid 6842] chdir("./49") = 0 [pid 6842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6842] setpgid(0, 0) = 0 [pid 6842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6842] write(3, "1000", 4) = 4 [pid 6842] close(3) = 0 [pid 6842] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6842] write(1, "executing program\n", 18) = 18 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6842] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6843]}, 88) = 6843 [pid 6842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6842] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6843 attached [pid 6843] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6843] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6843] memfd_create("syzkaller", 0) = 3 [pid 6843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6826] <... close resumed>) = 0 [pid 6826] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6826] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6826] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6826] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... ioctl resumed>) = 0 [pid 6834] <... write resumed>) = 16777216 [pid 6826] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] <... futex resumed>) = 0 [pid 6826] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6825] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] <... openat resumed>) = 4 [pid 6825] <... futex resumed>) = 0 [pid 6826] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6825] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] munmap(0x7fb469000000, 138412032 [pid 6825] <... futex resumed>) = 0 [pid 6825] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... munmap resumed>) = 0 [pid 6825] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6834] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6834] close(3) = 0 [pid 6834] close(4) = 0 [pid 6834] mkdir("./file0", 0777) = 0 [ 188.047825][ T6834] loop2: detected capacity change from 0 to 32768 [ 188.090274][ T6834] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 188.120648][ T6834] CPU: 1 UID: 0 PID: 6834 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 188.120682][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 188.120697][ T6834] Call Trace: [ 188.120706][ T6834] [ 188.120715][ T6834] dump_stack_lvl+0x189/0x250 [ 188.120746][ T6834] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.120771][ T6834] ? __pfx__printk+0x10/0x10 [ 188.120800][ T6834] ? kernfs_root+0x1c/0x230 [ 188.120825][ T6834] ? kernfs_path_from_node+0x250/0x290 [ 188.120847][ T6834] ? kernfs_path_from_node+0x2f/0x290 [ 188.120871][ T6834] sysfs_create_dir_ns+0x259/0x280 [ 188.120896][ T6834] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 188.120919][ T6834] ? do_raw_spin_unlock+0x122/0x240 [ 188.120948][ T6834] kobject_add_internal+0x59f/0xb40 [ 188.120978][ T6834] kobject_init_and_add+0x125/0x190 [ 188.121005][ T6834] ? __pfx_kobject_init_and_add+0x10/0x10 [ 188.121029][ T6834] ? __raw_spin_lock_init+0x45/0x100 [ 188.121056][ T6834] ? __init_swait_queue_head+0xa9/0x150 [ 188.121083][ T6834] gfs2_sys_fs_add+0x234/0x450 [ 188.121105][ T6834] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 188.121129][ T6834] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 188.121165][ T6834] gfs2_fill_super+0x13c0/0x20d0 [ 188.121209][ T6834] ? __pfx_gfs2_fill_super+0x10/0x10 [ 188.121237][ T6834] ? sb_set_blocksize+0x104/0x180 [ 188.121266][ T6834] ? setup_bdev_super+0x4c1/0x5b0 [ 188.121295][ T6834] get_tree_bdev_flags+0x40b/0x4d0 [ 188.121322][ T6834] ? __pfx_gfs2_fill_super+0x10/0x10 [ 188.121348][ T6834] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 188.121380][ T6834] gfs2_get_tree+0x51/0x1e0 [ 188.121405][ T6834] vfs_get_tree+0x8f/0x2b0 [ 188.121434][ T6834] do_new_mount+0x2a2/0xa30 [pid 6834] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 188.121466][ T6834] ? ns_capable+0x8a/0xf0 [ 188.121486][ T6834] ? __pfx_do_new_mount+0x10/0x10 [ 188.121514][ T6834] ? path_mount+0x61c/0xfe0 [ 188.121541][ T6834] ? user_path_at+0x44/0x60 [ 188.121568][ T6834] __se_sys_mount+0x317/0x410 [ 188.121599][ T6834] ? __pfx___se_sys_mount+0x10/0x10 [ 188.121627][ T6834] ? rcu_is_watching+0x15/0xb0 [ 188.121661][ T6834] ? __x64_sys_mount+0x20/0xc0 [ 188.121690][ T6834] do_syscall_64+0xfa/0x3b0 [ 188.121710][ T6834] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.121728][ T6834] ? clear_bhb_loop+0x60/0xb0 [ 188.121750][ T6834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.121769][ T6834] RIP: 0033:0x7fb47156b94a [ 188.121786][ T6834] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 188.121804][ T6834] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 188.121826][ T6834] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 188.121842][ T6834] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 188.121857][ T6834] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 188.121871][ T6834] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 188.121884][ T6834] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 188.121904][ T6834] [ 188.121961][ T6834] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6825] exit_group(0 [pid 6826] <... write resumed>) = ? [pid 6825] <... exit_group resumed>) = ? [pid 6826] +++ exited with 0 +++ [pid 6825] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6825, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=80 /* 0.80 s */} --- [pid 5867] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6834] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./48/file0") = 0 [pid 5867] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./48/binderfs") = 0 [pid 5867] umount2("./48/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./48/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5259200, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./48/cpuset.effective_mems" [pid 6834] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6834] ioctl(3, LOOP_CLR_FD) = 0 [ 188.452751][ T6834] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6834] close(3 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./48") = 0 [pid 5867] mkdir("./49", 0777 [pid 6843] <... write resumed>) = 16777216 [pid 5867] <... mkdir resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6843] munmap(0x7fb469000000, 138412032 [pid 5867] <... openat resumed>) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6846 attached [pid 6834] <... close resumed>) = 0 [pid 6846] set_robust_list(0x55558d547760, 24 [pid 6834] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6846 [pid 6846] <... set_robust_list resumed>) = 0 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] chdir("./49" [pid 6834] <... futex resumed>) = 1 [pid 6833] <... futex resumed>) = 0 [pid 6846] <... chdir resumed>) = 0 [pid 6834] openat(AT_FDCWD, ".", O_RDONLY [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6834] <... openat resumed>) = 3 [pid 6846] <... prctl resumed>) = 0 [pid 6834] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] setpgid(0, 0 [pid 6841] <... write resumed>) = 16777216 [pid 6834] <... futex resumed>) = 1 [pid 6833] <... futex resumed>) = 0 [pid 6846] <... setpgid resumed>) = 0 [pid 6834] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6833] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6833] <... futex resumed>) = 0 [pid 6846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6841] munmap(0x7fb469000000, 138412032 [pid 6834] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... openat resumed>) = 3 [pid 6846] write(3, "1000", 4) = 4 [pid 6846] close(3) = 0 executing program [pid 6846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6846] write(1, "executing program\n", 18) = 18 [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6846] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6834] <... ioctl resumed>) = 0 [pid 6846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6834] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6833] <... futex resumed>) = 0 [pid 6846] <... mprotect resumed>) = 0 [pid 6834] <... futex resumed>) = 1 [pid 6833] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... openat resumed>) = 4 [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6834] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6834] <... futex resumed>) = 1 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6833] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6847 attached [pid 6846] <... clone3 resumed> => {parent_tid=[6847]}, 88) = 6847 [pid 6843] <... munmap resumed>) = 0 [pid 6847] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6846] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] <... rseq resumed>) = 0 [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6843] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6847] set_robust_list(0x7fb4715169a0, 24 [pid 6843] <... openat resumed>) = 4 [pid 6847] <... set_robust_list resumed>) = 0 [pid 6843] ioctl(4, LOOP_SET_FD, 3 [pid 6847] rt_sigprocmask(SIG_SETMASK, [], [pid 6843] <... ioctl resumed>) = 0 [pid 6847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6847] memfd_create("syzkaller", 0) = 3 [pid 6843] close(3 [pid 6841] <... munmap resumed>) = 0 [pid 6847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6843] <... close resumed>) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6833] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6843] close(4) = 0 [pid 6841] <... openat resumed>) = 4 [pid 6843] mkdir("./file0", 0777 [pid 6841] ioctl(4, LOOP_SET_FD, 3 [pid 6843] <... mkdir resumed>) = 0 [ 188.677810][ T6843] loop1: detected capacity change from 0 to 32768 [ 188.707528][ T6841] loop3: detected capacity change from 0 to 32768 [pid 6843] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6841] <... ioctl resumed>) = 0 [pid 6841] close(3) = 0 [pid 6841] close(4) = 0 [pid 6841] mkdir("./file0", 0777) = 0 [ 188.727718][ T6843] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 188.755831][ T6843] CPU: 1 UID: 0 PID: 6843 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 188.755864][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 188.755877][ T6843] Call Trace: [ 188.755886][ T6843] [ 188.755895][ T6843] dump_stack_lvl+0x189/0x250 [ 188.755927][ T6843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.755952][ T6843] ? __pfx__printk+0x10/0x10 [ 188.755980][ T6843] ? kernfs_root+0x1c/0x230 [ 188.756005][ T6843] ? kernfs_path_from_node+0x250/0x290 [ 188.756028][ T6843] ? kernfs_path_from_node+0x2f/0x290 [ 188.756052][ T6843] sysfs_create_dir_ns+0x259/0x280 [ 188.756075][ T6843] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 188.756099][ T6843] ? do_raw_spin_unlock+0x122/0x240 [ 188.756127][ T6843] kobject_add_internal+0x59f/0xb40 [ 188.756156][ T6843] kobject_init_and_add+0x125/0x190 [ 188.756192][ T6843] ? __pfx_kobject_init_and_add+0x10/0x10 [ 188.756216][ T6843] ? __raw_spin_lock_init+0x45/0x100 [ 188.756242][ T6843] ? __init_swait_queue_head+0xa9/0x150 [ 188.756268][ T6843] gfs2_sys_fs_add+0x234/0x450 [ 188.756290][ T6843] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 188.756314][ T6843] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 188.756348][ T6843] gfs2_fill_super+0x13c0/0x20d0 [ 188.756383][ T6843] ? __pfx_gfs2_fill_super+0x10/0x10 [ 188.756412][ T6843] ? sb_set_blocksize+0x104/0x180 [ 188.756446][ T6843] ? setup_bdev_super+0x4c1/0x5b0 [ 188.756476][ T6843] get_tree_bdev_flags+0x40b/0x4d0 [ 188.756503][ T6843] ? __pfx_gfs2_fill_super+0x10/0x10 [ 188.756530][ T6843] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 188.756564][ T6843] gfs2_get_tree+0x51/0x1e0 [ 188.756591][ T6843] vfs_get_tree+0x8f/0x2b0 [ 188.756621][ T6843] do_new_mount+0x2a2/0xa30 [ 188.756653][ T6843] ? ns_capable+0x8a/0xf0 [ 188.756673][ T6843] ? __pfx_do_new_mount+0x10/0x10 [ 188.756702][ T6843] ? path_mount+0x61c/0xfe0 [ 188.756731][ T6843] ? user_path_at+0x44/0x60 [ 188.756758][ T6843] __se_sys_mount+0x317/0x410 [ 188.756793][ T6843] ? __pfx___se_sys_mount+0x10/0x10 [ 188.756822][ T6843] ? rcu_is_watching+0x15/0xb0 [ 188.756846][ T6843] ? __x64_sys_mount+0x20/0xc0 [ 188.756878][ T6843] do_syscall_64+0xfa/0x3b0 [ 188.756900][ T6843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.756920][ T6843] ? clear_bhb_loop+0x60/0xb0 [ 188.756943][ T6843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.756963][ T6843] RIP: 0033:0x7fb47156b94a [ 188.756981][ T6843] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 188.757000][ T6843] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 188.757023][ T6843] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 188.757038][ T6843] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 188.757053][ T6843] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 188.757080][ T6843] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 188.757094][ T6843] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 188.757114][ T6843] [ 188.762183][ T6843] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 189.079619][ T6843] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 189.079769][ T6841] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 189.106738][ T6841] CPU: 0 UID: 0 PID: 6841 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 189.106768][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 189.106791][ T6841] Call Trace: [ 189.106799][ T6841] [ 189.106809][ T6841] dump_stack_lvl+0x189/0x250 [ 189.106840][ T6841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.106864][ T6841] ? __pfx__printk+0x10/0x10 [ 189.106890][ T6841] ? kernfs_root+0x1c/0x230 [ 189.106915][ T6841] ? kernfs_path_from_node+0x250/0x290 [ 189.106937][ T6841] ? kernfs_path_from_node+0x2f/0x290 [ 189.106960][ T6841] sysfs_create_dir_ns+0x259/0x280 [ 189.106984][ T6841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 189.107006][ T6841] ? do_raw_spin_unlock+0x122/0x240 [ 189.107070][ T6841] kobject_add_internal+0x59f/0xb40 [ 189.107100][ T6841] kobject_init_and_add+0x125/0x190 [ 189.107125][ T6841] ? __pfx_kobject_init_and_add+0x10/0x10 [ 189.107148][ T6841] ? __raw_spin_lock_init+0x45/0x100 [ 189.107172][ T6841] ? __init_swait_queue_head+0xa9/0x150 [ 189.107198][ T6841] gfs2_sys_fs_add+0x234/0x450 [ 189.107220][ T6841] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 189.107243][ T6841] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 189.107276][ T6841] gfs2_fill_super+0x13c0/0x20d0 [ 189.107310][ T6841] ? __pfx_gfs2_fill_super+0x10/0x10 [ 189.107338][ T6841] ? sb_set_blocksize+0x104/0x180 [ 189.107367][ T6841] ? setup_bdev_super+0x4c1/0x5b0 [ 189.107395][ T6841] get_tree_bdev_flags+0x40b/0x4d0 [ 189.107423][ T6841] ? __pfx_gfs2_fill_super+0x10/0x10 [ 189.107448][ T6841] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 189.107481][ T6841] gfs2_get_tree+0x51/0x1e0 [ 189.107507][ T6841] vfs_get_tree+0x8f/0x2b0 [ 189.107535][ T6841] do_new_mount+0x2a2/0xa30 [pid 6841] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6843] <... mount resumed>) = -1 EEXIST (File exists) [pid 6834] <... write resumed>) = 16777152 [pid 6834] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6843] ioctl(3, LOOP_CLR_FD) = 0 [pid 6843] close(3 [pid 6833] exit_group(0 [pid 6834] <... futex resumed>) = ? [pid 6834] +++ exited with 0 +++ [pid 6833] <... exit_group resumed>) = ? [ 189.107565][ T6841] ? ns_capable+0x8a/0xf0 [ 189.107584][ T6841] ? __pfx_do_new_mount+0x10/0x10 [ 189.107613][ T6841] ? path_mount+0x61c/0xfe0 [ 189.107640][ T6841] ? user_path_at+0x44/0x60 [ 189.107667][ T6841] __se_sys_mount+0x317/0x410 [ 189.107718][ T6841] ? __pfx___se_sys_mount+0x10/0x10 [ 189.107748][ T6841] ? rcu_is_watching+0x15/0xb0 [ 189.107770][ T6841] ? __x64_sys_mount+0x20/0xc0 [ 189.107813][ T6841] do_syscall_64+0xfa/0x3b0 [ 189.107835][ T6841] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6833] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6833, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=98 /* 0.98 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 189.107855][ T6841] ? clear_bhb_loop+0x60/0xb0 [ 189.107877][ T6841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.107897][ T6841] RIP: 0033:0x7fb47156b94a [ 189.107915][ T6841] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 189.107934][ T6841] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 189.107956][ T6841] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./46/file0") = 0 [pid 5869] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./46/binderfs") = 0 [pid 5869] umount2("./46/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./46/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=16777152, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 189.107972][ T6841] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 189.107987][ T6841] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 189.108001][ T6841] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 189.108015][ T6841] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 189.108036][ T6841] [ 189.108395][ T6841] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5869] unlink("./46/cpuset.effective_mems" [pid 6841] <... mount resumed>) = -1 EEXIST (File exists) [pid 6841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6841] ioctl(3, LOOP_CLR_FD) = 0 [pid 6841] close(3 [ 189.430548][ T6841] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6841] <... close resumed>) = 0 [pid 6841] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, ".", O_RDONLY [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... openat resumed>) = 3 [pid 6841] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6841] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 6841] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... openat resumed>) = 4 [pid 6841] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6841] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6840] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... close resumed>) = 0 [pid 6843] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] openat(AT_FDCWD, ".", O_RDONLY [pid 6842] <... futex resumed>) = 0 [pid 6843] <... openat resumed>) = 3 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6843] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] <... futex resumed>) = 0 [pid 6843] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6842] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... ioctl resumed>) = 0 [pid 6843] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] <... futex resumed>) = 0 [pid 6843] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6842] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6842] <... futex resumed>) = 0 [pid 6843] <... openat resumed>) = 4 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6843] <... futex resumed>) = 0 [pid 6842] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./46") = 0 [pid 5869] mkdir("./47", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6847] <... write resumed>) = 16777216 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6852 attached [pid 6847] munmap(0x7fb469000000, 138412032 [pid 6852] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6852 [pid 6852] <... set_robust_list resumed>) = 0 [pid 6852] chdir("./47") = 0 [pid 6852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6852] setpgid(0, 0) = 0 [pid 6852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6852] write(3, "1000", 4) = 4 [pid 6852] close(3) = 0 [pid 6852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6852] write(1, "executing program\n", 18) = 18 [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6852] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6853 attached => {parent_tid=[6853]}, 88) = 6853 [pid 6852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6852] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6853] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6853] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6853] memfd_create("syzkaller", 0) = 3 [pid 6853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6847] <... munmap resumed>) = 0 [pid 6847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6847] close(3) = 0 [pid 6847] close(4) = 0 [pid 6847] mkdir("./file0", 0777) = 0 [ 189.838491][ T6847] loop0: detected capacity change from 0 to 32768 [ 189.892872][ T6847] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 189.927185][ T6847] CPU: 0 UID: 0 PID: 6847 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 189.927221][ T6847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 189.927237][ T6847] Call Trace: [ 189.927247][ T6847] [ 189.927257][ T6847] dump_stack_lvl+0x189/0x250 [ 189.927291][ T6847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.927320][ T6847] ? __pfx__printk+0x10/0x10 [ 189.927350][ T6847] ? kernfs_root+0x1c/0x230 [ 189.927379][ T6847] ? kernfs_path_from_node+0x250/0x290 [ 189.927405][ T6847] ? kernfs_path_from_node+0x2f/0x290 [ 189.927433][ T6847] sysfs_create_dir_ns+0x259/0x280 [ 189.927460][ T6847] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 189.927485][ T6847] ? do_raw_spin_unlock+0x122/0x240 [ 189.927517][ T6847] kobject_add_internal+0x59f/0xb40 [ 189.927549][ T6847] kobject_init_and_add+0x125/0x190 [ 189.927578][ T6847] ? __pfx_kobject_init_and_add+0x10/0x10 [ 189.927605][ T6847] ? __raw_spin_lock_init+0x45/0x100 [ 189.927634][ T6847] ? __init_swait_queue_head+0xa9/0x150 [ 189.927663][ T6847] gfs2_sys_fs_add+0x234/0x450 [ 189.927689][ T6847] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 189.927716][ T6847] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 189.927754][ T6847] gfs2_fill_super+0x13c0/0x20d0 [ 189.927794][ T6847] ? __pfx_gfs2_fill_super+0x10/0x10 [ 189.927827][ T6847] ? sb_set_blocksize+0x104/0x180 [ 189.927861][ T6847] ? setup_bdev_super+0x4c1/0x5b0 [ 189.927900][ T6847] get_tree_bdev_flags+0x40b/0x4d0 [ 189.927932][ T6847] ? __pfx_gfs2_fill_super+0x10/0x10 [ 189.927974][ T6847] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 189.928013][ T6847] gfs2_get_tree+0x51/0x1e0 [ 189.928045][ T6847] vfs_get_tree+0x8f/0x2b0 [pid 6847] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6840] exit_group(0) = ? [pid 6841] <... write resumed>) = ? [pid 6841] +++ exited with 0 +++ [pid 6840] +++ exited with 0 +++ [pid 6842] exit_group(0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6840, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=93 /* 0.93 s */} --- [pid 6842] <... exit_group resumed>) = ? [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 189.928078][ T6847] do_new_mount+0x2a2/0xa30 [ 189.928114][ T6847] ? ns_capable+0x8a/0xf0 [ 189.928137][ T6847] ? __pfx_do_new_mount+0x10/0x10 [ 189.928170][ T6847] ? path_mount+0x61c/0xfe0 [ 189.928202][ T6847] ? user_path_at+0x44/0x60 [ 189.928233][ T6847] __se_sys_mount+0x317/0x410 [ 189.928272][ T6847] ? __pfx___se_sys_mount+0x10/0x10 [ 189.928305][ T6847] ? rcu_is_watching+0x15/0xb0 [ 189.928332][ T6847] ? __x64_sys_mount+0x20/0xc0 [ 189.928368][ T6847] do_syscall_64+0xfa/0x3b0 [pid 5870] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./48/file0") = 0 [pid 5870] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./48/binderfs") = 0 [pid 5870] umount2("./48/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./48/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=15122432, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 189.928393][ T6847] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.928416][ T6847] ? clear_bhb_loop+0x60/0xb0 [ 189.928441][ T6847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.928465][ T6847] RIP: 0033:0x7fb47156b94a [ 189.928485][ T6847] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 189.928505][ T6847] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 189.928530][ T6847] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 189.928549][ T6847] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 189.928567][ T6847] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 189.928584][ T6847] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 189.928599][ T6847] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 189.928624][ T6847] [pid 5870] unlink("./48/cpuset.effective_mems" [pid 6843] <... write resumed>) = ? [pid 6843] +++ exited with 0 +++ [pid 6842] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6842, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=88 /* 0.88 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6847] <... mount resumed>) = -1 EEXIST (File exists) [pid 6847] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5868] <... restart_syscall resumed>) = 0 [pid 6847] <... openat resumed>) = 3 [pid 6847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5868] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./49/file0") = 0 [pid 5868] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./49/binderfs") = 0 [pid 5868] umount2("./49/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./49/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8826880, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 189.930873][ T6847] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 190.247788][ T6847] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5868] unlink("./49/cpuset.effective_mems" [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./48") = 0 [pid 5870] mkdir("./49", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6856 ./strace-static-x86_64: Process 6856 attached [pid 6856] set_robust_list(0x55558d547760, 24) = 0 [pid 6856] chdir("./49") = 0 [pid 6856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6856] setpgid(0, 0) = 0 [pid 6856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6856] write(3, "1000", 4) = 4 [pid 6856] close(3) = 0 [pid 6856] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6856] write(1, "executing program\n", 18) = 18 [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6847] <... close resumed>) = 0 [pid 6856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6847] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6847] <... futex resumed>) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6856] <... mprotect resumed>) = 0 [pid 6847] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6846] <... futex resumed>) = 0 [pid 6856] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6847] openat(AT_FDCWD, ".", O_RDONLY./strace-static-x86_64: Process 6857 attached ) = 3 [pid 5868] <... unlink resumed>) = 0 [pid 6857] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6856] <... clone3 resumed> => {parent_tid=[6857]}, 88) = 6857 [pid 6847] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 6857] <... rseq resumed>) = 0 [pid 6856] rt_sigprocmask(SIG_SETMASK, [], [pid 6847] <... futex resumed>) = 1 [pid 6846] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6857] set_robust_list(0x7fb4715169a0, 24 [pid 6856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6847] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 6857] <... set_robust_list resumed>) = 0 [pid 6856] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6846] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6857] rt_sigprocmask(SIG_SETMASK, [], [pid 6856] <... futex resumed>) = 0 [pid 6847] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] rmdir("./49" [pid 6857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6857] memfd_create("syzkaller", 0) = 3 [pid 6857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6847] <... ioctl resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6847] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] mkdir("./50", 0777 [pid 6847] <... futex resumed>) = 1 [pid 6847] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] <... futex resumed>) = 0 [pid 6846] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = 1 [pid 6847] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... openat resumed>) = 4 [pid 6847] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... mkdir resumed>) = 0 [pid 6847] <... futex resumed>) = 1 [pid 6846] <... futex resumed>) = 0 [pid 6847] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6846] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6846] <... futex resumed>) = 0 [pid 6847] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6846] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6858 ./strace-static-x86_64: Process 6858 attached [pid 6858] set_robust_list(0x55558d547760, 24) = 0 [pid 6858] chdir("./50") = 0 [pid 6858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6858] setpgid(0, 0) = 0 [pid 6858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6858] write(3, "1000", 4) = 4 [pid 6858] close(3) = 0 [pid 6858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6858] write(1, "executing program\n", 18) = 18 executing program [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6853] <... write resumed>) = 16777216 [pid 6858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6853] munmap(0x7fb469000000, 138412032 [pid 6858] <... mmap resumed>) = 0x7fb4714f6000 [pid 6858] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6859]}, 88) = 6859 [pid 6858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6858] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6859 attached [pid 6846] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6859] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6859] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6859] memfd_create("syzkaller", 0) = 3 [pid 6859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6853] <... munmap resumed>) = 0 [pid 6853] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6853] close(3) = 0 [pid 6853] close(4) = 0 [pid 6853] mkdir("./file0", 0777) = 0 [ 190.576873][ T6853] loop2: detected capacity change from 0 to 32768 [ 190.609473][ T6853] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 190.630726][ T6853] CPU: 0 UID: 0 PID: 6853 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 190.630759][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 190.630774][ T6853] Call Trace: [ 190.630783][ T6853] [ 190.630793][ T6853] dump_stack_lvl+0x189/0x250 [ 190.630824][ T6853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.630849][ T6853] ? __pfx__printk+0x10/0x10 [ 190.630876][ T6853] ? kernfs_root+0x1c/0x230 [pid 6853] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6846] exit_group(0) = ? [ 190.630901][ T6853] ? kernfs_path_from_node+0x250/0x290 [ 190.630923][ T6853] ? kernfs_path_from_node+0x2f/0x290 [ 190.630948][ T6853] sysfs_create_dir_ns+0x259/0x280 [ 190.630972][ T6853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 190.630993][ T6853] ? preempt_schedule_thunk+0x16/0x30 [ 190.631015][ T6853] kobject_add_internal+0x59f/0xb40 [ 190.631044][ T6853] kobject_init_and_add+0x125/0x190 [ 190.631068][ T6853] ? __pfx_kobject_init_and_add+0x10/0x10 [ 190.631091][ T6853] ? __raw_spin_lock_init+0x45/0x100 [ 190.631117][ T6853] ? __init_swait_queue_head+0xa9/0x150 [ 190.631143][ T6853] gfs2_sys_fs_add+0x234/0x450 [ 190.631166][ T6853] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 190.631189][ T6853] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 190.631223][ T6853] gfs2_fill_super+0x13c0/0x20d0 [ 190.631258][ T6853] ? __pfx_gfs2_fill_super+0x10/0x10 [ 190.631287][ T6853] ? sb_set_blocksize+0x104/0x180 [ 190.631317][ T6853] ? setup_bdev_super+0x4c1/0x5b0 [ 190.631346][ T6853] get_tree_bdev_flags+0x40b/0x4d0 [ 190.631374][ T6853] ? __pfx_gfs2_fill_super+0x10/0x10 [ 190.631399][ T6853] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 190.631432][ T6853] gfs2_get_tree+0x51/0x1e0 [ 190.631459][ T6853] vfs_get_tree+0x8f/0x2b0 [ 190.631487][ T6853] do_new_mount+0x2a2/0xa30 [ 190.631518][ T6853] ? ns_capable+0x8a/0xf0 [ 190.631537][ T6853] ? __pfx_do_new_mount+0x10/0x10 [ 190.631565][ T6853] ? path_mount+0x61c/0xfe0 [ 190.631593][ T6853] ? user_path_at+0x44/0x60 [ 190.631620][ T6853] __se_sys_mount+0x317/0x410 [ 190.631653][ T6853] ? __pfx___se_sys_mount+0x10/0x10 [ 190.631682][ T6853] ? rcu_is_watching+0x15/0xb0 [ 190.631714][ T6853] ? __x64_sys_mount+0x20/0xc0 [ 190.631745][ T6853] do_syscall_64+0xfa/0x3b0 [ 190.631767][ T6853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.631787][ T6853] ? clear_bhb_loop+0x60/0xb0 [ 190.631809][ T6853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.631830][ T6853] RIP: 0033:0x7fb47156b94a [ 190.631849][ T6853] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6847] <... write resumed>) = ? [pid 6847] +++ exited with 0 +++ [pid 6846] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6846, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=69 /* 0.69 s */} --- [pid 5867] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./49/file0") = 0 [pid 5867] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./49/binderfs") = 0 [ 190.631868][ T6853] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 190.631891][ T6853] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 190.631907][ T6853] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 190.631922][ T6853] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 190.631936][ T6853] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 190.631952][ T6853] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5867] umount2("./49/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./49/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3948544, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./49/cpuset.effective_mems" [pid 6853] <... mount resumed>) = -1 EEXIST (File exists) [pid 6853] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6853] ioctl(3, LOOP_CLR_FD) = 0 [pid 6853] close(3 [pid 6859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5867] <... unlink resumed>) = 0 [ 190.631973][ T6853] [ 190.631996][ T6853] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 190.954027][ T6853] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./49") = 0 [pid 5867] mkdir("./50", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6862 attached [pid 6862] set_robust_list(0x55558d547760, 24) = 0 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6862 [pid 6862] chdir("./50") = 0 [pid 6862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6862] setpgid(0, 0) = 0 [pid 6862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6862] write(3, "1000", 4) = 4 [pid 6862] close(3) = 0 [pid 6862] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6862] write(1, "executing program\n", 18) = 18 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6862] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6863]}, 88) = 6863 [pid 6862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6862] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6863 attached [pid 6863] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6863] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6863] memfd_create("syzkaller", 0) = 3 [pid 6863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6857] <... write resumed>) = 16777216 [pid 6857] munmap(0x7fb469000000, 138412032 [pid 6853] <... close resumed>) = 0 [pid 6853] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6852] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6852] <... futex resumed>) = 0 [pid 6853] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] <... futex resumed>) = 0 [pid 6852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6853] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6852] <... futex resumed>) = 0 [pid 6853] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] <... munmap resumed>) = 0 [pid 6857] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6857] ioctl(4, LOOP_SET_FD, 3 [pid 6859] <... write resumed>) = 16777216 [pid 6859] munmap(0x7fb469000000, 138412032 [pid 6857] <... ioctl resumed>) = 0 [pid 6853] <... ioctl resumed>) = 0 [pid 6853] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6852] <... futex resumed>) = 0 [pid 6853] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6852] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6852] <... futex resumed>) = 0 [pid 6853] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] close(3) = 0 [pid 6853] <... openat resumed>) = 4 [pid 6853] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] close(4 [pid 6853] <... futex resumed>) = 1 [pid 6852] <... futex resumed>) = 0 [pid 6857] <... close resumed>) = 0 [pid 6852] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6857] mkdir("./file0", 0777) = 0 [ 191.190419][ T6857] loop3: detected capacity change from 0 to 32768 [ 191.252203][ T6857] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 191.276909][ T6857] CPU: 0 UID: 0 PID: 6857 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 191.276941][ T6857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [pid 6857] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6852] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 191.276955][ T6857] Call Trace: [ 191.276963][ T6857] [ 191.276973][ T6857] dump_stack_lvl+0x189/0x250 [ 191.277002][ T6857] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.277026][ T6857] ? __pfx__printk+0x10/0x10 [ 191.277052][ T6857] ? kernfs_root+0x1c/0x230 [ 191.277077][ T6857] ? kernfs_path_from_node+0x250/0x290 [ 191.277098][ T6857] ? kernfs_path_from_node+0x2f/0x290 [ 191.277122][ T6857] sysfs_create_dir_ns+0x259/0x280 [ 191.277145][ T6857] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [pid 6859] <... munmap resumed>) = 0 [ 191.277166][ T6857] ? do_raw_spin_unlock+0x122/0x240 [ 191.277193][ T6857] kobject_add_internal+0x59f/0xb40 [ 191.277219][ T6857] kobject_init_and_add+0x125/0x190 [ 191.277244][ T6857] ? __pfx_kobject_init_and_add+0x10/0x10 [ 191.277267][ T6857] ? __raw_spin_lock_init+0x45/0x100 [ 191.277292][ T6857] ? __init_swait_queue_head+0xa9/0x150 [ 191.277317][ T6857] gfs2_sys_fs_add+0x234/0x450 [ 191.277339][ T6857] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 191.277362][ T6857] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 191.277394][ T6857] gfs2_fill_super+0x13c0/0x20d0 [pid 6859] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 191.277426][ T6857] ? __pfx_gfs2_fill_super+0x10/0x10 [ 191.277454][ T6857] ? sb_set_blocksize+0x104/0x180 [ 191.277483][ T6857] ? setup_bdev_super+0x4c1/0x5b0 [ 191.277510][ T6857] get_tree_bdev_flags+0x40b/0x4d0 [ 191.277536][ T6857] ? __pfx_gfs2_fill_super+0x10/0x10 [ 191.277561][ T6857] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 191.277593][ T6857] gfs2_get_tree+0x51/0x1e0 [ 191.277627][ T6857] vfs_get_tree+0x8f/0x2b0 [ 191.277654][ T6857] do_new_mount+0x2a2/0xa30 [ 191.277684][ T6857] ? ns_capable+0x8a/0xf0 [pid 6859] ioctl(4, LOOP_SET_FD, 3 [pid 6863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6859] <... ioctl resumed>) = 0 [pid 6859] close(3) = 0 [pid 6859] close(4) = 0 [pid 6859] mkdir("./file0", 0777) = 0 [ 191.277703][ T6857] ? __pfx_do_new_mount+0x10/0x10 [ 191.277730][ T6857] ? path_mount+0x61c/0xfe0 [ 191.277757][ T6857] ? user_path_at+0x44/0x60 [ 191.277783][ T6857] __se_sys_mount+0x317/0x410 [ 191.277815][ T6857] ? __pfx___se_sys_mount+0x10/0x10 [ 191.277843][ T6857] ? rcu_is_watching+0x15/0xb0 [ 191.277865][ T6857] ? __x64_sys_mount+0x20/0xc0 [ 191.277894][ T6857] do_syscall_64+0xfa/0x3b0 [ 191.277915][ T6857] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.277935][ T6857] ? clear_bhb_loop+0x60/0xb0 [ 191.277956][ T6857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.277975][ T6857] RIP: 0033:0x7fb47156b94a [ 191.277993][ T6857] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 191.278011][ T6857] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 191.278031][ T6857] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6859] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6852] exit_group(0) = ? [ 191.278046][ T6857] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 191.278061][ T6857] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 191.278075][ T6857] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 191.278088][ T6857] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 191.278109][ T6857] [ 191.278131][ T6857] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 191.397129][ T6859] loop1: detected capacity change from 0 to 32768 [pid 6853] <... write resumed>) = ? [pid 6853] +++ exited with 0 +++ [pid 6852] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6852, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=75 /* 0.75 s */} --- [pid 5869] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 6857] <... mount resumed>) = -1 EEXIST (File exists) [pid 5869] rmdir("./47/file0") = 0 [pid 5869] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./47/binderfs") = 0 [pid 5869] umount2("./47/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] newfstatat(AT_FDCWD, "./47/cpuset.effective_mems", [pid 6857] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=6123520, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 191.401060][ T6857] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 191.615363][ T6859] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6857] ioctl(3, LOOP_CLR_FD [pid 5869] unlink("./47/cpuset.effective_mems" [pid 6857] <... ioctl resumed>) = 0 [pid 6857] close(3 [pid 6863] <... write resumed>) = 16777216 [ 191.665671][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 191.665702][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 191.665717][ T6859] Call Trace: [ 191.665725][ T6859] [ 191.665735][ T6859] dump_stack_lvl+0x189/0x250 [ 191.665767][ T6859] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.665793][ T6859] ? __pfx__printk+0x10/0x10 [ 191.665829][ T6859] ? kernfs_root+0x1c/0x230 [ 191.665855][ T6859] ? kernfs_path_from_node+0x250/0x290 [ 191.665878][ T6859] ? kernfs_path_from_node+0x2f/0x290 [ 191.665903][ T6859] sysfs_create_dir_ns+0x259/0x280 [ 191.665926][ T6859] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 191.665950][ T6859] ? do_raw_spin_unlock+0x122/0x240 [ 191.665978][ T6859] kobject_add_internal+0x59f/0xb40 [ 191.666007][ T6859] kobject_init_and_add+0x125/0x190 [ 191.666032][ T6859] ? __pfx_kobject_init_and_add+0x10/0x10 [ 191.666056][ T6859] ? __raw_spin_lock_init+0x45/0x100 [ 191.666082][ T6859] ? __init_swait_queue_head+0xa9/0x150 [ 191.666108][ T6859] gfs2_sys_fs_add+0x234/0x450 [ 191.666130][ T6859] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 191.666155][ T6859] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 191.666189][ T6859] gfs2_fill_super+0x13c0/0x20d0 [ 191.666224][ T6859] ? __pfx_gfs2_fill_super+0x10/0x10 [ 191.666253][ T6859] ? sb_set_blocksize+0x104/0x180 [ 191.666284][ T6859] ? setup_bdev_super+0x4c1/0x5b0 [ 191.666313][ T6859] get_tree_bdev_flags+0x40b/0x4d0 [ 191.666342][ T6859] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6863] munmap(0x7fb469000000, 138412032 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./47") = 0 [pid 5869] mkdir("./48", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 191.666369][ T6859] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 191.666423][ T6859] gfs2_get_tree+0x51/0x1e0 [ 191.666453][ T6859] vfs_get_tree+0x8f/0x2b0 [ 191.666482][ T6859] do_new_mount+0x2a2/0xa30 [ 191.666515][ T6859] ? ns_capable+0x8a/0xf0 [ 191.666534][ T6859] ? __pfx_do_new_mount+0x10/0x10 [ 191.666565][ T6859] ? path_mount+0x61c/0xfe0 [ 191.666592][ T6859] ? user_path_at+0x44/0x60 [ 191.666620][ T6859] __se_sys_mount+0x317/0x410 [ 191.666654][ T6859] ? __pfx___se_sys_mount+0x10/0x10 [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6868 attached , child_tidptr=0x55558d547750) = 6868 [pid 6868] set_robust_list(0x55558d547760, 24) = 0 [pid 6868] chdir("./48") = 0 [pid 6868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6868] setpgid(0, 0) = 0 [pid 6868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6868] write(3, "1000", 4) = 4 [pid 6868] close(3) = 0 [pid 6868] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6868] write(1, "executing program\n", 18 [pid 6863] <... munmap resumed>) = 0 [pid 6868] <... write resumed>) = 18 [pid 6863] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... openat resumed>) = 4 [ 191.666685][ T6859] ? rcu_is_watching+0x15/0xb0 [ 191.666708][ T6859] ? __x64_sys_mount+0x20/0xc0 [ 191.666741][ T6859] do_syscall_64+0xfa/0x3b0 [ 191.666762][ T6859] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.666784][ T6859] ? clear_bhb_loop+0x60/0xb0 [ 191.666807][ T6859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.666833][ T6859] RIP: 0033:0x7fb47156b94a [pid 6868] <... futex resumed>) = 0 [pid 6863] ioctl(4, LOOP_SET_FD, 3 [pid 6868] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6868] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6869]}, 88) = 6869 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6868] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6869 attached [pid 6869] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6869] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6869] memfd_create("syzkaller", 0) = 3 [ 191.666852][ T6859] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 191.666870][ T6859] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 191.666892][ T6859] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 191.666907][ T6859] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 191.666923][ T6859] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 191.666937][ T6859] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 6869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6863] <... ioctl resumed>) = 0 [pid 6857] <... close resumed>) = 0 [pid 6863] close(3 [pid 6859] <... mount resumed>) = -1 EEXIST (File exists) [pid 6857] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... close resumed>) = 0 [pid 6857] <... futex resumed>) = 1 [pid 6863] close(4 [pid 6857] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] <... futex resumed>) = 0 [pid 6863] <... close resumed>) = 0 [pid 6856] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] mkdir("./file0", 0777 [pid 6857] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6863] <... mkdir resumed>) = 0 [pid 6857] openat(AT_FDCWD, ".", O_RDONLY [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6859] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6857] <... openat resumed>) = 3 [pid 6859] <... openat resumed>) = 3 [pid 6857] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] <... futex resumed>) = 0 [pid 6856] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6856] <... futex resumed>) = 0 [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] ioctl(3, LOOP_CLR_FD) = 0 [ 191.666951][ T6859] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 191.666972][ T6859] [ 191.666995][ T6859] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 191.914020][ T6863] loop0: detected capacity change from 0 to 32768 [ 191.928981][ T6859] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6859] close(3 [pid 6857] <... ioctl resumed>) = 0 [pid 6857] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] <... futex resumed>) = 0 [pid 6856] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] <... futex resumed>) = 0 [pid 6857] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] <... openat resumed>) = 4 [pid 6857] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] <... futex resumed>) = 0 [pid 6856] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6857] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 192.065658][ T6863] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 192.094243][ T6863] CPU: 0 UID: 0 PID: 6863 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 192.094280][ T6863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 192.094303][ T6863] Call Trace: [ 192.094312][ T6863] [ 192.094321][ T6863] dump_stack_lvl+0x189/0x250 [ 192.094352][ T6863] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.094375][ T6863] ? __pfx__printk+0x10/0x10 [ 192.094402][ T6863] ? kernfs_root+0x1c/0x230 [ 192.094427][ T6863] ? kernfs_path_from_node+0x250/0x290 [ 192.094449][ T6863] ? kernfs_path_from_node+0x2f/0x290 [ 192.094474][ T6863] sysfs_create_dir_ns+0x259/0x280 [ 192.094506][ T6863] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 192.094529][ T6863] ? do_raw_spin_unlock+0x122/0x240 [ 192.094568][ T6863] kobject_add_internal+0x59f/0xb40 [ 192.094595][ T6863] kobject_init_and_add+0x125/0x190 [ 192.094620][ T6863] ? __pfx_kobject_init_and_add+0x10/0x10 [ 192.094642][ T6863] ? __raw_spin_lock_init+0x45/0x100 [ 192.094666][ T6863] ? __init_swait_queue_head+0xa9/0x150 [ 192.094692][ T6863] gfs2_sys_fs_add+0x234/0x450 [ 192.094713][ T6863] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 192.094736][ T6863] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 192.094766][ T6863] gfs2_fill_super+0x13c0/0x20d0 [ 192.094807][ T6863] ? __pfx_gfs2_fill_super+0x10/0x10 [ 192.094835][ T6863] ? sb_set_blocksize+0x104/0x180 [ 192.094863][ T6863] ? setup_bdev_super+0x4c1/0x5b0 [ 192.094898][ T6863] get_tree_bdev_flags+0x40b/0x4d0 [ 192.094929][ T6863] ? __pfx_gfs2_fill_super+0x10/0x10 [ 192.094954][ T6863] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 192.094985][ T6863] gfs2_get_tree+0x51/0x1e0 [ 192.095011][ T6863] vfs_get_tree+0x8f/0x2b0 [ 192.095038][ T6863] do_new_mount+0x2a2/0xa30 [ 192.095069][ T6863] ? ns_capable+0x8a/0xf0 [ 192.095087][ T6863] ? __pfx_do_new_mount+0x10/0x10 [ 192.095115][ T6863] ? path_mount+0x61c/0xfe0 [ 192.095145][ T6863] ? user_path_at+0x44/0x60 [ 192.095170][ T6863] __se_sys_mount+0x317/0x410 [ 192.095203][ T6863] ? __pfx___se_sys_mount+0x10/0x10 [ 192.095232][ T6863] ? rcu_is_watching+0x15/0xb0 [ 192.095253][ T6863] ? __x64_sys_mount+0x20/0xc0 [ 192.095284][ T6863] do_syscall_64+0xfa/0x3b0 [ 192.095304][ T6863] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.095325][ T6863] ? clear_bhb_loop+0x60/0xb0 [ 192.095346][ T6863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.095365][ T6863] RIP: 0033:0x7fb47156b94a [ 192.095382][ T6863] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 192.095400][ T6863] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 192.095429][ T6863] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 192.095444][ T6863] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 192.095460][ T6863] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 192.095473][ T6863] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 192.095487][ T6863] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 192.095573][ T6863] [pid 6856] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6859] <... close resumed>) = 0 [pid 6859] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6859] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] <... futex resumed>) = 1 [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6858] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6858] <... futex resumed>) = 1 [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6859] <... ioctl resumed>) = 0 [pid 6859] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6859] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6858] <... futex resumed>) = 0 [pid 6859] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] <... openat resumed>) = 4 [pid 6859] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6859] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6858] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 192.458320][ T6863] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 192.473264][ T6863] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6858] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6863] <... mount resumed>) = -1 EEXIST (File exists) [pid 6863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6863] ioctl(3, LOOP_CLR_FD) = 0 [pid 6863] close(3 [pid 6856] exit_group(0) = ? [pid 6857] <... write resumed>) = ? [pid 6857] +++ exited with 0 +++ [pid 6856] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6856, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=91 /* 0.91 s */} --- [pid 5870] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./49/file0") = 0 [pid 5870] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./49/binderfs") = 0 [pid 5870] umount2("./49/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./49/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=15867904, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./49/cpuset.effective_mems" [pid 6858] exit_group(0) = ? [pid 6859] <... write resumed>) = ? [pid 6859] +++ exited with 0 +++ [pid 6858] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6858, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=80 /* 0.80 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./50/file0") = 0 [pid 5868] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./50/binderfs") = 0 [pid 5868] umount2("./50/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./50/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7188416, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./50/cpuset.effective_mems" [pid 6863] <... close resumed>) = 0 [pid 6863] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] <... futex resumed>) = 0 [pid 6863] <... futex resumed>) = 1 [pid 6862] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] openat(AT_FDCWD, ".", O_RDONLY [pid 6862] <... futex resumed>) = 0 [pid 6863] <... openat resumed>) = 3 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6863] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6862] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] <... ioctl resumed>) = 0 [pid 6863] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6863] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6863] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6862] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6863] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... write resumed>) = 16777216 [pid 6869] munmap(0x7fb469000000, 138412032 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./50") = 0 [pid 5868] mkdir("./51", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3 [pid 6862] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6872 ./strace-static-x86_64: Process 6872 attached [pid 6872] set_robust_list(0x55558d547760, 24 [pid 5870] <... unlink resumed>) = 0 [pid 6872] <... set_robust_list resumed>) = 0 [pid 6872] chdir("./51" [pid 5870] getdents64(3, [pid 6872] <... chdir resumed>) = 0 [pid 6872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6872] <... prctl resumed>) = 0 [pid 6872] setpgid(0, 0) = 0 [pid 5870] close(3 [pid 6872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... close resumed>) = 0 [pid 6872] <... openat resumed>) = 3 [pid 5870] rmdir("./49") = 0 [pid 6872] write(3, "1000", 4) = 4 [pid 6872] close(3 [pid 5870] mkdir("./50", 0777 [pid 6872] <... close resumed>) = 0 [pid 6872] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5870] <... mkdir resumed>) = 0 [pid 6872] write(1, "executing program\n", 18) = 18 [pid 6872] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6872] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5870] <... openat resumed>) = 3 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6872] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6872] <... mprotect resumed>) = 0 [pid 5870] close(3) = 0 [pid 6872] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6872] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6874 attached ./strace-static-x86_64: Process 6873 attached [pid 6869] <... munmap resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6874 [pid 6874] set_robust_list(0x55558d547760, 24 [pid 6873] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6872] <... clone3 resumed> => {parent_tid=[6873]}, 88) = 6873 [pid 6874] <... set_robust_list resumed>) = 0 [pid 6873] <... rseq resumed>) = 0 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], [pid 6874] chdir("./50" [pid 6873] set_robust_list(0x7fb4715169a0, 24 [pid 6872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6874] <... chdir resumed>) = 0 [pid 6873] <... set_robust_list resumed>) = 0 [pid 6872] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6873] rt_sigprocmask(SIG_SETMASK, [], [pid 6872] <... futex resumed>) = 0 [pid 6874] <... prctl resumed>) = 0 [pid 6873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6872] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6874] setpgid(0, 0 [pid 6873] memfd_create("syzkaller", 0 [pid 6874] <... setpgid resumed>) = 0 [pid 6873] <... memfd_create resumed>) = 3 [pid 6874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6874] <... openat resumed>) = 3 [pid 6869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6874] write(3, "1000", 4 [pid 6869] ioctl(4, LOOP_SET_FD, 3 [pid 6874] <... write resumed>) = 4 [pid 6874] close(3) = 0 executing program [pid 6874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6874] write(1, "executing program\n", 18) = 18 [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6874] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6875]}, 88) = 6875 [pid 6874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6874] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6875 attached [pid 6875] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6875] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6875] memfd_create("syzkaller", 0 [pid 6869] <... ioctl resumed>) = 0 [pid 6875] <... memfd_create resumed>) = 3 [pid 6869] close(3 [pid 6875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6869] <... close resumed>) = 0 [pid 6875] <... mmap resumed>) = 0x7fb469000000 [pid 6869] close(4) = 0 [pid 6869] mkdir("./file0", 0777) = 0 [ 192.966501][ T6869] loop2: detected capacity change from 0 to 32768 [ 192.996532][ T6869] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 193.025574][ T6869] CPU: 0 UID: 0 PID: 6869 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 193.025606][ T6869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.025620][ T6869] Call Trace: [ 193.025628][ T6869] [ 193.025638][ T6869] dump_stack_lvl+0x189/0x250 [ 193.025676][ T6869] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.025699][ T6869] ? __pfx__printk+0x10/0x10 [ 193.025726][ T6869] ? kernfs_root+0x1c/0x230 [ 193.025751][ T6869] ? kernfs_path_from_node+0x250/0x290 [ 193.025774][ T6869] ? kernfs_path_from_node+0x2f/0x290 [ 193.025799][ T6869] sysfs_create_dir_ns+0x259/0x280 [ 193.025823][ T6869] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 193.025846][ T6869] ? do_raw_spin_unlock+0x122/0x240 [ 193.025876][ T6869] kobject_add_internal+0x59f/0xb40 [ 193.025905][ T6869] kobject_init_and_add+0x125/0x190 [ 193.025931][ T6869] ? __pfx_kobject_init_and_add+0x10/0x10 [ 193.025955][ T6869] ? __raw_spin_lock_init+0x45/0x100 [pid 6869] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6862] exit_group(0) = ? [ 193.025982][ T6869] ? __init_swait_queue_head+0xa9/0x150 [ 193.026010][ T6869] gfs2_sys_fs_add+0x234/0x450 [ 193.026033][ T6869] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 193.026056][ T6869] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 193.026088][ T6869] gfs2_fill_super+0x13c0/0x20d0 [ 193.026122][ T6869] ? __pfx_gfs2_fill_super+0x10/0x10 [ 193.026149][ T6869] ? sb_set_blocksize+0x104/0x180 [ 193.026177][ T6869] ? setup_bdev_super+0x4c1/0x5b0 [ 193.026206][ T6869] get_tree_bdev_flags+0x40b/0x4d0 [ 193.026236][ T6869] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6863] <... write resumed>) = ? [pid 6863] +++ exited with 0 +++ [pid 6862] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6862, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=52 /* 0.52 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./50/file0") = 0 [pid 5867] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./50/binderfs") = 0 [pid 5867] umount2("./50/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 193.026260][ T6869] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 193.026312][ T6869] gfs2_get_tree+0x51/0x1e0 [ 193.026340][ T6869] vfs_get_tree+0x8f/0x2b0 [ 193.026369][ T6869] do_new_mount+0x2a2/0xa30 [ 193.026399][ T6869] ? ns_capable+0x8a/0xf0 [ 193.026418][ T6869] ? __pfx_do_new_mount+0x10/0x10 [ 193.026446][ T6869] ? path_mount+0x61c/0xfe0 [ 193.026473][ T6869] ? user_path_at+0x44/0x60 [ 193.026499][ T6869] __se_sys_mount+0x317/0x410 [ 193.026530][ T6869] ? __pfx___se_sys_mount+0x10/0x10 [ 193.026558][ T6869] ? rcu_is_watching+0x15/0xb0 [pid 5867] newfstatat(AT_FDCWD, "./50/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5521344, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 193.026581][ T6869] ? __x64_sys_mount+0x20/0xc0 [ 193.026612][ T6869] do_syscall_64+0xfa/0x3b0 [ 193.026634][ T6869] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.026661][ T6869] ? clear_bhb_loop+0x60/0xb0 [ 193.026685][ T6869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.026705][ T6869] RIP: 0033:0x7fb47156b94a [ 193.026723][ T6869] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.026743][ T6869] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 193.026764][ T6869] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 193.026780][ T6869] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 193.026796][ T6869] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 193.026811][ T6869] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 193.026825][ T6869] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5867] unlink("./50/cpuset.effective_mems" [pid 6869] <... mount resumed>) = -1 EEXIST (File exists) [pid 6869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6869] ioctl(3, LOOP_CLR_FD) = 0 [pid 6869] close(3) = 0 [pid 6869] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6869] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = 1 [pid 6869] openat(AT_FDCWD, ".", O_RDONLY [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... openat resumed>) = 3 [pid 6869] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6869] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6868] <... futex resumed>) = 0 [pid 6869] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... unlink resumed>) = 0 [ 193.026847][ T6869] [ 193.026923][ T6869] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 193.344318][ T6869] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3 [pid 6869] <... ioctl resumed>) = 0 [pid 6869] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6869] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6868] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... openat resumed>) = 4 [pid 6868] <... futex resumed>) = 0 [pid 6869] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6869] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6868] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... close resumed>) = 0 [pid 5867] rmdir("./50") = 0 [pid 5867] mkdir("./51", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6878 ./strace-static-x86_64: Process 6878 attached [pid 6878] set_robust_list(0x55558d547760, 24) = 0 [pid 6878] chdir("./51" [pid 6868] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6878] <... chdir resumed>) = 0 [pid 6878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6878] setpgid(0, 0) = 0 [pid 6878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6878] write(3, "1000", 4) = 4 [pid 6878] close(3) = 0 [pid 6878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6878] write(1, "executing program\n", 18executing program ) = 18 [pid 6875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6878] <... mmap resumed>) = 0x7fb4714f6000 [pid 6878] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6879 attached => {parent_tid=[6879]}, 88) = 6879 [pid 6879] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] <... rseq resumed>) = 0 [pid 6878] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] set_robust_list(0x7fb4715169a0, 24 [pid 6878] <... futex resumed>) = 0 [pid 6879] <... set_robust_list resumed>) = 0 [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] memfd_create("syzkaller", 0) = 3 [pid 6879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6873] <... write resumed>) = 16777216 [pid 6873] munmap(0x7fb469000000, 138412032 [pid 6868] exit_group(0) = ? [pid 6869] <... write resumed>) = ? [pid 6875] <... write resumed>) = 16777216 [pid 6869] +++ exited with 0 +++ [pid 6868] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6868, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=65 /* 0.65 s */} --- [pid 5869] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./48/file0") = 0 [pid 5869] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./48/binderfs") = 0 [pid 5869] umount2("./48/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./48/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8089600, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./48/cpuset.effective_mems" [pid 6875] munmap(0x7fb469000000, 138412032 [pid 6873] <... munmap resumed>) = 0 [pid 6873] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6875] <... munmap resumed>) = 0 [pid 6873] close(3 [pid 6875] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6873] <... close resumed>) = 0 [pid 6875] ioctl(4, LOOP_SET_FD, 3 [pid 6873] close(4) = 0 [pid 6873] mkdir("./file0", 0777) = 0 [pid 6873] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6875] <... ioctl resumed>) = 0 [pid 6875] close(3) = 0 [pid 6875] close(4) = 0 [pid 6875] mkdir("./file0", 0777) = 0 [pid 6875] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [ 193.826350][ T6873] loop1: detected capacity change from 0 to 32768 [ 193.850986][ T6875] loop3: detected capacity change from 0 to 32768 [ 193.862007][ T6873] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 5869] rmdir("./48") = 0 [pid 5869] mkdir("./49", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6884 attached , child_tidptr=0x55558d547750) = 6884 [pid 6884] set_robust_list(0x55558d547760, 24) = 0 [pid 6884] chdir("./49") = 0 [pid 6884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6884] setpgid(0, 0) = 0 [pid 6884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 193.874729][ T6875] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 193.895009][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 193.895041][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.895054][ T6873] Call Trace: [ 193.895063][ T6873] [pid 6884] write(3, "1000", 4) = 4 [pid 6884] close(3) = 0 [pid 6884] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6884] write(1, "executing program\n", 18) = 18 [ 193.895072][ T6873] dump_stack_lvl+0x189/0x250 [ 193.895103][ T6873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.895127][ T6873] ? __pfx__printk+0x10/0x10 [ 193.895157][ T6873] ? kernfs_root+0x1c/0x230 [ 193.895182][ T6873] ? kernfs_path_from_node+0x250/0x290 [ 193.895204][ T6873] ? kernfs_path_from_node+0x2f/0x290 [ 193.895229][ T6873] sysfs_create_dir_ns+0x259/0x280 [ 193.895253][ T6873] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 193.895276][ T6873] ? do_raw_spin_unlock+0x122/0x240 [ 193.895304][ T6873] kobject_add_internal+0x59f/0xb40 [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6884] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6885]}, 88) = 6885 [pid 6884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6884] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6885 attached [pid 6885] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6885] set_robust_list(0x7fb4715169a0, 24) = 0 [ 193.895331][ T6873] kobject_init_and_add+0x125/0x190 [ 193.895356][ T6873] ? __pfx_kobject_init_and_add+0x10/0x10 [ 193.895387][ T6873] ? __raw_spin_lock_init+0x45/0x100 [ 193.895412][ T6873] ? __init_swait_queue_head+0xa9/0x150 [ 193.895438][ T6873] gfs2_sys_fs_add+0x234/0x450 [ 193.895460][ T6873] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 193.895483][ T6873] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 193.895517][ T6873] gfs2_fill_super+0x13c0/0x20d0 [ 193.895550][ T6873] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6885] memfd_create("syzkaller", 0) = 3 [pid 6885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 193.895577][ T6873] ? sb_set_blocksize+0x104/0x180 [ 193.895606][ T6873] ? setup_bdev_super+0x4c1/0x5b0 [ 193.895635][ T6873] get_tree_bdev_flags+0x40b/0x4d0 [ 193.895662][ T6873] ? __pfx_gfs2_fill_super+0x10/0x10 [ 193.895687][ T6873] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 193.895720][ T6873] gfs2_get_tree+0x51/0x1e0 [ 193.895747][ T6873] vfs_get_tree+0x8f/0x2b0 [ 193.895774][ T6873] do_new_mount+0x2a2/0xa30 [ 193.895804][ T6873] ? ns_capable+0x8a/0xf0 [ 193.895824][ T6873] ? __pfx_do_new_mount+0x10/0x10 [ 193.895852][ T6873] ? path_mount+0x61c/0xfe0 [ 193.895878][ T6873] ? user_path_at+0x44/0x60 [ 193.895905][ T6873] __se_sys_mount+0x317/0x410 [ 193.895937][ T6873] ? __pfx___se_sys_mount+0x10/0x10 [ 193.895966][ T6873] ? rcu_is_watching+0x15/0xb0 [ 193.895989][ T6873] ? __x64_sys_mount+0x20/0xc0 [ 193.896018][ T6873] do_syscall_64+0xfa/0x3b0 [ 193.896039][ T6873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.896060][ T6873] ? clear_bhb_loop+0x60/0xb0 [ 193.896081][ T6873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.896101][ T6873] RIP: 0033:0x7fb47156b94a [ 193.896118][ T6873] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.896136][ T6873] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 193.896158][ T6873] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 193.896174][ T6873] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 193.896189][ T6873] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 193.896204][ T6873] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 193.896217][ T6873] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 193.896239][ T6873] [ 193.901253][ T6875] CPU: 0 UID: 0 PID: 6875 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 193.901290][ T6875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.901306][ T6875] Call Trace: [ 193.901315][ T6875] [ 193.901325][ T6875] dump_stack_lvl+0x189/0x250 [ 193.901359][ T6875] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.901385][ T6875] ? __pfx__printk+0x10/0x10 [ 193.901417][ T6875] ? kernfs_root+0x1c/0x230 [ 193.901445][ T6875] ? kernfs_path_from_node+0x250/0x290 [ 193.901471][ T6875] ? kernfs_path_from_node+0x2f/0x290 [ 193.901497][ T6875] sysfs_create_dir_ns+0x259/0x280 [ 193.901523][ T6875] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 193.901550][ T6875] ? do_raw_spin_unlock+0x122/0x240 [ 193.901582][ T6875] kobject_add_internal+0x59f/0xb40 [ 193.901622][ T6875] kobject_init_and_add+0x125/0x190 [ 193.901651][ T6875] ? __pfx_kobject_init_and_add+0x10/0x10 [ 193.901677][ T6875] ? __raw_spin_lock_init+0x45/0x100 [ 193.901706][ T6875] ? __init_swait_queue_head+0xa9/0x150 [ 193.901737][ T6875] gfs2_sys_fs_add+0x234/0x450 [ 193.901762][ T6875] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 193.901790][ T6875] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 193.901827][ T6875] gfs2_fill_super+0x13c0/0x20d0 [ 193.901866][ T6875] ? __pfx_gfs2_fill_super+0x10/0x10 [ 193.901899][ T6875] ? sb_set_blocksize+0x104/0x180 [ 193.901934][ T6875] ? setup_bdev_super+0x4c1/0x5b0 [ 193.901968][ T6875] get_tree_bdev_flags+0x40b/0x4d0 [ 193.902002][ T6875] ? __pfx_gfs2_fill_super+0x10/0x10 [ 193.902034][ T6875] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 193.902072][ T6875] gfs2_get_tree+0x51/0x1e0 [ 193.902104][ T6875] vfs_get_tree+0x8f/0x2b0 [ 193.902136][ T6875] do_new_mount+0x2a2/0xa30 [ 193.902172][ T6875] ? ns_capable+0x8a/0xf0 [ 193.902195][ T6875] ? __pfx_do_new_mount+0x10/0x10 [pid 6879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6875] <... mount resumed>) = -1 EEXIST (File exists) [pid 6875] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6875] ioctl(3, LOOP_CLR_FD) = 0 [ 193.902226][ T6875] ? path_mount+0x61c/0xfe0 [ 193.902258][ T6875] ? user_path_at+0x44/0x60 [ 193.902289][ T6875] __se_sys_mount+0x317/0x410 [ 193.902326][ T6875] ? __pfx___se_sys_mount+0x10/0x10 [ 193.902360][ T6875] ? rcu_is_watching+0x15/0xb0 [ 193.902385][ T6875] ? __x64_sys_mount+0x20/0xc0 [ 193.902421][ T6875] do_syscall_64+0xfa/0x3b0 [ 193.902446][ T6875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.902470][ T6875] ? clear_bhb_loop+0x60/0xb0 [ 193.902494][ T6875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.902518][ T6875] RIP: 0033:0x7fb47156b94a [ 193.902538][ T6875] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 193.902558][ T6875] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 193.902583][ T6875] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 193.902602][ T6875] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 6875] close(3 [pid 6879] <... write resumed>) = 16777216 [ 193.902627][ T6875] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 193.902644][ T6875] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 193.902659][ T6875] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 193.902683][ T6875] [ 193.902708][ T6875] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6879] munmap(0x7fb469000000, 138412032 [pid 6873] <... mount resumed>) = -1 EEXIST (File exists) [pid 6873] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6873] ioctl(3, LOOP_CLR_FD) = 0 [ 194.185262][ T6873] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 194.200299][ T6875] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 194.227223][ T6873] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6873] close(3 [pid 6875] <... close resumed>) = 0 [pid 6875] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6875] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6875] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6874] <... futex resumed>) = 1 [pid 6875] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... munmap resumed>) = 0 [pid 6879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6879] ioctl(4, LOOP_SET_FD, 3 [pid 6885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6879] <... ioctl resumed>) = 0 [pid 6875] <... ioctl resumed>) = 0 [pid 6875] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6875] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] close(3 [pid 6874] <... futex resumed>) = 0 [pid 6879] <... close resumed>) = 0 [pid 6874] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6874] <... futex resumed>) = 1 [pid 6879] close(4 [pid 6875] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6879] <... close resumed>) = 0 [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] mkdir("./file0", 0777 [pid 6875] <... openat resumed>) = 4 [pid 6879] <... mkdir resumed>) = 0 [pid 6875] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6875] <... futex resumed>) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 194.633607][ T6879] loop0: detected capacity change from 0 to 32768 [ 194.681303][ T6879] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 194.705733][ T6879] CPU: 1 UID: 0 PID: 6879 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 194.705766][ T6879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [pid 6875] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6874] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 194.705779][ T6879] Call Trace: [ 194.705787][ T6879] [ 194.705795][ T6879] dump_stack_lvl+0x189/0x250 [ 194.705827][ T6879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.705852][ T6879] ? __pfx__printk+0x10/0x10 [ 194.705878][ T6879] ? kernfs_root+0x1c/0x230 [ 194.705903][ T6879] ? kernfs_path_from_node+0x250/0x290 [ 194.705925][ T6879] ? kernfs_path_from_node+0x2f/0x290 [ 194.705949][ T6879] sysfs_create_dir_ns+0x259/0x280 [ 194.705974][ T6879] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 194.705998][ T6879] ? do_raw_spin_unlock+0x122/0x240 [pid 6873] <... close resumed>) = 0 [pid 6873] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 194.706026][ T6879] kobject_add_internal+0x59f/0xb40 [ 194.706055][ T6879] kobject_init_and_add+0x125/0x190 [ 194.706081][ T6879] ? __pfx_kobject_init_and_add+0x10/0x10 [ 194.706126][ T6879] ? __raw_spin_lock_init+0x45/0x100 [ 194.706153][ T6879] ? __init_swait_queue_head+0xa9/0x150 [ 194.706179][ T6879] gfs2_sys_fs_add+0x234/0x450 [ 194.706202][ T6879] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 194.706226][ T6879] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 194.706260][ T6879] gfs2_fill_super+0x13c0/0x20d0 [pid 6873] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] <... futex resumed>) = 0 [pid 6872] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = 0 [pid 6873] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6873] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6872] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 194.706302][ T6879] ? __pfx_gfs2_fill_super+0x10/0x10 [ 194.706332][ T6879] ? sb_set_blocksize+0x104/0x180 [ 194.706363][ T6879] ? setup_bdev_super+0x4c1/0x5b0 [ 194.706393][ T6879] get_tree_bdev_flags+0x40b/0x4d0 [ 194.706421][ T6879] ? __pfx_gfs2_fill_super+0x10/0x10 [ 194.706447][ T6879] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 194.706480][ T6879] gfs2_get_tree+0x51/0x1e0 [ 194.706509][ T6879] vfs_get_tree+0x8f/0x2b0 [ 194.706538][ T6879] do_new_mount+0x2a2/0xa30 [ 194.706571][ T6879] ? ns_capable+0x8a/0xf0 [pid 6873] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6872] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6872] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6872] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6888]}, 88) = 6888 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6872] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6888 attached [pid 6888] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6888] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 194.706591][ T6879] ? __pfx_do_new_mount+0x10/0x10 [ 194.706625][ T6879] ? path_mount+0x61c/0xfe0 [ 194.706653][ T6879] ? user_path_at+0x44/0x60 [ 194.706680][ T6879] __se_sys_mount+0x317/0x410 [ 194.706715][ T6879] ? __pfx___se_sys_mount+0x10/0x10 [ 194.706745][ T6879] ? rcu_is_watching+0x15/0xb0 [ 194.706769][ T6879] ? __x64_sys_mount+0x20/0xc0 [ 194.706800][ T6879] do_syscall_64+0xfa/0x3b0 [ 194.706823][ T6879] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.706844][ T6879] ? clear_bhb_loop+0x60/0xb0 [pid 6888] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6874] exit_group(0) = ? [pid 6875] <... write resumed>) = ? [pid 6872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6872] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6872] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6875] +++ exited with 0 +++ [pid 6874] +++ exited with 0 +++ [pid 6872] <... mmap resumed>) = 0x7fb4714b4000 [pid 6872] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6874, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=76 /* 0.76 s */} --- [pid 6872] <... mprotect resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 6889 attached => {parent_tid=[6889]}, 88) = 6889 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6872] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6889] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 194.706867][ T6879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.706887][ T6879] RIP: 0033:0x7fb47156b94a [ 194.706906][ T6879] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 194.706925][ T6879] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 194.706948][ T6879] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6889] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6889] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6889] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./50/file0") = 0 [pid 5870] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./50/binderfs") = 0 [pid 5870] umount2("./50/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./50/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5320704, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 194.706964][ T6879] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 194.706979][ T6879] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 194.706995][ T6879] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 194.707009][ T6879] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 194.707031][ T6879] [ 194.707074][ T6879] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5870] unlink("./50/cpuset.effective_mems" [pid 6885] <... write resumed>) = 16777216 [pid 6888] <... openat resumed>) = 4 [pid 6879] <... mount resumed>) = -1 EEXIST (File exists) [pid 6885] munmap(0x7fb469000000, 138412032 [pid 6873] <... ioctl resumed>) = 0 [pid 6888] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6873] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] exit_group(0 [pid 6889] <... futex resumed>) = ? [pid 6888] <... futex resumed>) = ? [pid 6879] <... openat resumed>) = 3 [pid 6873] <... futex resumed>) = ? [pid 6872] <... exit_group resumed>) = ? [pid 6889] +++ exited with 0 +++ [pid 6888] +++ exited with 0 +++ [pid 6879] ioctl(3, LOOP_CLR_FD [pid 6873] +++ exited with 0 +++ [pid 6872] +++ exited with 0 +++ [pid 5870] <... unlink resumed>) = 0 [pid 6879] <... ioctl resumed>) = 0 [pid 6879] close(3 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6872, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=64 /* 0.64 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./50") = 0 [pid 5870] mkdir("./51", 0777) = 0 [ 195.030193][ T6879] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5868] <... restart_syscall resumed>) = 0 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5868] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 ./strace-static-x86_64: Process 6890 attached [pid 5868] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6890 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6890] set_robust_list(0x55558d547760, 24 [pid 6885] <... munmap resumed>) = 0 [pid 5868] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6890] <... set_robust_list resumed>) = 0 [pid 6885] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6890] chdir("./51" [pid 5868] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6890] <... chdir resumed>) = 0 [pid 6885] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 4 [pid 6890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6885] ioctl(4, LOOP_SET_FD, 3 [pid 5868] newfstatat(4, "", [pid 6890] <... prctl resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6890] setpgid(0, 0 [pid 5868] getdents64(4, [pid 6890] <... setpgid resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./51/file0") = 0 [pid 6890] <... openat resumed>) = 3 [pid 5868] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6890] write(3, "1000", 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6890] <... write resumed>) = 4 [pid 5868] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6890] close(3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6890] <... close resumed>) = 0 [pid 5868] unlink("./51/binderfs" [pid 6890] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... unlink resumed>) = 0 [pid 6890] <... symlink resumed>) = 0 [pid 5868] umount2("./51/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./51/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./51/cpuset.effective_mems" [pid 6890] write(1, "executing program\n", 18 [pid 5868] <... unlink resumed>) = 0 executing program [pid 6890] <... write resumed>) = 18 [pid 6885] <... ioctl resumed>) = 0 [pid 5868] getdents64(3, [pid 6890] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6890] <... futex resumed>) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./51") = 0 [pid 6890] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5868] mkdir("./52", 0777 [pid 6890] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 6890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6890] <... mmap resumed>) = 0x7fb4714f6000 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6890] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5868] close(3 [pid 6890] <... mprotect resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6890] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6890] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6885] close(3./strace-static-x86_64: Process 6891 attached ) = 0 [pid 6885] close(4) = 0 [pid 6891] set_robust_list(0x55558d547760, 24 [pid 6885] mkdir("./file0", 0777 [pid 6890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6891 ./strace-static-x86_64: Process 6892 attached [pid 6890] <... clone3 resumed> => {parent_tid=[6892]}, 88) = 6892 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], [pid 6891] <... set_robust_list resumed>) = 0 [pid 6885] <... mkdir resumed>) = 0 [pid 6892] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6891] chdir("./52" [pid 6890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6885] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6892] set_robust_list(0x7fb4715169a0, 24 [pid 6891] <... chdir resumed>) = 0 [pid 6892] <... set_robust_list resumed>) = 0 [pid 6891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6892] rt_sigprocmask(SIG_SETMASK, [], [pid 6891] <... prctl resumed>) = 0 [pid 6892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6890] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6892] memfd_create("syzkaller", 0 [pid 6891] setpgid(0, 0) = 0 [pid 6892] <... memfd_create resumed>) = 3 [pid 6892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6892] <... mmap resumed>) = 0x7fb469000000 [pid 6891] <... openat resumed>) = 3 [pid 6891] write(3, "1000", 4) = 4 [pid 6891] close(3) = 0 [pid 6891] symlink("/dev/binderfs", "./binderfs") = 0 [ 195.096096][ T6885] loop2: detected capacity change from 0 to 32768 executing program [pid 6891] write(1, "executing program\n", 18) = 18 [pid 6891] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6891] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [ 195.143076][ T6885] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 195.156294][ T6885] CPU: 0 UID: 0 PID: 6885 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 195.156328][ T6885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 195.156342][ T6885] Call Trace: [ 195.156350][ T6885] [ 195.156360][ T6885] dump_stack_lvl+0x189/0x250 [pid 6891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6891] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6895]}, 88) = 6895 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6891] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6895 attached [pid 6891] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6895] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6895] set_robust_list(0x7fb4715169a0, 24) = 0 [ 195.156392][ T6885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.156416][ T6885] ? __pfx__printk+0x10/0x10 [ 195.156454][ T6885] ? kernfs_root+0x1c/0x230 [ 195.156479][ T6885] ? kernfs_path_from_node+0x250/0x290 [ 195.156501][ T6885] ? kernfs_path_from_node+0x2f/0x290 [ 195.156526][ T6885] sysfs_create_dir_ns+0x259/0x280 [ 195.156550][ T6885] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 195.156573][ T6885] ? do_raw_spin_unlock+0x122/0x240 [ 195.156600][ T6885] kobject_add_internal+0x59f/0xb40 [ 195.156629][ T6885] kobject_init_and_add+0x125/0x190 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6895] memfd_create("syzkaller", 0) = 3 [pid 6895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 195.156655][ T6885] ? __pfx_kobject_init_and_add+0x10/0x10 [ 195.156678][ T6885] ? __raw_spin_lock_init+0x45/0x100 [ 195.156705][ T6885] ? __init_swait_queue_head+0xa9/0x150 [ 195.156732][ T6885] gfs2_sys_fs_add+0x234/0x450 [ 195.156754][ T6885] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 195.156778][ T6885] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 195.156812][ T6885] gfs2_fill_super+0x13c0/0x20d0 [ 195.156847][ T6885] ? __pfx_gfs2_fill_super+0x10/0x10 [ 195.156876][ T6885] ? sb_set_blocksize+0x104/0x180 [ 195.156907][ T6885] ? setup_bdev_super+0x4c1/0x5b0 [ 195.156937][ T6885] get_tree_bdev_flags+0x40b/0x4d0 [ 195.156964][ T6885] ? __pfx_gfs2_fill_super+0x10/0x10 [ 195.156991][ T6885] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 195.157024][ T6885] gfs2_get_tree+0x51/0x1e0 [ 195.157051][ T6885] vfs_get_tree+0x8f/0x2b0 [ 195.157080][ T6885] do_new_mount+0x2a2/0xa30 [ 195.157113][ T6885] ? ns_capable+0x8a/0xf0 [ 195.157133][ T6885] ? __pfx_do_new_mount+0x10/0x10 [ 195.157162][ T6885] ? path_mount+0x61c/0xfe0 [ 195.157192][ T6885] ? user_path_at+0x44/0x60 [ 195.157220][ T6885] __se_sys_mount+0x317/0x410 [ 195.157254][ T6885] ? __pfx___se_sys_mount+0x10/0x10 [ 195.157283][ T6885] ? rcu_is_watching+0x15/0xb0 [ 195.157307][ T6885] ? __x64_sys_mount+0x20/0xc0 [ 195.157337][ T6885] do_syscall_64+0xfa/0x3b0 [ 195.157359][ T6885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.157379][ T6885] ? clear_bhb_loop+0x60/0xb0 [ 195.157402][ T6885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.157422][ T6885] RIP: 0033:0x7fb47156b94a [ 195.157445][ T6885] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 195.157464][ T6885] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 195.157485][ T6885] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 195.157501][ T6885] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 195.157515][ T6885] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6879] <... close resumed>) = 0 [pid 6885] <... mount resumed>) = -1 EEXIST (File exists) [pid 6879] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6885] ioctl(3, LOOP_CLR_FD) = 0 [pid 6885] close(3) = 0 [pid 6885] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6885] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] <... futex resumed>) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] <... futex resumed>) = 1 [pid 6885] <... futex resumed>) = 0 [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6885] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6885] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6879] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6879] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6878] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6879] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6884] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... futex resumed>) = 0 [pid 6884] <... futex resumed>) = 1 [pid 6885] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... ioctl resumed>) = 0 [pid 6879] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6878] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... openat resumed>) = 4 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6885] <... ioctl resumed>) = 0 [ 195.157530][ T6885] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 195.157543][ T6885] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 195.157564][ T6885] [ 195.157630][ T6885] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 195.475324][ T6885] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6885] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6884] <... futex resumed>) = 0 [pid 6885] <... openat resumed>) = 4 [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6884] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6878] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6884] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6878] exit_group(0) = ? [pid 6879] <... write resumed>) = ? [pid 6879] +++ exited with 0 +++ [pid 6878] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6878, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=71 /* 0.71 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./51/file0") = 0 [pid 5867] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./51/binderfs") = 0 [pid 5867] umount2("./51/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./51/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5431296, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./51/cpuset.effective_mems" [pid 6884] exit_group(0) = ? [pid 6885] <... write resumed>) = ? [pid 6885] +++ exited with 0 +++ [pid 6884] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6884, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=70 /* 0.70 s */} --- [pid 5869] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./49/file0") = 0 [pid 5869] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./49/binderfs") = 0 [pid 5869] umount2("./49/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./49/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5718016, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./49/cpuset.effective_mems" [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./51") = 0 [pid 5867] mkdir("./52", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6896 attached , child_tidptr=0x55558d547750) = 6896 [pid 6896] set_robust_list(0x55558d547760, 24) = 0 [pid 6896] chdir("./52") = 0 [pid 6896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6896] setpgid(0, 0) = 0 [pid 6896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6896] write(3, "1000", 4) = 4 [pid 6896] close(3) = 0 [pid 6896] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6896] write(1, "executing program\n", 18) = 18 [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6896] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6897]}, 88) = 6897 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6896] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6897 attached ) = 0 [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6897] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6897] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6897] memfd_create("syzkaller", 0) = 3 [pid 6897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./49") = 0 [pid 5869] mkdir("./50", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6898 ./strace-static-x86_64: Process 6898 attached [pid 6898] set_robust_list(0x55558d547760, 24 [pid 6892] <... write resumed>) = 16777216 [pid 6898] <... set_robust_list resumed>) = 0 [pid 6892] munmap(0x7fb469000000, 138412032 [pid 6898] chdir("./50") = 0 [pid 6898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6898] setpgid(0, 0) = 0 [pid 6898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6895] <... write resumed>) = 16777216 [pid 6898] write(3, "1000", 4) = 4 [pid 6898] close(3) = 0 executing program [pid 6898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6898] write(1, "executing program\n", 18 [pid 6895] munmap(0x7fb469000000, 138412032 [pid 6898] <... write resumed>) = 18 [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6898] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6899 attached [pid 6899] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6898] <... clone3 resumed> => {parent_tid=[6899]}, 88) = 6899 [pid 6899] <... rseq resumed>) = 0 [pid 6898] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] set_robust_list(0x7fb4715169a0, 24 [pid 6898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6899] <... set_robust_list resumed>) = 0 [pid 6898] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] rt_sigprocmask(SIG_SETMASK, [], [pid 6898] <... futex resumed>) = 0 [pid 6899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6899] memfd_create("syzkaller", 0) = 3 [pid 6899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6895] <... munmap resumed>) = 0 [pid 6895] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6892] <... munmap resumed>) = 0 [pid 6895] <... openat resumed>) = 4 [pid 6895] ioctl(4, LOOP_SET_FD, 3 [pid 6892] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6892] ioctl(4, LOOP_SET_FD, 3 [pid 6895] <... ioctl resumed>) = 0 [pid 6892] <... ioctl resumed>) = 0 [pid 6892] close(3) = 0 [pid 6892] close(4) = 0 [pid 6892] mkdir("./file0", 0777 [pid 6895] close(3 [pid 6892] <... mkdir resumed>) = 0 [pid 6892] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6895] <... close resumed>) = 0 [pid 6895] close(4) = 0 [pid 6895] mkdir("./file0", 0777) = 0 [ 196.051067][ T6895] loop1: detected capacity change from 0 to 32768 [ 196.056485][ T6892] loop3: detected capacity change from 0 to 32768 [ 196.088096][ T6892] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 196.117118][ T6895] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 196.126116][ T6892] CPU: 0 UID: 0 PID: 6892 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 196.126209][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 196.126225][ T6892] Call Trace: [ 196.126236][ T6892] [ 196.126248][ T6892] dump_stack_lvl+0x189/0x250 [ 196.126279][ T6892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.126303][ T6892] ? __pfx__printk+0x10/0x10 [ 196.126330][ T6892] ? kernfs_root+0x1c/0x230 [ 196.126355][ T6892] ? kernfs_path_from_node+0x250/0x290 [ 196.126376][ T6892] ? kernfs_path_from_node+0x2f/0x290 [ 196.126401][ T6892] sysfs_create_dir_ns+0x259/0x280 [ 196.126424][ T6892] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 196.126445][ T6892] ? do_raw_spin_unlock+0x122/0x240 [ 196.126473][ T6892] kobject_add_internal+0x59f/0xb40 [ 196.126502][ T6892] kobject_init_and_add+0x125/0x190 [ 196.126527][ T6892] ? __pfx_kobject_init_and_add+0x10/0x10 [ 196.126550][ T6892] ? __raw_spin_lock_init+0x45/0x100 [ 196.126575][ T6892] ? __init_swait_queue_head+0xa9/0x150 [ 196.126602][ T6892] gfs2_sys_fs_add+0x234/0x450 [ 196.126625][ T6892] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 196.126648][ T6892] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 196.126682][ T6892] gfs2_fill_super+0x13c0/0x20d0 [ 196.126717][ T6892] ? __pfx_gfs2_fill_super+0x10/0x10 [ 196.126745][ T6892] ? sb_set_blocksize+0x104/0x180 [ 196.126774][ T6892] ? setup_bdev_super+0x4c1/0x5b0 [ 196.126804][ T6892] get_tree_bdev_flags+0x40b/0x4d0 [ 196.126832][ T6892] ? __pfx_gfs2_fill_super+0x10/0x10 [ 196.126859][ T6892] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 196.126892][ T6892] gfs2_get_tree+0x51/0x1e0 [ 196.126921][ T6892] vfs_get_tree+0x8f/0x2b0 [ 196.126950][ T6892] do_new_mount+0x2a2/0xa30 [ 196.126982][ T6892] ? ns_capable+0x8a/0xf0 [ 196.127002][ T6892] ? __pfx_do_new_mount+0x10/0x10 [ 196.127031][ T6892] ? path_mount+0x61c/0xfe0 [ 196.127059][ T6892] ? user_path_at+0x44/0x60 [ 196.127087][ T6892] __se_sys_mount+0x317/0x410 [ 196.127121][ T6892] ? __pfx___se_sys_mount+0x10/0x10 [ 196.127151][ T6892] ? rcu_is_watching+0x15/0xb0 [ 196.127174][ T6892] ? __x64_sys_mount+0x20/0xc0 [ 196.127220][ T6892] do_syscall_64+0xfa/0x3b0 [ 196.127242][ T6892] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.127262][ T6892] ? clear_bhb_loop+0x60/0xb0 [ 196.127285][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.127306][ T6892] RIP: 0033:0x7fb47156b94a [ 196.127324][ T6892] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 196.127342][ T6892] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 196.127364][ T6892] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 196.127381][ T6892] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 196.127396][ T6892] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 196.127411][ T6892] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 196.127425][ T6892] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 196.127447][ T6892] [ 196.127470][ T6892] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 196.147130][ T6895] CPU: 1 UID: 0 PID: 6895 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 196.147168][ T6895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 196.147185][ T6895] Call Trace: [ 196.147193][ T6895] [ 196.147202][ T6895] dump_stack_lvl+0x189/0x250 [ 196.147239][ T6895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.147268][ T6895] ? __pfx__printk+0x10/0x10 [ 196.147299][ T6895] ? kernfs_root+0x1c/0x230 [ 196.147328][ T6895] ? kernfs_path_from_node+0x250/0x290 [ 196.147352][ T6895] ? kernfs_path_from_node+0x2f/0x290 [ 196.147381][ T6895] sysfs_create_dir_ns+0x259/0x280 [ 196.147406][ T6895] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 196.147441][ T6895] ? do_raw_spin_unlock+0x122/0x240 [ 196.147474][ T6895] kobject_add_internal+0x59f/0xb40 [ 196.147505][ T6895] kobject_init_and_add+0x125/0x190 [ 196.147536][ T6895] ? __pfx_kobject_init_and_add+0x10/0x10 [ 196.147560][ T6895] ? __raw_spin_lock_init+0x45/0x100 [ 196.147590][ T6895] ? __init_swait_queue_head+0xa9/0x150 [ 196.147619][ T6895] gfs2_sys_fs_add+0x234/0x450 [ 196.147645][ T6895] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 196.147672][ T6895] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 196.147710][ T6895] gfs2_fill_super+0x13c0/0x20d0 [pid 6895] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6892] <... mount resumed>) = -1 EEXIST (File exists) [pid 6892] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6892] ioctl(3, LOOP_CLR_FD) = 0 [pid 6892] close(3) = 0 [pid 6892] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6892] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] <... futex resumed>) = 0 [pid 6890] <... futex resumed>) = 1 [pid 6892] openat(AT_FDCWD, ".", O_RDONLY [pid 6890] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] <... openat resumed>) = 3 [pid 6892] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6892] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6890] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6890] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6890] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6904]}, 88) = 6904 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6904 attached NULL, 8) = 0 [pid 6890] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6904] <... rseq resumed>) = 0 [pid 6904] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6904] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6890] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6890] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6890] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6890] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6905]}, 88) = 6905 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6890] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6905 attached [pid 6905] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6905] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6905] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6905] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6905] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [ 196.147749][ T6895] ? __pfx_gfs2_fill_super+0x10/0x10 [ 196.147781][ T6895] ? sb_set_blocksize+0x104/0x180 [ 196.147817][ T6895] ? setup_bdev_super+0x4c1/0x5b0 [ 196.147849][ T6895] get_tree_bdev_flags+0x40b/0x4d0 [ 196.147883][ T6895] ? __pfx_gfs2_fill_super+0x10/0x10 [ 196.147912][ T6895] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 196.147951][ T6895] gfs2_get_tree+0x51/0x1e0 [ 196.147983][ T6895] vfs_get_tree+0x8f/0x2b0 [ 196.148016][ T6895] do_new_mount+0x2a2/0xa30 [ 196.148053][ T6895] ? ns_capable+0x8a/0xf0 [pid 6899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6890] exit_group(0 [pid 6905] <... futex resumed>) = ? [pid 6890] <... exit_group resumed>) = ? [pid 6905] +++ exited with 0 +++ [ 196.148075][ T6895] ? __pfx_do_new_mount+0x10/0x10 [ 196.148108][ T6895] ? path_mount+0x61c/0xfe0 [ 196.148138][ T6895] ? user_path_at+0x44/0x60 [ 196.148168][ T6895] __se_sys_mount+0x317/0x410 [ 196.148206][ T6895] ? __pfx___se_sys_mount+0x10/0x10 [ 196.148238][ T6895] ? rcu_is_watching+0x15/0xb0 [ 196.148265][ T6895] ? __x64_sys_mount+0x20/0xc0 [ 196.148300][ T6895] do_syscall_64+0xfa/0x3b0 [ 196.148325][ T6895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.148347][ T6895] ? clear_bhb_loop+0x60/0xb0 [ 196.148373][ T6895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.148397][ T6895] RIP: 0033:0x7fb47156b94a [ 196.148417][ T6895] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 196.148442][ T6895] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 196.148468][ T6895] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 196.148486][ T6895] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 196.148503][ T6895] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 196.148520][ T6895] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 196.148535][ T6895] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 196.148560][ T6895] [ 196.148586][ T6895] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 196.275196][ T6892] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6897] <... write resumed>) = 16777216 [pid 6895] <... mount resumed>) = -1 EEXIST (File exists) [pid 6895] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6904] <... openat resumed>) = ? [pid 6892] <... ioctl resumed>) = ? [pid 6904] +++ exited with 0 +++ [pid 6892] +++ exited with 0 +++ [pid 6890] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6890, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6897] munmap(0x7fb469000000, 138412032 [pid 6895] <... openat resumed>) = 3 [pid 6895] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6895] close(3 [pid 5870] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [ 196.275988][ T6895] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] rmdir("./51/file0") = 0 [pid 5870] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./51/binderfs") = 0 [pid 5870] umount2("./51/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./51/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./51/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./51") = 0 [pid 5870] mkdir("./52", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6906 ./strace-static-x86_64: Process 6906 attached [pid 6906] set_robust_list(0x55558d547760, 24) = 0 [pid 6906] chdir("./52" [pid 6899] <... write resumed>) = 16777216 [pid 6906] <... chdir resumed>) = 0 [pid 6906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6906] setpgid(0, 0 [pid 6899] munmap(0x7fb469000000, 138412032 [pid 6906] <... setpgid resumed>) = 0 [pid 6906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6906] write(3, "1000", 4 [pid 6897] <... munmap resumed>) = 0 [pid 6906] <... write resumed>) = 4 [pid 6897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6906] close(3) = 0 [pid 6897] <... openat resumed>) = 4 [pid 6906] symlink("/dev/binderfs", "./binderfs" [pid 6897] ioctl(4, LOOP_SET_FD, 3 [pid 6906] <... symlink resumed>) = 0 executing program [pid 6906] write(1, "executing program\n", 18 [pid 6897] <... ioctl resumed>) = 0 [pid 6906] <... write resumed>) = 18 [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6906] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6907 attached => {parent_tid=[6907]}, 88) = 6907 [pid 6907] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6906] rt_sigprocmask(SIG_SETMASK, [], [pid 6907] <... rseq resumed>) = 0 [pid 6906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6907] set_robust_list(0x7fb4715169a0, 24 [pid 6906] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... set_robust_list resumed>) = 0 [pid 6906] <... futex resumed>) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6907] memfd_create("syzkaller", 0 [pid 6897] close(3 [pid 6907] <... memfd_create resumed>) = 3 [pid 6897] <... close resumed>) = 0 [pid 6895] <... close resumed>) = 0 [pid 6907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6899] <... munmap resumed>) = 0 [pid 6897] close(4 [pid 6895] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... close resumed>) = 0 [pid 6897] mkdir("./file0", 0777) = 0 [ 196.945267][ T6897] loop0: detected capacity change from 0 to 32768 [pid 6897] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6899] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6895] <... futex resumed>) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6895] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... openat resumed>) = 4 [pid 6891] <... futex resumed>) = 0 [pid 6895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6899] ioctl(4, LOOP_SET_FD, 3 [pid 6891] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6895] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6891] <... futex resumed>) = 0 [ 196.996351][ T6897] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 197.005021][ T6899] loop2: detected capacity change from 0 to 32768 [ 197.014226][ T6897] CPU: 0 UID: 0 PID: 6897 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 197.014257][ T6897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 197.014277][ T6897] Call Trace: [ 197.014286][ T6897] [pid 6891] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... ioctl resumed>) = 0 [pid 6891] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6891] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6891] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6910]}, 88) = 6910 [pid 6899] close(3 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] <... close resumed>) = 0 [pid 6891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6899] close(4 [pid 6891] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... close resumed>) = 0 [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] mkdir("./file0", 0777) = 0 [pid 6899] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade,"./strace-static-x86_64: Process 6910 attached [pid 6910] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [ 197.014294][ T6897] dump_stack_lvl+0x189/0x250 [ 197.014327][ T6897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.014352][ T6897] ? __pfx__printk+0x10/0x10 [ 197.014378][ T6897] ? kernfs_root+0x1c/0x230 [ 197.014404][ T6897] ? kernfs_path_from_node+0x250/0x290 [ 197.014426][ T6897] ? kernfs_path_from_node+0x2f/0x290 [ 197.014450][ T6897] sysfs_create_dir_ns+0x259/0x280 [ 197.014474][ T6897] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 197.014496][ T6897] ? do_raw_spin_unlock+0x122/0x240 [ 197.014524][ T6897] kobject_add_internal+0x59f/0xb40 [pid 6910] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6910] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6895] <... ioctl resumed>) = 0 [pid 6910] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] <... futex resumed>) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6891] <... futex resumed>) = 0 [pid 6910] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6895] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 197.014553][ T6897] kobject_init_and_add+0x125/0x190 [ 197.014578][ T6897] ? __pfx_kobject_init_and_add+0x10/0x10 [ 197.014602][ T6897] ? __raw_spin_lock_init+0x45/0x100 [ 197.014626][ T6897] ? __init_swait_queue_head+0xa9/0x150 [ 197.014653][ T6897] gfs2_sys_fs_add+0x234/0x450 [ 197.014674][ T6897] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 197.014698][ T6897] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 197.014732][ T6897] gfs2_fill_super+0x13c0/0x20d0 [ 197.014766][ T6897] ? __pfx_gfs2_fill_super+0x10/0x10 [ 197.014794][ T6897] ? sb_set_blocksize+0x104/0x180 [ 197.014825][ T6897] ? setup_bdev_super+0x4c1/0x5b0 [ 197.014854][ T6897] get_tree_bdev_flags+0x40b/0x4d0 [ 197.014881][ T6897] ? __pfx_gfs2_fill_super+0x10/0x10 [ 197.014907][ T6897] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 197.014940][ T6897] gfs2_get_tree+0x51/0x1e0 [ 197.014968][ T6897] vfs_get_tree+0x8f/0x2b0 [ 197.014998][ T6897] do_new_mount+0x2a2/0xa30 [ 197.015028][ T6897] ? ns_capable+0x8a/0xf0 [ 197.015056][ T6897] ? __pfx_do_new_mount+0x10/0x10 [ 197.015086][ T6897] ? path_mount+0x61c/0xfe0 [ 197.015113][ T6897] ? user_path_at+0x44/0x60 [ 197.015143][ T6897] __se_sys_mount+0x317/0x410 [ 197.015176][ T6897] ? __pfx___se_sys_mount+0x10/0x10 [ 197.015205][ T6897] ? rcu_is_watching+0x15/0xb0 [ 197.015229][ T6897] ? __x64_sys_mount+0x20/0xc0 [ 197.015259][ T6897] do_syscall_64+0xfa/0x3b0 [ 197.015281][ T6897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.015301][ T6897] ? clear_bhb_loop+0x60/0xb0 [ 197.015324][ T6897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.015343][ T6897] RIP: 0033:0x7fb47156b94a [ 197.015361][ T6897] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 197.015379][ T6897] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 197.015403][ T6897] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 197.015418][ T6897] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 197.015432][ T6897] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6891] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 197.015448][ T6897] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 197.015461][ T6897] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 197.015482][ T6897] [pid 6891] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 197.366362][ T6899] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 197.387019][ T6899] CPU: 1 UID: 0 PID: 6899 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 197.387053][ T6899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 197.387066][ T6899] Call Trace: [ 197.387076][ T6899] [ 197.387084][ T6899] dump_stack_lvl+0x189/0x250 [ 197.387116][ T6899] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.387140][ T6899] ? __pfx__printk+0x10/0x10 [ 197.387166][ T6899] ? kernfs_root+0x1c/0x230 [ 197.387191][ T6899] ? kernfs_path_from_node+0x250/0x290 [ 197.387212][ T6899] ? kernfs_path_from_node+0x2f/0x290 [ 197.387237][ T6899] sysfs_create_dir_ns+0x259/0x280 [ 197.387275][ T6899] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 197.387298][ T6899] ? do_raw_spin_unlock+0x122/0x240 [ 197.387325][ T6899] kobject_add_internal+0x59f/0xb40 [ 197.387353][ T6899] kobject_init_and_add+0x125/0x190 [ 197.387379][ T6899] ? __pfx_kobject_init_and_add+0x10/0x10 [ 197.387401][ T6899] ? __raw_spin_lock_init+0x45/0x100 [ 197.387426][ T6899] ? __init_swait_queue_head+0xa9/0x150 [ 197.387451][ T6899] gfs2_sys_fs_add+0x234/0x450 [ 197.387474][ T6899] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 197.387497][ T6899] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 197.387531][ T6899] gfs2_fill_super+0x13c0/0x20d0 [ 197.387565][ T6899] ? __pfx_gfs2_fill_super+0x10/0x10 [ 197.387593][ T6899] ? sb_set_blocksize+0x104/0x180 [ 197.387622][ T6899] ? setup_bdev_super+0x4c1/0x5b0 [ 197.387651][ T6899] get_tree_bdev_flags+0x40b/0x4d0 [ 197.387679][ T6899] ? __pfx_gfs2_fill_super+0x10/0x10 [ 197.387705][ T6899] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 197.387743][ T6899] gfs2_get_tree+0x51/0x1e0 [ 197.387769][ T6899] vfs_get_tree+0x8f/0x2b0 [ 197.387797][ T6899] do_new_mount+0x2a2/0xa30 [ 197.387828][ T6899] ? ns_capable+0x8a/0xf0 [ 197.387847][ T6899] ? __pfx_do_new_mount+0x10/0x10 [pid 6907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6899] <... mount resumed>) = -1 EEXIST (File exists) [pid 6899] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6899] ioctl(3, LOOP_CLR_FD) = 0 [pid 6899] close(3) = 0 [pid 6899] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 197.387875][ T6899] ? path_mount+0x61c/0xfe0 [ 197.387902][ T6899] ? user_path_at+0x44/0x60 [ 197.387929][ T6899] __se_sys_mount+0x317/0x410 [ 197.387961][ T6899] ? __pfx___se_sys_mount+0x10/0x10 [ 197.387989][ T6899] ? rcu_is_watching+0x15/0xb0 [ 197.388012][ T6899] ? __x64_sys_mount+0x20/0xc0 [ 197.388042][ T6899] do_syscall_64+0xfa/0x3b0 [ 197.388063][ T6899] ? rcu_is_watching+0x15/0xb0 [ 197.388081][ T6899] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.388101][ T6899] ? clear_bhb_loop+0x60/0xb0 [ 197.388123][ T6899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.388143][ T6899] RIP: 0033:0x7fb47156b94a [ 197.388161][ T6899] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 197.388179][ T6899] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 197.388200][ T6899] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6899] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6891] exit_group(0 [pid 6910] <... futex resumed>) = ? [pid 6891] <... exit_group resumed>) = ? [pid 6910] +++ exited with 0 +++ [pid 6895] <... write resumed>) = ? [pid 6895] +++ exited with 0 +++ [pid 6891] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6891, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=95 /* 0.95 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 197.388216][ T6899] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 197.388231][ T6899] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 197.388245][ T6899] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 197.388265][ T6899] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 197.388287][ T6899] [ 197.388336][ T6899] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 6898] <... futex resumed>) = 0 [pid 6898] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... mount resumed>) = -1 EEXIST (File exists) [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6898] <... futex resumed>) = 1 [pid 6899] <... futex resumed>) = 0 [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5868] getdents64(4, [pid 6899] openat(AT_FDCWD, ".", O_RDONLY [pid 6897] <... openat resumed>) = 3 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 6899] <... openat resumed>) = 3 [pid 6897] ioctl(3, LOOP_CLR_FD [pid 6899] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(4 [pid 6899] <... futex resumed>) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6897] <... ioctl resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6899] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6898] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rmdir("./52/file0" [pid 6897] close(3 [pid 6898] <... futex resumed>) = 0 [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./52/binderfs", [pid 6899] <... ioctl resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6899] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] unlink("./52/binderfs" [pid 6899] <... futex resumed>) = 1 [pid 6898] <... futex resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 6899] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6898] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... openat resumed>) = 4 [pid 5868] umount2("./52/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6899] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] newfstatat(AT_FDCWD, "./52/cpuset.effective_mems", [pid 6899] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=4091904, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6898] <... futex resumed>) = 0 [pid 5868] unlink("./52/cpuset.effective_mems" [pid 6899] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 197.418189][ T6897] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 197.519142][ T6899] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 197.521403][ T6897] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6898] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./52") = 0 [pid 5868] mkdir("./53", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6913 attached , child_tidptr=0x55558d547750) = 6913 [pid 6913] set_robust_list(0x55558d547760, 24) = 0 [pid 6913] chdir("./53") = 0 [pid 6913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6913] setpgid(0, 0) = 0 [pid 6913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6913] write(3, "1000", 4) = 4 [pid 6913] close(3) = 0 [pid 6907] <... write resumed>) = 16777216 [pid 6913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6913] write(1, "executing program\n", 18 [pid 6907] munmap(0x7fb469000000, 138412032executing program [pid 6913] <... write resumed>) = 18 [pid 6913] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6913] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6914 attached => {parent_tid=[6914]}, 88) = 6914 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6913] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6914] <... rseq resumed>) = 0 [pid 6914] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6914] memfd_create("syzkaller", 0) = 3 [pid 6914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6897] <... close resumed>) = 0 [pid 6907] <... munmap resumed>) = 0 [pid 6897] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6897] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6896] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6896] <... futex resumed>) = 0 [pid 6897] openat(AT_FDCWD, ".", O_RDONLY [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... openat resumed>) = 3 [pid 6897] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6897] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6896] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6896] <... futex resumed>) = 0 [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... openat resumed>) = 4 [pid 6907] ioctl(4, LOOP_SET_FD, 3 [pid 6897] <... ioctl resumed>) = 0 [pid 6897] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6896] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6897] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6896] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6907] <... ioctl resumed>) = 0 [pid 6907] close(3) = 0 [pid 6907] close(4) = 0 [pid 6907] mkdir("./file0", 0777) = 0 [pid 6907] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6898] exit_group(0) = ? [ 197.958970][ T6907] loop3: detected capacity change from 0 to 32768 [ 197.991621][ T6907] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6899] <... write resumed>) = ? [ 198.015238][ T6907] CPU: 1 UID: 0 PID: 6907 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 198.015271][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 198.015284][ T6907] Call Trace: [ 198.015292][ T6907] [ 198.015301][ T6907] dump_stack_lvl+0x189/0x250 [ 198.015332][ T6907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.015357][ T6907] ? __pfx__printk+0x10/0x10 [ 198.015384][ T6907] ? kernfs_root+0x1c/0x230 [pid 6899] +++ exited with 0 +++ [pid 6898] +++ exited with 0 +++ [pid 6896] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6898, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=43 /* 0.43 s */} --- [pid 5869] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./50/file0") = 0 [pid 5869] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./50/binderfs") = 0 [pid 5869] umount2("./50/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./50/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4440064, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 198.015410][ T6907] ? kernfs_path_from_node+0x250/0x290 [ 198.015433][ T6907] ? kernfs_path_from_node+0x2f/0x290 [ 198.015458][ T6907] sysfs_create_dir_ns+0x259/0x280 [ 198.015481][ T6907] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 198.015505][ T6907] ? do_raw_spin_unlock+0x122/0x240 [ 198.015533][ T6907] kobject_add_internal+0x59f/0xb40 [ 198.015562][ T6907] kobject_init_and_add+0x125/0x190 [ 198.015588][ T6907] ? __pfx_kobject_init_and_add+0x10/0x10 [ 198.015611][ T6907] ? __raw_spin_lock_init+0x45/0x100 [ 198.015637][ T6907] ? __init_swait_queue_head+0xa9/0x150 [ 198.015663][ T6907] gfs2_sys_fs_add+0x234/0x450 [ 198.015686][ T6907] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 198.015710][ T6907] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 198.015744][ T6907] gfs2_fill_super+0x13c0/0x20d0 [ 198.015779][ T6907] ? __pfx_gfs2_fill_super+0x10/0x10 [ 198.015809][ T6907] ? sb_set_blocksize+0x104/0x180 [ 198.015839][ T6907] ? setup_bdev_super+0x4c1/0x5b0 [ 198.015869][ T6907] get_tree_bdev_flags+0x40b/0x4d0 [ 198.015898][ T6907] ? __pfx_gfs2_fill_super+0x10/0x10 [ 198.015925][ T6907] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 198.015967][ T6907] gfs2_get_tree+0x51/0x1e0 [ 198.015995][ T6907] vfs_get_tree+0x8f/0x2b0 [ 198.016024][ T6907] do_new_mount+0x2a2/0xa30 [ 198.016057][ T6907] ? ns_capable+0x8a/0xf0 [ 198.016077][ T6907] ? __pfx_do_new_mount+0x10/0x10 [ 198.016106][ T6907] ? path_mount+0x61c/0xfe0 [ 198.016133][ T6907] ? user_path_at+0x44/0x60 [ 198.016161][ T6907] __se_sys_mount+0x317/0x410 [ 198.016195][ T6907] ? __pfx___se_sys_mount+0x10/0x10 [pid 5869] unlink("./50/cpuset.effective_mems" [pid 6896] exit_group(0) = ? [pid 6897] <... write resumed>) = ? [ 198.016226][ T6907] ? rcu_is_watching+0x15/0xb0 [ 198.016250][ T6907] ? __x64_sys_mount+0x20/0xc0 [ 198.016281][ T6907] do_syscall_64+0xfa/0x3b0 [ 198.016304][ T6907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.016325][ T6907] ? clear_bhb_loop+0x60/0xb0 [ 198.016347][ T6907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.016368][ T6907] RIP: 0033:0x7fb47156b94a [pid 6897] +++ exited with 0 +++ [pid 6896] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6896, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=69 /* 0.69 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./52/file0") = 0 [pid 5867] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./52/binderfs") = 0 [pid 5867] umount2("./52/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./52/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3043328, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 198.016387][ T6907] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 198.016405][ T6907] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 198.016428][ T6907] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 198.016445][ T6907] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 198.016459][ T6907] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 198.016475][ T6907] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5867] unlink("./52/cpuset.effective_mems") = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, [pid 5867] getdents64(3, [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5867] close(3 [pid 5869] rmdir("./50" [pid 5867] <... close resumed>) = 0 [pid 5867] rmdir("./52" [pid 5869] <... rmdir resumed>) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 5869] mkdir("./51", 0777 [pid 5867] mkdir("./53", 0777 [pid 5869] <... mkdir resumed>) = 0 [pid 5867] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... openat resumed>) = 3 [pid 5867] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] ioctl(3, LOOP_CLR_FD [pid 5869] close(3) = 0 [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6917 attached [pid 6917] set_robust_list(0x55558d547760, 24 [pid 6907] <... mount resumed>) = -1 EEXIST (File exists) [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6918 attached , child_tidptr=0x55558d547750) = 6918 [pid 6917] <... set_robust_list resumed>) = 0 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 6917 [pid 6918] set_robust_list(0x55558d547760, 24 [pid 6917] chdir("./53" [pid 6907] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6918] <... set_robust_list resumed>) = 0 [pid 6917] <... chdir resumed>) = 0 [pid 6907] <... openat resumed>) = 3 [pid 6917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6907] ioctl(3, LOOP_CLR_FD [pid 6917] <... prctl resumed>) = 0 [pid 6907] <... ioctl resumed>) = 0 [pid 6917] setpgid(0, 0 [pid 6907] close(3 [pid 6918] chdir("./51" [pid 6917] <... setpgid resumed>) = 0 [pid 6917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6917] write(3, "1000", 4) = 4 [pid 6917] close(3executing program ) = 0 [pid 6917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6917] write(1, "executing program\n", 18) = 18 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [ 198.016489][ T6907] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 198.016511][ T6907] [ 198.016563][ T6907] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 198.344181][ T6907] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6918] <... chdir resumed>) = 0 [pid 6917] <... mmap resumed>) = 0x7fb4714f6000 [pid 6918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6918] setpgid(0, 0) = 0 [pid 6918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6917] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] <... openat resumed>) = 3 [pid 6917] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6918] write(3, "1000", 4 [pid 6917] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6919 attached [pid 6918] <... write resumed>) = 4 [pid 6918] close(3 [pid 6917] <... clone3 resumed> => {parent_tid=[6919]}, 88) = 6919 [pid 6919] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6918] <... close resumed>) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], [pid 6919] <... rseq resumed>) = 0 [pid 6918] symlink("/dev/binderfs", "./binderfs" [pid 6917] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 6919] set_robust_list(0x7fb4715169a0, 24 [pid 6918] <... symlink resumed>) = 0 [pid 6917] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] <... set_robust_list resumed>) = 0 [pid 6918] write(1, "executing program\n", 18 [pid 6919] rt_sigprocmask(SIG_SETMASK, [], [pid 6918] <... write resumed>) = 18 [pid 6919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6918] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6919] memfd_create("syzkaller", 0 [pid 6918] <... futex resumed>) = 0 [pid 6918] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6919] <... memfd_create resumed>) = 3 [pid 6918] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6919] <... mmap resumed>) = 0x7fb469000000 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6918] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6920 attached => {parent_tid=[6920]}, 88) = 6920 [pid 6920] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], [pid 6920] <... rseq resumed>) = 0 [pid 6920] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6920] rt_sigprocmask(SIG_SETMASK, [], [pid 6918] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6918] <... futex resumed>) = 0 [pid 6920] memfd_create("syzkaller", 0 [pid 6918] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6920] <... memfd_create resumed>) = 3 [pid 6920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6907] <... close resumed>) = 0 [pid 6907] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] <... futex resumed>) = 0 [pid 6906] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = 0 [pid 6906] <... futex resumed>) = 1 [pid 6907] openat(AT_FDCWD, ".", O_RDONLY [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... openat resumed>) = 3 [pid 6907] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6906] <... futex resumed>) = 0 [pid 6907] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6906] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... ioctl resumed>) = 0 [pid 6907] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6906] <... futex resumed>) = 0 [pid 6907] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6906] <... futex resumed>) = 0 [pid 6907] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = 0 [pid 6906] <... futex resumed>) = 1 [pid 6907] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6906] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6914] <... write resumed>) = 16777216 [pid 6914] munmap(0x7fb469000000, 138412032 [pid 6919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6914] <... munmap resumed>) = 0 [pid 6920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6914] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6914] close(3) = 0 [pid 6914] close(4) = 0 [pid 6914] mkdir("./file0", 0777) = 0 [ 198.759842][ T6914] loop1: detected capacity change from 0 to 32768 [ 198.790500][ T6914] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 198.821167][ T6914] CPU: 0 UID: 0 PID: 6914 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 198.821201][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 198.821215][ T6914] Call Trace: [ 198.821223][ T6914] [ 198.821232][ T6914] dump_stack_lvl+0x189/0x250 [ 198.821264][ T6914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.821289][ T6914] ? __pfx__printk+0x10/0x10 [ 198.821316][ T6914] ? kernfs_root+0x1c/0x230 [ 198.821342][ T6914] ? kernfs_path_from_node+0x250/0x290 [ 198.821365][ T6914] ? kernfs_path_from_node+0x2f/0x290 [ 198.821390][ T6914] sysfs_create_dir_ns+0x259/0x280 [ 198.821413][ T6914] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 198.821436][ T6914] ? do_raw_spin_unlock+0x122/0x240 [ 198.821464][ T6914] kobject_add_internal+0x59f/0xb40 [ 198.821493][ T6914] kobject_init_and_add+0x125/0x190 [ 198.821519][ T6914] ? __pfx_kobject_init_and_add+0x10/0x10 [ 198.821543][ T6914] ? __raw_spin_lock_init+0x45/0x100 [ 198.821569][ T6914] ? __init_swait_queue_head+0xa9/0x150 [ 198.821595][ T6914] gfs2_sys_fs_add+0x234/0x450 [ 198.821617][ T6914] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 198.821641][ T6914] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 198.821677][ T6914] gfs2_fill_super+0x13c0/0x20d0 [ 198.821711][ T6914] ? __pfx_gfs2_fill_super+0x10/0x10 [ 198.821740][ T6914] ? sb_set_blocksize+0x104/0x180 [ 198.821771][ T6914] ? setup_bdev_super+0x4c1/0x5b0 [ 198.821801][ T6914] get_tree_bdev_flags+0x40b/0x4d0 [ 198.821831][ T6914] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6914] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6906] exit_group(0) = ? [ 198.821858][ T6914] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 198.821891][ T6914] gfs2_get_tree+0x51/0x1e0 [ 198.821919][ T6914] vfs_get_tree+0x8f/0x2b0 [ 198.821957][ T6914] do_new_mount+0x2a2/0xa30 [ 198.821989][ T6914] ? ns_capable+0x8a/0xf0 [ 198.822009][ T6914] ? __pfx_do_new_mount+0x10/0x10 [ 198.822039][ T6914] ? path_mount+0x61c/0xfe0 [ 198.822067][ T6914] ? user_path_at+0x44/0x60 [ 198.822094][ T6914] __se_sys_mount+0x317/0x410 [ 198.822128][ T6914] ? __pfx___se_sys_mount+0x10/0x10 [ 198.822157][ T6914] ? rcu_is_watching+0x15/0xb0 [pid 6920] <... write resumed>) = 16777216 [pid 6907] <... write resumed>) = ? [pid 6920] munmap(0x7fb469000000, 138412032 [pid 6907] +++ exited with 0 +++ [pid 6906] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6906, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=69 /* 0.69 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 198.822180][ T6914] ? __x64_sys_mount+0x20/0xc0 [ 198.822212][ T6914] do_syscall_64+0xfa/0x3b0 [ 198.822234][ T6914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.822255][ T6914] ? clear_bhb_loop+0x60/0xb0 [ 198.822279][ T6914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.822299][ T6914] RIP: 0033:0x7fb47156b94a [ 198.822316][ T6914] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 198.822335][ T6914] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 198.822357][ T6914] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 198.822372][ T6914] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 198.822388][ T6914] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 198.822402][ T6914] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 198.822416][ T6914] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6920] <... munmap resumed>) = 0 [pid 6919] <... write resumed>) = 16777216 [pid 5870] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6920] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6919] munmap(0x7fb469000000, 138412032 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6920] <... openat resumed>) = 4 [pid 5870] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, [pid 6920] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./52/file0") = 0 [pid 5870] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./52/binderfs") = 0 [pid 5870] umount2("./52/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./52/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6447104, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./52/cpuset.effective_mems" [pid 6914] <... mount resumed>) = -1 EEXIST (File exists) [pid 6914] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6914] ioctl(3, LOOP_CLR_FD) = 0 [pid 6914] close(3 [pid 6920] <... ioctl resumed>) = 0 [pid 6920] close(3) = 0 [pid 6920] close(4) = 0 [pid 6920] mkdir("./file0", 0777) = 0 [ 198.822438][ T6914] [ 198.822460][ T6914] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 199.139625][ T6914] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 199.150049][ T6920] loop2: detected capacity change from 0 to 32768 [ 199.195835][ T6920] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 199.203288][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 199.203318][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.203332][ T6920] Call Trace: [ 199.203340][ T6920] [ 199.203349][ T6920] dump_stack_lvl+0x189/0x250 [ 199.203382][ T6920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.203406][ T6920] ? __pfx__printk+0x10/0x10 [ 199.203433][ T6920] ? kernfs_root+0x1c/0x230 [ 199.203459][ T6920] ? kernfs_path_from_node+0x250/0x290 [ 199.203482][ T6920] ? kernfs_path_from_node+0x2f/0x290 [ 199.203507][ T6920] sysfs_create_dir_ns+0x259/0x280 [ 199.203530][ T6920] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 199.203554][ T6920] ? do_raw_spin_unlock+0x122/0x240 [ 199.203582][ T6920] kobject_add_internal+0x59f/0xb40 [ 199.203610][ T6920] kobject_init_and_add+0x125/0x190 [ 199.203636][ T6920] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 6920] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6919] <... munmap resumed>) = 0 [pid 6914] <... close resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6914] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 6919] <... openat resumed>) = 4 [pid 6914] <... futex resumed>) = 1 [pid 6913] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6913] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3 [ 199.203659][ T6920] ? __raw_spin_lock_init+0x45/0x100 [ 199.203685][ T6920] ? __init_swait_queue_head+0xa9/0x150 [ 199.203713][ T6920] gfs2_sys_fs_add+0x234/0x450 [ 199.203735][ T6920] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 199.203759][ T6920] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 199.203794][ T6920] gfs2_fill_super+0x13c0/0x20d0 [ 199.203829][ T6920] ? __pfx_gfs2_fill_super+0x10/0x10 [ 199.203864][ T6920] ? sb_set_blocksize+0x104/0x180 [ 199.203895][ T6920] ? setup_bdev_super+0x4c1/0x5b0 [pid 6919] ioctl(4, LOOP_SET_FD, 3 [pid 6914] openat(AT_FDCWD, ".", O_RDONLY [pid 6913] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./52") = 0 [pid 5870] mkdir("./53", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6913] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6914] <... openat resumed>) = 3 [pid 5870] close(3 [pid 6914] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 6914] <... futex resumed>) = 1 [pid 6913] <... futex resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6925 attached [pid 6914] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6913] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6925 [pid 6913] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] set_robust_list(0x55558d547760, 24) = 0 [ 199.203925][ T6920] get_tree_bdev_flags+0x40b/0x4d0 [ 199.203954][ T6920] ? __pfx_gfs2_fill_super+0x10/0x10 [ 199.203980][ T6920] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 199.204013][ T6920] gfs2_get_tree+0x51/0x1e0 [ 199.204042][ T6920] vfs_get_tree+0x8f/0x2b0 [ 199.204070][ T6920] do_new_mount+0x2a2/0xa30 [ 199.204103][ T6920] ? ns_capable+0x8a/0xf0 [ 199.204122][ T6920] ? __pfx_do_new_mount+0x10/0x10 [ 199.204151][ T6920] ? path_mount+0x61c/0xfe0 [ 199.204179][ T6920] ? user_path_at+0x44/0x60 [ 199.204207][ T6920] __se_sys_mount+0x317/0x410 [pid 6925] chdir("./53") = 0 [pid 6925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6925] setpgid(0, 0) = 0 [pid 6925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6925] write(3, "1000", 4) = 4 [pid 6925] close(3) = 0 [pid 6925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6925] write(1, "executing program\n", 18) = 18 [pid 6925] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6925] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6926]}, 88) = 6926 [pid 6925] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6926 attached NULL, 8) = 0 [pid 6925] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6926] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6926] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6926] memfd_create("syzkaller", 0 [pid 6913] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6913] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6913] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6927]}, 88) = 6927 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6927 attached [pid 6927] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6926] <... memfd_create resumed>) = 3 [pid 6927] set_robust_list(0x7fb4714f59a0, 24 [pid 6926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6927] <... set_robust_list resumed>) = 0 [pid 6926] <... mmap resumed>) = 0x7fb469000000 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 199.204240][ T6920] ? __pfx___se_sys_mount+0x10/0x10 [ 199.204271][ T6920] ? rcu_is_watching+0x15/0xb0 [ 199.204295][ T6920] ? __x64_sys_mount+0x20/0xc0 [ 199.204327][ T6920] do_syscall_64+0xfa/0x3b0 [ 199.204349][ T6920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.204370][ T6920] ? clear_bhb_loop+0x60/0xb0 [ 199.204393][ T6920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.204413][ T6920] RIP: 0033:0x7fb47156b94a [pid 6927] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6919] <... ioctl resumed>) = 0 [pid 6919] close(3) = 0 [pid 6919] close(4) = 0 [pid 6919] mkdir("./file0", 0777) = 0 [ 199.204433][ T6920] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 199.204451][ T6920] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 199.204473][ T6920] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 199.204489][ T6920] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 199.204503][ T6920] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 199.204518][ T6920] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 199.204532][ T6920] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 199.204554][ T6920] [ 199.204574][ T6920] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 199.328386][ T6919] loop0: detected capacity change from 0 to 32768 [ 199.341945][ T6920] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 199.481348][ T6919] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6919] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6913] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6913] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6913] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6920] <... mount resumed>) = -1 EEXIST (File exists) [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6930]}, 88) = 6930 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6930 attached [pid 6913] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6913] <... futex resumed>) = 0 [pid 6920] <... openat resumed>) = 3 [pid 6913] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6920] ioctl(3, LOOP_CLR_FD [pid 6930] <... rseq resumed>) = 0 [pid 6920] <... ioctl resumed>) = 0 [pid 6930] set_robust_list(0x7fb4714d49a0, 24 [pid 6920] close(3 [pid 6930] <... set_robust_list resumed>) = 0 [pid 6920] <... close resumed>) = 0 [pid 6930] rt_sigprocmask(SIG_SETMASK, [], [pid 6920] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6930] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6920] openat(AT_FDCWD, ".", O_RDONLY [pid 6918] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6920] <... openat resumed>) = 3 [pid 6918] <... futex resumed>) = 0 [pid 6930] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6918] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6920] <... futex resumed>) = 0 [pid 6918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] <... futex resumed>) = 0 [ 199.539057][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.548526][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.557126][ T6919] CPU: 1 UID: 0 PID: 6919 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 199.557156][ T6919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.557171][ T6919] Call Trace: [ 199.557180][ T6919] [ 199.557189][ T6919] dump_stack_lvl+0x189/0x250 [pid 6930] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] <... futex resumed>) = 0 [pid 6920] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 199.557222][ T6919] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.557247][ T6919] ? __pfx__printk+0x10/0x10 [ 199.557273][ T6919] ? kernfs_root+0x1c/0x230 [ 199.557301][ T6919] ? kernfs_path_from_node+0x250/0x290 [ 199.557324][ T6919] ? kernfs_path_from_node+0x2f/0x290 [ 199.557350][ T6919] sysfs_create_dir_ns+0x259/0x280 [ 199.557373][ T6919] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 199.557395][ T6919] ? do_raw_spin_unlock+0x122/0x240 [ 199.557422][ T6919] kobject_add_internal+0x59f/0xb40 [ 199.557449][ T6919] kobject_init_and_add+0x125/0x190 [pid 6918] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6918] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6918] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6918] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6931]}, 88) = 6931 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6918] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6931 attached [pid 6918] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6931] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 199.557474][ T6919] ? __pfx_kobject_init_and_add+0x10/0x10 [ 199.557498][ T6919] ? __raw_spin_lock_init+0x45/0x100 [ 199.557524][ T6919] ? __init_swait_queue_head+0xa9/0x150 [ 199.557549][ T6919] gfs2_sys_fs_add+0x234/0x450 [ 199.557570][ T6919] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 199.557593][ T6919] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 199.557627][ T6919] gfs2_fill_super+0x13c0/0x20d0 [ 199.557660][ T6919] ? __pfx_gfs2_fill_super+0x10/0x10 [ 199.557687][ T6919] ? sb_set_blocksize+0x104/0x180 [pid 6931] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6918] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6918] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6918] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6918] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6932]}, 88) = 6932 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6918] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6932 attached [pid 6932] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 6932] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6932] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [ 199.557718][ T6919] ? setup_bdev_super+0x4c1/0x5b0 [ 199.557746][ T6919] get_tree_bdev_flags+0x40b/0x4d0 [ 199.557774][ T6919] ? __pfx_gfs2_fill_super+0x10/0x10 [ 199.557799][ T6919] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 199.557832][ T6919] gfs2_get_tree+0x51/0x1e0 [ 199.557858][ T6919] vfs_get_tree+0x8f/0x2b0 [ 199.557887][ T6919] do_new_mount+0x2a2/0xa30 [ 199.557919][ T6919] ? ns_capable+0x8a/0xf0 [ 199.557938][ T6919] ? __pfx_do_new_mount+0x10/0x10 [ 199.557967][ T6919] ? path_mount+0x61c/0xfe0 [pid 6932] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] exit_group(0 [pid 6930] <... futex resumed>) = ? [pid 6913] <... exit_group resumed>) = ? [pid 6930] +++ exited with 0 +++ [ 199.557995][ T6919] ? user_path_at+0x44/0x60 [ 199.558022][ T6919] __se_sys_mount+0x317/0x410 [ 199.558056][ T6919] ? __pfx___se_sys_mount+0x10/0x10 [ 199.558095][ T6919] ? rcu_is_watching+0x15/0xb0 [ 199.558118][ T6919] ? __x64_sys_mount+0x20/0xc0 [ 199.558148][ T6919] do_syscall_64+0xfa/0x3b0 [ 199.558170][ T6919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.558191][ T6919] ? clear_bhb_loop+0x60/0xb0 [ 199.558213][ T6919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.558233][ T6919] RIP: 0033:0x7fb47156b94a [ 199.558251][ T6919] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 199.558269][ T6919] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 199.558292][ T6919] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 199.558308][ T6919] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 199.558323][ T6919] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6920] <... ioctl resumed>) = 0 [pid 6914] <... ioctl resumed>) = ? [pid 6920] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] +++ exited with 0 +++ [pid 6931] <... openat resumed>) = 4 [pid 6927] <... openat resumed>) = ? [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6931] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] exit_group(0 [pid 6932] <... futex resumed>) = ? [pid 6920] <... futex resumed>) = ? [pid 6918] <... exit_group resumed>) = ? [pid 6932] +++ exited with 0 +++ [pid 6920] +++ exited with 0 +++ [pid 6931] +++ exited with 0 +++ [pid 6918] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6918, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=49 /* 0.49 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6927] +++ exited with 0 +++ [pid 6913] +++ exited with 0 +++ [pid 6919] <... mount resumed>) = -1 EEXIST (File exists) [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6913, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=68 /* 0.68 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... restart_syscall resumed>) = 0 [pid 6919] <... openat resumed>) = 3 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6919] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6919] close(3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] newfstatat(3, "", [pid 5868] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] newfstatat(3, "", [pid 5869] getdents64(3, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] getdents64(3, [pid 5869] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "./51/file0", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] newfstatat(AT_FDCWD, "./53/file0", [pid 5869] umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 199.558338][ T6919] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 199.558351][ T6919] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 199.558372][ T6919] [ 199.560152][ T6919] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 199.882064][ T6919] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5868] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 4 [pid 5868] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] newfstatat(4, "", [pid 5869] getdents64(4, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(4, [pid 5869] close(4) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] rmdir("./51/file0") = 0 [pid 5868] getdents64(4, [pid 5869] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5868] close(4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] unlink("./51/binderfs" [pid 5868] rmdir("./53/file0" [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] umount2("./51/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./51/cpuset.effective_mems", [pid 5868] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./51/cpuset.effective_mems" [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] unlink("./53/binderfs" [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 5868] <... unlink resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./51" [pid 5868] umount2("./53/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] mkdir("./52", 0777 [pid 5868] newfstatat(AT_FDCWD, "./53/cpuset.effective_mems", [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] unlink("./53/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./53") = 0 [pid 5868] mkdir("./54", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3 [pid 5868] close(3 [pid 5869] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6933 attached ./strace-static-x86_64: Process 6934 attached [pid 6933] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6934 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6933 [pid 6933] <... set_robust_list resumed>) = 0 [pid 6934] set_robust_list(0x55558d547760, 24 [pid 6933] chdir("./54" [pid 6934] <... set_robust_list resumed>) = 0 [pid 6933] <... chdir resumed>) = 0 [pid 6934] chdir("./52" [pid 6933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6934] <... chdir resumed>) = 0 [pid 6933] <... prctl resumed>) = 0 [pid 6934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6933] setpgid(0, 0 [pid 6934] <... prctl resumed>) = 0 [pid 6933] <... setpgid resumed>) = 0 [pid 6933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6934] setpgid(0, 0) = 0 [pid 6934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6933] <... openat resumed>) = 3 [pid 6934] <... openat resumed>) = 3 [pid 6933] write(3, "1000", 4) = 4 [pid 6933] close(3) = 0 [pid 6933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6934] write(3, "1000", 4executing program ) = 4 [pid 6934] close(3) = 0 [pid 6934] symlink("/dev/binderfs", "./binderfs" [pid 6933] write(1, "executing program\n", 18executing program [pid 6934] <... symlink resumed>) = 0 [pid 6933] <... write resumed>) = 18 [pid 6933] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6934] write(1, "executing program\n", 18 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6934] <... write resumed>) = 18 [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... mmap resumed>) = 0x7fb4714f6000 [pid 6934] <... futex resumed>) = 0 [pid 6934] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6933] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6933] <... mprotect resumed>) = 0 [pid 6934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6933] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6934] <... mmap resumed>) = 0x7fb4714f6000 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6935 attached [pid 6934] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] <... clone3 resumed> => {parent_tid=[6935]}, 88) = 6935 [pid 6934] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6934] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6933] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... rseq resumed>) = 0 [pid 6935] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6935] rt_sigprocmask(SIG_SETMASK, [], [pid 6933] <... futex resumed>) = 0 [pid 6935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6936 attached [pid 6934] <... clone3 resumed> => {parent_tid=[6936]}, 88) = 6936 [pid 6936] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], [pid 6936] <... rseq resumed>) = 0 [pid 6934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] set_robust_list(0x7fb4715169a0, 24 [pid 6934] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... set_robust_list resumed>) = 0 [pid 6934] <... futex resumed>) = 0 [pid 6936] rt_sigprocmask(SIG_SETMASK, [], [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] memfd_create("syzkaller", 0 [pid 6935] memfd_create("syzkaller", 0 [pid 6936] <... memfd_create resumed>) = 3 [pid 6935] <... memfd_create resumed>) = 3 [pid 6936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6936] <... mmap resumed>) = 0x7fb469000000 [pid 6935] <... mmap resumed>) = 0x7fb469000000 [pid 6919] <... close resumed>) = 0 [pid 6919] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6919] openat(AT_FDCWD, ".", O_RDONLY [pid 6917] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... openat resumed>) = 3 [pid 6917] <... futex resumed>) = 0 [pid 6919] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... futex resumed>) = 0 [pid 6917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6919] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6917] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... ioctl resumed>) = 0 [pid 6919] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6919] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] <... futex resumed>) = 0 [pid 6917] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = 0 [pid 6917] <... futex resumed>) = 1 [pid 6919] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6919] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6917] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = 0 [pid 6917] <... futex resumed>) = 1 [pid 6919] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6917] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6917] exit_group(0) = ? [pid 6919] <... write resumed>) = ? [pid 6919] +++ exited with 0 +++ [pid 6917] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6917, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=82 /* 0.82 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./53/file0") = 0 [pid 5867] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./53/binderfs") = 0 [pid 5867] umount2("./53/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./53/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4554752, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./53/cpuset.effective_mems" [pid 6935] <... write resumed>) = 16777216 [pid 6936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6935] munmap(0x7fb469000000, 138412032 [pid 6926] <... write resumed>) = 16777216 [pid 6926] munmap(0x7fb469000000, 138412032 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./53") = 0 [pid 5867] mkdir("./54", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6937 attached , child_tidptr=0x55558d547750) = 6937 [pid 6937] set_robust_list(0x55558d547760, 24) = 0 [pid 6937] chdir("./54") = 0 [pid 6937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6937] setpgid(0, 0) = 0 [pid 6937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6937] write(3, "1000", 4) = 4 [pid 6937] close(3) = 0 executing program [pid 6937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6937] write(1, "executing program\n", 18) = 18 [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6937] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6938]}, 88) = 6938 ./strace-static-x86_64: Process 6938 attached [pid 6937] rt_sigprocmask(SIG_SETMASK, [], [pid 6938] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6938] <... rseq resumed>) = 0 [pid 6937] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] set_robust_list(0x7fb4715169a0, 24 [pid 6937] <... futex resumed>) = 0 [pid 6938] <... set_robust_list resumed>) = 0 [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6938] memfd_create("syzkaller", 0) = 3 [pid 6938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6935] <... munmap resumed>) = 0 [pid 6926] <... munmap resumed>) = 0 [pid 6935] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6935] ioctl(4, LOOP_SET_FD, 3 [pid 6926] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6926] ioctl(4, LOOP_SET_FD, 3 [pid 6936] <... write resumed>) = 16777216 [pid 6936] munmap(0x7fb469000000, 138412032 [pid 6935] <... ioctl resumed>) = 0 [pid 6935] close(3) = 0 [pid 6935] close(4) = 0 [pid 6935] mkdir("./file0", 0777) = 0 [pid 6935] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6926] <... ioctl resumed>) = 0 [pid 6926] close(3) = 0 [pid 6926] close(4) = 0 [pid 6926] mkdir("./file0", 0777) = 0 [ 200.536397][ T6935] loop1: detected capacity change from 0 to 32768 [ 200.543987][ T6926] loop3: detected capacity change from 0 to 32768 [ 200.562236][ T6935] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 200.575397][ T6935] CPU: 0 UID: 0 PID: 6935 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 200.575429][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 200.575443][ T6935] Call Trace: [ 200.575451][ T6935] [ 200.575460][ T6935] dump_stack_lvl+0x189/0x250 [ 200.575493][ T6935] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.575518][ T6935] ? __pfx__printk+0x10/0x10 [ 200.575546][ T6935] ? kernfs_root+0x1c/0x230 [ 200.575572][ T6935] ? kernfs_path_from_node+0x250/0x290 [ 200.575593][ T6935] ? kernfs_path_from_node+0x2f/0x290 [ 200.575619][ T6935] sysfs_create_dir_ns+0x259/0x280 [ 200.575643][ T6935] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 200.575665][ T6935] ? do_raw_spin_unlock+0x122/0x240 [ 200.575694][ T6935] kobject_add_internal+0x59f/0xb40 [ 200.575724][ T6935] kobject_init_and_add+0x125/0x190 [ 200.575750][ T6935] ? __pfx_kobject_init_and_add+0x10/0x10 [ 200.575776][ T6935] ? __raw_spin_lock_init+0x45/0x100 [ 200.575801][ T6935] ? __init_swait_queue_head+0xa9/0x150 [ 200.575826][ T6935] gfs2_sys_fs_add+0x234/0x450 [ 200.575848][ T6935] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 200.575873][ T6935] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 200.575909][ T6935] gfs2_fill_super+0x13c0/0x20d0 [ 200.575945][ T6935] ? __pfx_gfs2_fill_super+0x10/0x10 [ 200.575979][ T6935] ? sb_set_blocksize+0x104/0x180 [ 200.576011][ T6935] ? setup_bdev_super+0x4c1/0x5b0 [ 200.576039][ T6935] get_tree_bdev_flags+0x40b/0x4d0 [ 200.576065][ T6935] ? __pfx_gfs2_fill_super+0x10/0x10 [ 200.576090][ T6935] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 200.576122][ T6935] gfs2_get_tree+0x51/0x1e0 [ 200.576149][ T6935] vfs_get_tree+0x8f/0x2b0 [ 200.576176][ T6935] do_new_mount+0x2a2/0xa30 [ 200.576207][ T6935] ? ns_capable+0x8a/0xf0 [ 200.576225][ T6935] ? __pfx_do_new_mount+0x10/0x10 [ 200.576254][ T6935] ? path_mount+0x61c/0xfe0 [ 200.576281][ T6935] ? user_path_at+0x44/0x60 [ 200.576307][ T6935] __se_sys_mount+0x317/0x410 [ 200.576340][ T6935] ? __pfx___se_sys_mount+0x10/0x10 [ 200.576369][ T6935] ? rcu_is_watching+0x15/0xb0 [ 200.576392][ T6935] ? __x64_sys_mount+0x20/0xc0 [ 200.576422][ T6935] do_syscall_64+0xfa/0x3b0 [ 200.576443][ T6935] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.576463][ T6935] ? clear_bhb_loop+0x60/0xb0 [ 200.576486][ T6935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.576506][ T6935] RIP: 0033:0x7fb47156b94a [ 200.576524][ T6935] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 200.576542][ T6935] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 6926] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6936] <... munmap resumed>) = 0 [pid 6936] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 200.576565][ T6935] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 200.576582][ T6935] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 200.576597][ T6935] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 200.576612][ T6935] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 200.576625][ T6935] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 200.576645][ T6935] [ 200.577108][ T6935] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 200.591846][ T6926] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 200.880072][ T6936] loop2: detected capacity change from 0 to 32768 [ 200.881664][ T6935] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 200.915485][ T6926] CPU: 1 UID: 0 PID: 6926 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 6936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6936] close(3) = 0 [pid 6936] close(4) = 0 [pid 6936] mkdir("./file0", 0777) = 0 [ 200.915516][ T6926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 200.915530][ T6926] Call Trace: [ 200.915539][ T6926] [ 200.915548][ T6926] dump_stack_lvl+0x189/0x250 [ 200.915580][ T6926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.915603][ T6926] ? __pfx__printk+0x10/0x10 [ 200.915630][ T6926] ? kernfs_root+0x1c/0x230 [ 200.915655][ T6926] ? kernfs_path_from_node+0x250/0x290 [ 200.915685][ T6926] ? kernfs_path_from_node+0x2f/0x290 [ 200.915709][ T6926] sysfs_create_dir_ns+0x259/0x280 [ 200.915733][ T6926] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 200.915755][ T6926] ? do_raw_spin_unlock+0x122/0x240 [ 200.915783][ T6926] kobject_add_internal+0x59f/0xb40 [ 200.915811][ T6926] kobject_init_and_add+0x125/0x190 [ 200.915836][ T6926] ? __pfx_kobject_init_and_add+0x10/0x10 [ 200.915859][ T6926] ? __raw_spin_lock_init+0x45/0x100 [ 200.915884][ T6926] ? __init_swait_queue_head+0xa9/0x150 [ 200.915911][ T6926] gfs2_sys_fs_add+0x234/0x450 [ 200.915933][ T6926] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 200.915957][ T6926] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 6936] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6938] <... write resumed>) = 16777216 [pid 6935] <... mount resumed>) = -1 EEXIST (File exists) [ 200.915991][ T6926] gfs2_fill_super+0x13c0/0x20d0 [ 200.916025][ T6926] ? __pfx_gfs2_fill_super+0x10/0x10 [ 200.916060][ T6926] ? sb_set_blocksize+0x104/0x180 [ 200.916090][ T6926] ? setup_bdev_super+0x4c1/0x5b0 [ 200.916119][ T6926] get_tree_bdev_flags+0x40b/0x4d0 [ 200.916147][ T6926] ? __pfx_gfs2_fill_super+0x10/0x10 [ 200.916173][ T6926] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 200.916206][ T6926] gfs2_get_tree+0x51/0x1e0 [ 200.916233][ T6926] vfs_get_tree+0x8f/0x2b0 [ 200.916262][ T6926] do_new_mount+0x2a2/0xa30 [pid 6938] munmap(0x7fb469000000, 138412032 [pid 6935] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6935] ioctl(3, LOOP_CLR_FD) = 0 [pid 6935] close(3 [pid 6926] <... mount resumed>) = -1 EEXIST (File exists) [ 200.916294][ T6926] ? ns_capable+0x8a/0xf0 [ 200.916313][ T6926] ? __pfx_do_new_mount+0x10/0x10 [ 200.916343][ T6926] ? path_mount+0x61c/0xfe0 [ 200.916370][ T6926] ? user_path_at+0x44/0x60 [ 200.916397][ T6926] __se_sys_mount+0x317/0x410 [ 200.916431][ T6926] ? __pfx___se_sys_mount+0x10/0x10 [ 200.916460][ T6926] ? rcu_is_watching+0x15/0xb0 [ 200.916483][ T6926] ? __x64_sys_mount+0x20/0xc0 [ 200.916513][ T6926] do_syscall_64+0xfa/0x3b0 [ 200.916535][ T6926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 6926] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6926] ioctl(3, LOOP_CLR_FD) = 0 [ 200.916556][ T6926] ? clear_bhb_loop+0x60/0xb0 [ 200.916579][ T6926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.916599][ T6926] RIP: 0033:0x7fb47156b94a [ 200.916618][ T6926] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 200.916635][ T6926] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 200.916658][ T6926] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 200.916682][ T6926] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 200.916697][ T6926] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 200.916711][ T6926] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 200.916726][ T6926] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 200.916747][ T6926] [ 200.916767][ T6926] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 201.066074][ T6936] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 201.068445][ T6926] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 201.074491][ T6936] CPU: 0 UID: 0 PID: 6936 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 201.074527][ T6936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.074543][ T6936] Call Trace: [ 201.074552][ T6936] [ 201.074563][ T6936] dump_stack_lvl+0x189/0x250 [ 201.074600][ T6936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.074629][ T6936] ? __pfx__printk+0x10/0x10 [ 201.074658][ T6936] ? kernfs_root+0x1c/0x230 [ 201.074687][ T6936] ? kernfs_path_from_node+0x250/0x290 [ 201.074712][ T6936] ? kernfs_path_from_node+0x2f/0x290 [ 201.074740][ T6936] sysfs_create_dir_ns+0x259/0x280 [ 201.074766][ T6936] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 201.074792][ T6936] ? do_raw_spin_unlock+0x122/0x240 [ 201.074823][ T6936] kobject_add_internal+0x59f/0xb40 [ 201.074856][ T6936] kobject_init_and_add+0x125/0x190 [ 201.074885][ T6936] ? __pfx_kobject_init_and_add+0x10/0x10 [ 201.074919][ T6936] ? __raw_spin_lock_init+0x45/0x100 [ 201.074947][ T6936] ? __init_swait_queue_head+0xa9/0x150 [ 201.074977][ T6936] gfs2_sys_fs_add+0x234/0x450 [ 201.075002][ T6936] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 201.075030][ T6936] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 201.075069][ T6936] gfs2_fill_super+0x13c0/0x20d0 [ 201.075108][ T6936] ? __pfx_gfs2_fill_super+0x10/0x10 [ 201.075145][ T6936] ? sb_set_blocksize+0x104/0x180 [pid 6926] close(3 [pid 6935] <... close resumed>) = 0 [pid 6926] <... close resumed>) = 0 [pid 6926] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6925] <... futex resumed>) = 0 [pid 6926] openat(AT_FDCWD, ".", O_RDONLY [pid 6925] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... openat resumed>) = 3 [pid 6925] <... futex resumed>) = 0 [pid 6926] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] <... futex resumed>) = 0 [pid 6925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6926] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6925] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 201.075178][ T6936] ? setup_bdev_super+0x4c1/0x5b0 [ 201.075212][ T6936] get_tree_bdev_flags+0x40b/0x4d0 [ 201.075244][ T6936] ? __pfx_gfs2_fill_super+0x10/0x10 [ 201.075273][ T6936] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 201.075311][ T6936] gfs2_get_tree+0x51/0x1e0 [ 201.075342][ T6936] vfs_get_tree+0x8f/0x2b0 [ 201.075374][ T6936] do_new_mount+0x2a2/0xa30 [ 201.075410][ T6936] ? ns_capable+0x8a/0xf0 [ 201.075433][ T6936] ? __pfx_do_new_mount+0x10/0x10 [ 201.075464][ T6936] ? path_mount+0x61c/0xfe0 [ 201.075497][ T6936] ? user_path_at+0x44/0x60 [pid 6935] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] <... munmap resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6938] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6933] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... openat resumed>) = 4 [pid 6935] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 1 [pid 6938] ioctl(4, LOOP_SET_FD, 3 [pid 6935] openat(AT_FDCWD, ".", O_RDONLY [pid 6933] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] <... openat resumed>) = 3 [pid 6935] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6933] <... futex resumed>) = 0 [pid 6935] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6933] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6925] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6925] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6945]}, 88) = 6945 [pid 6925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 201.075527][ T6936] __se_sys_mount+0x317/0x410 [ 201.075564][ T6936] ? __pfx___se_sys_mount+0x10/0x10 [ 201.075598][ T6936] ? rcu_is_watching+0x15/0xb0 [ 201.075625][ T6936] ? __x64_sys_mount+0x20/0xc0 [ 201.075659][ T6936] do_syscall_64+0xfa/0x3b0 [ 201.075684][ T6936] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.075708][ T6936] ? clear_bhb_loop+0x60/0xb0 [ 201.075734][ T6936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.075758][ T6936] RIP: 0033:0x7fb47156b94a [pid 6925] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] <... ioctl resumed>) = 0 [pid 6938] close(3) = 0 [pid 6938] close(4) = 0 [pid 6938] mkdir("./file0", 0777) = 0 [pid 6938] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6933] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6933] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6933] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6948]}, 88) = 6948 [pid 6925] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 201.075779][ T6936] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 201.075799][ T6936] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 201.075827][ T6936] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 201.075845][ T6936] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 201.075862][ T6936] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6925] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6925] <... futex resumed>) = 0 [pid 6933] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6933] <... futex resumed>) = 0 [pid 6925] <... mmap resumed>) = 0x7fb4714b4000 [pid 6933] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6949]}, 88) = 6949 [pid 6925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6925] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6945 attached ./strace-static-x86_64: Process 6948 attached ./strace-static-x86_64: Process 6949 attached [pid 6949] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 6948] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [ 201.075880][ T6936] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 201.075894][ T6936] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 201.075927][ T6936] [ 201.079533][ T6936] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 201.462084][ T6938] loop0: detected capacity change from 0 to 32768 [ 201.463262][ T6936] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 201.583808][ T6938] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6945] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6949] <... rseq resumed>) = 0 [pid 6948] <... rseq resumed>) = 0 [pid 6945] <... rseq resumed>) = 0 [pid 6936] <... mount resumed>) = -1 EEXIST (File exists) [pid 6935] <... ioctl resumed>) = 0 [pid 6933] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6926] <... ioctl resumed>) = 0 [pid 6949] set_robust_list(0x7fb4714d49a0, 24 [pid 6948] set_robust_list(0x7fb4714f59a0, 24 [pid 6945] set_robust_list(0x7fb4714f59a0, 24 [pid 6935] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... set_robust_list resumed>) = 0 [pid 6948] <... set_robust_list resumed>) = 0 [pid 6945] <... set_robust_list resumed>) = 0 [pid 6936] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6935] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = 0 [pid 6925] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6949] rt_sigprocmask(SIG_SETMASK, [], [pid 6948] rt_sigprocmask(SIG_SETMASK, [], [pid 6945] rt_sigprocmask(SIG_SETMASK, [], [pid 6936] <... openat resumed>) = 3 [pid 6935] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6933] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] ioctl(3, LOOP_CLR_FD [pid 6935] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6949] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6948] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6945] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6936] <... ioctl resumed>) = 0 [pid 6935] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6948] <... openat resumed>) = 4 [pid 6945] <... openat resumed>) = 4 [pid 6936] close(3 [pid 6935] <... futex resumed>) = 1 [pid 6933] <... futex resumed>) = 0 [ 201.591637][ T6938] CPU: 0 UID: 0 PID: 6938 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 201.591666][ T6938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 201.591681][ T6938] Call Trace: [ 201.591689][ T6938] [ 201.591698][ T6938] dump_stack_lvl+0x189/0x250 [ 201.591729][ T6938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.591753][ T6938] ? __pfx__printk+0x10/0x10 [ 201.591779][ T6938] ? kernfs_root+0x1c/0x230 [ 201.591805][ T6938] ? kernfs_path_from_node+0x250/0x290 [ 201.591835][ T6938] ? kernfs_path_from_node+0x2f/0x290 [ 201.591860][ T6938] sysfs_create_dir_ns+0x259/0x280 [ 201.591883][ T6938] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 201.591905][ T6938] ? do_raw_spin_unlock+0x122/0x240 [ 201.591933][ T6938] kobject_add_internal+0x59f/0xb40 [ 201.591960][ T6938] kobject_init_and_add+0x125/0x190 [ 201.591986][ T6938] ? __pfx_kobject_init_and_add+0x10/0x10 [ 201.592009][ T6938] ? __raw_spin_lock_init+0x45/0x100 [pid 6949] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] <... futex resumed>) = 0 [pid 6945] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] <... futex resumed>) = 0 [pid 6949] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6925] exit_group(0 [pid 6949] <... futex resumed>) = ? [pid 6945] <... futex resumed>) = ? [pid 6925] <... exit_group resumed>) = ? [pid 6949] +++ exited with 0 +++ [pid 6945] +++ exited with 0 +++ [pid 6926] <... futex resumed>) = ? [pid 6926] +++ exited with 0 +++ [pid 6925] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6925, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=78 /* 0.78 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./53/file0") = 0 [pid 5870] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./53/binderfs") = 0 [pid 5870] umount2("./53/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./53/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./53/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./53") = 0 [pid 5870] mkdir("./54", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [ 201.592034][ T6938] ? __init_swait_queue_head+0xa9/0x150 [ 201.592061][ T6938] gfs2_sys_fs_add+0x234/0x450 [ 201.592083][ T6938] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 201.592107][ T6938] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 201.592142][ T6938] gfs2_fill_super+0x13c0/0x20d0 [ 201.592177][ T6938] ? __pfx_gfs2_fill_super+0x10/0x10 [ 201.592205][ T6938] ? sb_set_blocksize+0x104/0x180 [ 201.592234][ T6938] ? setup_bdev_super+0x4c1/0x5b0 [ 201.592264][ T6938] get_tree_bdev_flags+0x40b/0x4d0 [ 201.592291][ T6938] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6950 ./strace-static-x86_64: Process 6950 attached [pid 6950] set_robust_list(0x55558d547760, 24) = 0 [pid 6950] chdir("./54") = 0 [pid 6950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6950] setpgid(0, 0) = 0 [pid 6950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6950] write(3, "1000", 4) = 4 [pid 6950] close(3executing program ) = 0 [pid 6950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6950] write(1, "executing program\n", 18) = 18 [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6950] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6951 attached => {parent_tid=[6951]}, 88) = 6951 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], [pid 6951] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6951] <... rseq resumed>) = 0 [pid 6950] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] set_robust_list(0x7fb4715169a0, 24 [pid 6950] <... futex resumed>) = 0 [pid 6951] <... set_robust_list resumed>) = 0 [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 201.592317][ T6938] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 201.592351][ T6938] gfs2_get_tree+0x51/0x1e0 [ 201.592379][ T6938] vfs_get_tree+0x8f/0x2b0 [ 201.592408][ T6938] do_new_mount+0x2a2/0xa30 [ 201.592439][ T6938] ? ns_capable+0x8a/0xf0 [ 201.592459][ T6938] ? __pfx_do_new_mount+0x10/0x10 [ 201.592488][ T6938] ? path_mount+0x61c/0xfe0 [ 201.592516][ T6938] ? user_path_at+0x44/0x60 [ 201.592544][ T6938] __se_sys_mount+0x317/0x410 [ 201.592579][ T6938] ? __pfx___se_sys_mount+0x10/0x10 [ 201.592609][ T6938] ? rcu_is_watching+0x15/0xb0 [pid 6951] memfd_create("syzkaller", 0) = 3 [pid 6951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6936] <... close resumed>) = 0 [ 201.592632][ T6938] ? __x64_sys_mount+0x20/0xc0 [ 201.592663][ T6938] do_syscall_64+0xfa/0x3b0 [ 201.592685][ T6938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.592705][ T6938] ? clear_bhb_loop+0x60/0xb0 [ 201.592727][ T6938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.592747][ T6938] RIP: 0033:0x7fb47156b94a [ 201.592766][ T6938] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6936] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 201.592785][ T6938] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 201.592807][ T6938] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 201.592829][ T6938] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 201.592844][ T6938] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 201.592859][ T6938] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 201.592873][ T6938] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6936] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... futex resumed>) = 0 [pid 6933] exit_group(0 [pid 6948] <... futex resumed>) = ? [pid 6935] <... futex resumed>) = ? [pid 6934] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] <... exit_group resumed>) = ? [pid 6935] +++ exited with 0 +++ [pid 6934] <... futex resumed>) = 1 [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] +++ exited with 0 +++ [pid 6936] <... futex resumed>) = 0 [pid 6933] +++ exited with 0 +++ [pid 6936] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6933, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=37 /* 0.37 s */} --- [pid 6936] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6936] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6934] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./54/file0") = 0 [pid 5868] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./54/binderfs") = 0 [pid 5868] umount2("./54/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./54/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./54/cpuset.effective_mems" [pid 6938] <... mount resumed>) = -1 EEXIST (File exists) [pid 5868] <... unlink resumed>) = 0 [pid 6938] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5868] getdents64(3, [pid 6938] <... openat resumed>) = 3 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./54") = 0 [pid 5868] mkdir("./55", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3 [pid 6938] ioctl(3, LOOP_CLR_FD [pid 6936] <... ioctl resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6938] <... ioctl resumed>) = 0 [pid 6936] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6938] close(3 [pid 6936] <... futex resumed>) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6936] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6934] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6952 [pid 6936] <... openat resumed>) = 4 [pid 6934] <... futex resumed>) = 0 [pid 6936] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... futex resumed>) = 0 [pid 6934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6934] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6952 attached ) = 0 [ 201.592895][ T6938] [ 201.592916][ T6938] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 201.909186][ T6938] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6934] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] set_robust_list(0x55558d547760, 24) = 0 [pid 6952] chdir("./55") = 0 [pid 6952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6952] setpgid(0, 0) = 0 [pid 6952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6934] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6952] write(3, "1000", 4) = 4 [pid 6952] close(3) = 0 [pid 6952] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6952] write(1, "executing program\n", 18) = 18 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6952] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6953 attached => {parent_tid=[6953]}, 88) = 6953 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6952] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... rseq resumed>) = 0 [pid 6952] <... futex resumed>) = 0 [pid 6953] set_robust_list(0x7fb4715169a0, 24 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6953] <... set_robust_list resumed>) = 0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] memfd_create("syzkaller", 0) = 3 [pid 6953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6938] <... close resumed>) = 0 [pid 6951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6938] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6938] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6937] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6937] <... futex resumed>) = 0 [pid 6938] openat(AT_FDCWD, ".", O_RDONLY [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] <... openat resumed>) = 3 [pid 6938] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6937] <... futex resumed>) = 0 [pid 6937] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6938] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] <... ioctl resumed>) = 0 [pid 6938] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6938] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6937] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... openat resumed>) = 4 [pid 6937] <... futex resumed>) = 0 [pid 6938] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] <... futex resumed>) = 0 [pid 6937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6938] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6937] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6934] exit_group(0) = ? [pid 6936] <... write resumed>) = ? [pid 6936] +++ exited with 0 +++ [pid 6934] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6934, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=91 /* 0.91 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./52/file0") = 0 [pid 5869] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./52/binderfs") = 0 [pid 5869] umount2("./52/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./52/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7254016, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./52/cpuset.effective_mems" [pid 6951] <... write resumed>) = 16777216 [pid 6951] munmap(0x7fb469000000, 138412032) = 0 [pid 6937] exit_group(0) = ? [pid 6938] <... write resumed>) = ? [pid 6951] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... unlink resumed>) = 0 [pid 6951] <... openat resumed>) = 4 [pid 6951] ioctl(4, LOOP_SET_FD, 3 [pid 6953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] getdents64(3, [pid 6938] +++ exited with 0 +++ [pid 6937] +++ exited with 0 +++ [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./52") = 0 [pid 5869] mkdir("./53", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6937, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=78 /* 0.78 s */} --- [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6954 ./strace-static-x86_64: Process 6954 attached [pid 6951] <... ioctl resumed>) = 0 [pid 6954] set_robust_list(0x55558d547760, 24 [pid 6951] close(3 [pid 6954] <... set_robust_list resumed>) = 0 [pid 6951] <... close resumed>) = 0 [pid 5867] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6954] chdir("./53" [pid 6951] close(4 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6951] <... close resumed>) = 0 [pid 6954] <... chdir resumed>) = 0 [pid 6951] mkdir("./file0", 0777 [pid 5867] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6951] <... mkdir resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 6954] <... prctl resumed>) = 0 [pid 6951] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6954] setpgid(0, 0 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6954] <... setpgid resumed>) = 0 [ 202.370059][ T6951] loop3: detected capacity change from 0 to 32768 [ 202.415887][ T6951] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 202.423335][ T6951] CPU: 1 UID: 0 PID: 6951 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 202.423365][ T6951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 202.423379][ T6951] Call Trace: [ 202.423387][ T6951] [ 202.423397][ T6951] dump_stack_lvl+0x189/0x250 [ 202.423430][ T6951] ? __pfx_dump_stack_lvl+0x10/0x10 executing program [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] getdents64(3, [pid 6954] <... openat resumed>) = 3 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 6954] write(3, "1000", 4) = 4 [pid 5867] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6954] close(3 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6954] <... close resumed>) = 0 [pid 5867] newfstatat(AT_FDCWD, "./54/file0", [pid 6954] symlink("/dev/binderfs", "./binderfs" [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6954] <... symlink resumed>) = 0 [pid 5867] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6954] write(1, "executing program\n", 18 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6954] <... write resumed>) = 18 [pid 5867] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... openat resumed>) = 4 [pid 6954] <... futex resumed>) = 0 [pid 5867] newfstatat(4, "", [pid 6954] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6954] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5867] getdents64(4, [pid 6954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5867] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] getdents64(4, [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5867] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 6954] <... mmap resumed>) = 0x7fb4714f6000 [pid 5867] close(4 [pid 6954] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5867] <... close resumed>) = 0 [pid 6954] <... mprotect resumed>) = 0 [pid 5867] rmdir("./54/file0" [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5867] <... rmdir resumed>) = 0 [pid 6954] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5867] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6954] <... clone3 resumed> => {parent_tid=[6957]}, 88) = 6957 [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] unlink("./54/binderfs" [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... unlink resumed>) = 0 [pid 6954] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] umount2("./54/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6954] <... futex resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] newfstatat(AT_FDCWD, "./54/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4354048, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6957 attached [pid 5867] unlink("./54/cpuset.effective_mems" [pid 6957] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6957] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6957] memfd_create("syzkaller", 0) = 3 [pid 6957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 202.423455][ T6951] ? __pfx__printk+0x10/0x10 [ 202.423483][ T6951] ? kernfs_root+0x1c/0x230 [ 202.423508][ T6951] ? kernfs_path_from_node+0x250/0x290 [ 202.423531][ T6951] ? kernfs_path_from_node+0x2f/0x290 [ 202.423556][ T6951] sysfs_create_dir_ns+0x259/0x280 [ 202.423580][ T6951] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 202.423603][ T6951] ? do_raw_spin_unlock+0x122/0x240 [ 202.423631][ T6951] kobject_add_internal+0x59f/0xb40 [ 202.423660][ T6951] kobject_init_and_add+0x125/0x190 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./54") = 0 [pid 5867] mkdir("./55", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6958 [ 202.423686][ T6951] ? __pfx_kobject_init_and_add+0x10/0x10 [ 202.423710][ T6951] ? __raw_spin_lock_init+0x45/0x100 [ 202.423742][ T6951] ? __init_swait_queue_head+0xa9/0x150 [ 202.423768][ T6951] gfs2_sys_fs_add+0x234/0x450 [ 202.423791][ T6951] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 202.423815][ T6951] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 202.423849][ T6951] gfs2_fill_super+0x13c0/0x20d0 [ 202.423884][ T6951] ? __pfx_gfs2_fill_super+0x10/0x10 [ 202.423913][ T6951] ? sb_set_blocksize+0x104/0x180 [ 202.423944][ T6951] ? setup_bdev_super+0x4c1/0x5b0 [ 202.423973][ T6951] get_tree_bdev_flags+0x40b/0x4d0 [ 202.424002][ T6951] ? __pfx_gfs2_fill_super+0x10/0x10 [ 202.424029][ T6951] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 202.424063][ T6951] gfs2_get_tree+0x51/0x1e0 [ 202.424091][ T6951] vfs_get_tree+0x8f/0x2b0 [ 202.424120][ T6951] do_new_mount+0x2a2/0xa30 [ 202.424153][ T6951] ? ns_capable+0x8a/0xf0 [ 202.424173][ T6951] ? __pfx_do_new_mount+0x10/0x10 [ 202.424202][ T6951] ? path_mount+0x61c/0xfe0 [ 202.424230][ T6951] ? user_path_at+0x44/0x60 [ 202.424257][ T6951] __se_sys_mount+0x317/0x410 [ 202.424292][ T6951] ? __pfx___se_sys_mount+0x10/0x10 [ 202.424322][ T6951] ? rcu_is_watching+0x15/0xb0 [ 202.424346][ T6951] ? __x64_sys_mount+0x20/0xc0 [ 202.424378][ T6951] do_syscall_64+0xfa/0x3b0 [ 202.424400][ T6951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.424421][ T6951] ? clear_bhb_loop+0x60/0xb0 [ 202.424444][ T6951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.424465][ T6951] RIP: 0033:0x7fb47156b94a executing program ./strace-static-x86_64: Process 6958 attached [pid 6958] set_robust_list(0x55558d547760, 24) = 0 [pid 6958] chdir("./55") = 0 [pid 6958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6958] setpgid(0, 0) = 0 [pid 6958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6958] write(3, "1000", 4) = 4 [pid 6958] close(3) = 0 [pid 6958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6958] write(1, "executing program\n", 18) = 18 [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6958] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[6959]}, 88) = 6959 [pid 6958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6958] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6959 attached [pid 6959] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6959] set_robust_list(0x7fb4715169a0, 24) = 0 [ 202.424484][ T6951] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 202.424504][ T6951] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 202.424527][ T6951] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 202.424543][ T6951] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 202.424558][ T6951] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6959] memfd_create("syzkaller", 0) = 3 [pid 6959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6953] <... write resumed>) = 16777216 [ 202.424573][ T6951] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 202.424586][ T6951] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 202.424608][ T6951] [ 202.424631][ T6951] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6953] munmap(0x7fb469000000, 138412032) = 0 [pid 6953] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6953] ioctl(4, LOOP_SET_FD, 3 [pid 6957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6953] <... ioctl resumed>) = 0 [pid 6953] close(3) = 0 [pid 6953] close(4) = 0 [pid 6951] <... mount resumed>) = -1 EEXIST (File exists) [pid 6953] mkdir("./file0", 0777 [pid 6951] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6951] ioctl(3, LOOP_CLR_FD) = 0 [pid 6951] close(3 [pid 6953] <... mkdir resumed>) = 0 [ 202.811428][ T6951] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 202.823501][ T6953] loop1: detected capacity change from 0 to 32768 [ 202.863976][ T6953] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 202.895419][ T6953] CPU: 1 UID: 0 PID: 6953 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 202.895452][ T6953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 202.895467][ T6953] Call Trace: [ 202.895474][ T6953] [ 202.895483][ T6953] dump_stack_lvl+0x189/0x250 [ 202.895514][ T6953] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.895538][ T6953] ? __pfx__printk+0x10/0x10 [ 202.895563][ T6953] ? kernfs_root+0x1c/0x230 [ 202.895586][ T6953] ? kernfs_path_from_node+0x250/0x290 [ 202.895607][ T6953] ? kernfs_path_from_node+0x2f/0x290 [ 202.895631][ T6953] sysfs_create_dir_ns+0x259/0x280 [ 202.895655][ T6953] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 202.895677][ T6953] ? do_raw_spin_unlock+0x122/0x240 [ 202.895713][ T6953] kobject_add_internal+0x59f/0xb40 [ 202.895740][ T6953] kobject_init_and_add+0x125/0x190 [ 202.895765][ T6953] ? __pfx_kobject_init_and_add+0x10/0x10 [ 202.895787][ T6953] ? __raw_spin_lock_init+0x45/0x100 [ 202.895809][ T6953] ? __init_swait_queue_head+0xa9/0x150 [ 202.895834][ T6953] gfs2_sys_fs_add+0x234/0x450 [ 202.895855][ T6953] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 202.895879][ T6953] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 202.895912][ T6953] gfs2_fill_super+0x13c0/0x20d0 [ 202.895949][ T6953] ? __pfx_gfs2_fill_super+0x10/0x10 [ 202.895977][ T6953] ? sb_set_blocksize+0x104/0x180 [ 202.896008][ T6953] ? setup_bdev_super+0x4c1/0x5b0 [ 202.896039][ T6953] get_tree_bdev_flags+0x40b/0x4d0 [ 202.896068][ T6953] ? __pfx_gfs2_fill_super+0x10/0x10 [ 202.896095][ T6953] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 202.896131][ T6953] gfs2_get_tree+0x51/0x1e0 [ 202.896158][ T6953] vfs_get_tree+0x8f/0x2b0 [ 202.896189][ T6953] do_new_mount+0x2a2/0xa30 [ 202.896221][ T6953] ? ns_capable+0x8a/0xf0 [ 202.896241][ T6953] ? __pfx_do_new_mount+0x10/0x10 [ 202.896272][ T6953] ? path_mount+0x61c/0xfe0 [ 202.896301][ T6953] ? user_path_at+0x44/0x60 [ 202.896329][ T6953] __se_sys_mount+0x317/0x410 [ 202.896362][ T6953] ? __pfx___se_sys_mount+0x10/0x10 [ 202.896391][ T6953] ? rcu_is_watching+0x15/0xb0 [ 202.896414][ T6953] ? __x64_sys_mount+0x20/0xc0 [ 202.896445][ T6953] do_syscall_64+0xfa/0x3b0 [ 202.896467][ T6953] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.896487][ T6953] ? clear_bhb_loop+0x60/0xb0 [ 202.896510][ T6953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.896530][ T6953] RIP: 0033:0x7fb47156b94a [ 202.896548][ T6953] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 202.896565][ T6953] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 202.896588][ T6953] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6953] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6951] <... close resumed>) = 0 [pid 6951] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 202.896604][ T6953] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 202.896620][ T6953] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 202.896635][ T6953] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 202.896650][ T6953] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 202.896671][ T6953] [ 202.896693][ T6953] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6951] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6957] <... write resumed>) = 16777216 [pid 6950] <... futex resumed>) = 0 [pid 6953] <... mount resumed>) = -1 EEXIST (File exists) [pid 6950] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6951] <... futex resumed>) = 0 [pid 6950] <... futex resumed>) = 1 [pid 6951] openat(AT_FDCWD, ".", O_RDONLY [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] munmap(0x7fb469000000, 138412032 [pid 6951] <... openat resumed>) = 3 [pid 6953] <... openat resumed>) = 3 [pid 6953] ioctl(3, LOOP_CLR_FD [pid 6951] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... ioctl resumed>) = 0 [pid 6951] <... futex resumed>) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6953] close(3 [pid 6951] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 203.221625][ T6953] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6951] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 6951] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... openat resumed>) = 4 [pid 6951] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6950] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6957] <... munmap resumed>) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6957] close(3) = 0 [pid 6957] close(4) = 0 [pid 6957] mkdir("./file0", 0777) = 0 [pid 6957] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6953] <... close resumed>) = 0 [pid 6953] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6952] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6953] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] <... futex resumed>) = 0 [pid 6952] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... futex resumed>) = 0 [ 203.355278][ T6957] loop2: detected capacity change from 0 to 32768 [ 203.388428][ T6957] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6953] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 6953] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 203.407706][ T6957] CPU: 0 UID: 0 PID: 6957 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 203.407740][ T6957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.407754][ T6957] Call Trace: [ 203.407763][ T6957] [ 203.407772][ T6957] dump_stack_lvl+0x189/0x250 [ 203.407805][ T6957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.407830][ T6957] ? __pfx__printk+0x10/0x10 [ 203.407856][ T6957] ? kernfs_root+0x1c/0x230 [ 203.407882][ T6957] ? kernfs_path_from_node+0x250/0x290 [ 203.407904][ T6957] ? kernfs_path_from_node+0x2f/0x290 [ 203.407929][ T6957] sysfs_create_dir_ns+0x259/0x280 [ 203.407953][ T6957] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 203.407975][ T6957] ? do_raw_spin_unlock+0x122/0x240 [ 203.408004][ T6957] kobject_add_internal+0x59f/0xb40 [ 203.408041][ T6957] kobject_init_and_add+0x125/0x190 [ 203.408066][ T6957] ? __pfx_kobject_init_and_add+0x10/0x10 [ 203.408089][ T6957] ? __raw_spin_lock_init+0x45/0x100 [ 203.408114][ T6957] ? __init_swait_queue_head+0xa9/0x150 [ 203.408140][ T6957] gfs2_sys_fs_add+0x234/0x450 [ 203.408162][ T6957] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 203.408186][ T6957] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 203.408221][ T6957] gfs2_fill_super+0x13c0/0x20d0 [ 203.408255][ T6957] ? __pfx_gfs2_fill_super+0x10/0x10 [ 203.408285][ T6957] ? sb_set_blocksize+0x104/0x180 [ 203.408316][ T6957] ? setup_bdev_super+0x4c1/0x5b0 [ 203.408352][ T6957] get_tree_bdev_flags+0x40b/0x4d0 [ 203.408382][ T6957] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6953] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] <... futex resumed>) = 0 [pid 6952] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = 1 [pid 6953] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... openat resumed>) = 4 [pid 6953] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6952] <... futex resumed>) = 0 [pid 6952] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 203.408417][ T6957] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 203.408452][ T6957] gfs2_get_tree+0x51/0x1e0 [ 203.408479][ T6957] vfs_get_tree+0x8f/0x2b0 [ 203.408508][ T6957] do_new_mount+0x2a2/0xa30 [ 203.408539][ T6957] ? ns_capable+0x8a/0xf0 [ 203.408559][ T6957] ? __pfx_do_new_mount+0x10/0x10 [ 203.408589][ T6957] ? path_mount+0x61c/0xfe0 [ 203.408617][ T6957] ? user_path_at+0x44/0x60 [ 203.408644][ T6957] __se_sys_mount+0x317/0x410 [ 203.408678][ T6957] ? __pfx___se_sys_mount+0x10/0x10 [ 203.408708][ T6957] ? rcu_is_watching+0x15/0xb0 [pid 6953] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6959] <... write resumed>) = 16777216 [ 203.408732][ T6957] ? __x64_sys_mount+0x20/0xc0 [ 203.408762][ T6957] do_syscall_64+0xfa/0x3b0 [ 203.408783][ T6957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.408803][ T6957] ? clear_bhb_loop+0x60/0xb0 [ 203.408837][ T6957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.408857][ T6957] RIP: 0033:0x7fb47156b94a [ 203.408875][ T6957] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 203.408893][ T6957] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 203.408915][ T6957] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 203.408930][ T6957] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 203.408945][ T6957] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 203.408960][ T6957] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 203.408974][ T6957] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6959] munmap(0x7fb469000000, 138412032 [pid 6952] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 203.408995][ T6957] [ 203.465298][ T6957] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6950] exit_group(0) = ? [pid 6951] <... write resumed>) = ? [pid 6959] <... munmap resumed>) = 0 [pid 6959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6959] ioctl(4, LOOP_SET_FD, 3 [pid 6951] +++ exited with 0 +++ [pid 6950] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6950, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=86 /* 0.86 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./54/file0") = 0 [pid 5870] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./54/binderfs" [pid 6957] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] <... unlink resumed>) = 0 [pid 5870] umount2("./54/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./54/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9740288, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./54/cpuset.effective_mems" [pid 6957] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 203.783124][ T6957] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 203.796578][ T6959] loop0: detected capacity change from 0 to 32768 [pid 6957] ioctl(3, LOOP_CLR_FD) = 0 [pid 6957] close(3 [pid 6959] <... ioctl resumed>) = 0 [pid 6959] close(3) = 0 [pid 6959] close(4) = 0 [pid 6959] mkdir("./file0", 0777) = 0 [ 203.890150][ T6959] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 203.916005][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 203.916039][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.916053][ T6959] Call Trace: [ 203.916061][ T6959] [ 203.916070][ T6959] dump_stack_lvl+0x189/0x250 [ 203.916102][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.916128][ T6959] ? __pfx__printk+0x10/0x10 [ 203.916154][ T6959] ? kernfs_root+0x1c/0x230 [ 203.916180][ T6959] ? kernfs_path_from_node+0x250/0x290 [ 203.916202][ T6959] ? kernfs_path_from_node+0x2f/0x290 [ 203.916227][ T6959] sysfs_create_dir_ns+0x259/0x280 [ 203.916252][ T6959] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 203.916274][ T6959] ? do_raw_spin_unlock+0x122/0x240 [ 203.916302][ T6959] kobject_add_internal+0x59f/0xb40 [ 203.916330][ T6959] kobject_init_and_add+0x125/0x190 [ 203.916355][ T6959] ? __pfx_kobject_init_and_add+0x10/0x10 [ 203.916377][ T6959] ? __raw_spin_lock_init+0x45/0x100 [ 203.916402][ T6959] ? __init_swait_queue_head+0xa9/0x150 [ 203.916429][ T6959] gfs2_sys_fs_add+0x234/0x450 [ 203.916451][ T6959] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 203.916475][ T6959] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 203.916509][ T6959] gfs2_fill_super+0x13c0/0x20d0 [pid 6959] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6952] exit_group(0) = ? [pid 6953] <... write resumed>) = ? [pid 5870] <... unlink resumed>) = 0 [ 203.916544][ T6959] ? __pfx_gfs2_fill_super+0x10/0x10 [ 203.916572][ T6959] ? sb_set_blocksize+0x104/0x180 [ 203.916602][ T6959] ? setup_bdev_super+0x4c1/0x5b0 [ 203.916641][ T6959] get_tree_bdev_flags+0x40b/0x4d0 [ 203.916670][ T6959] ? __pfx_gfs2_fill_super+0x10/0x10 [ 203.916695][ T6959] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 203.916729][ T6959] gfs2_get_tree+0x51/0x1e0 [ 203.916756][ T6959] vfs_get_tree+0x8f/0x2b0 [ 203.916785][ T6959] do_new_mount+0x2a2/0xa30 [ 203.916817][ T6959] ? ns_capable+0x8a/0xf0 [pid 6953] +++ exited with 0 +++ [pid 6952] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6952, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=85 /* 0.85 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./55/file0") = 0 [pid 5868] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./55/binderfs") = 0 [pid 5868] umount2("./55/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./55/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9596928, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 203.916837][ T6959] ? __pfx_do_new_mount+0x10/0x10 [ 203.916865][ T6959] ? path_mount+0x61c/0xfe0 [ 203.916894][ T6959] ? user_path_at+0x44/0x60 [ 203.916921][ T6959] __se_sys_mount+0x317/0x410 [ 203.916955][ T6959] ? __pfx___se_sys_mount+0x10/0x10 [ 203.916985][ T6959] ? rcu_is_watching+0x15/0xb0 [ 203.917008][ T6959] ? __x64_sys_mount+0x20/0xc0 [ 203.917040][ T6959] do_syscall_64+0xfa/0x3b0 [ 203.917061][ T6959] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.917081][ T6959] ? clear_bhb_loop+0x60/0xb0 [pid 5868] unlink("./55/cpuset.effective_mems" [pid 6957] <... close resumed>) = 0 [pid 6957] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 1 [pid 6957] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6957] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6957] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 203.917105][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.917125][ T6959] RIP: 0033:0x7fb47156b94a [ 203.917143][ T6959] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 203.917162][ T6959] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 203.917185][ T6959] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6957] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./54") = 0 [pid 5870] mkdir("./55", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6966 [pid 6954] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6954] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6954] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6967]}, 88) = 6967 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6954] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 203.917201][ T6959] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 203.917217][ T6959] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 203.917232][ T6959] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 203.917245][ T6959] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 203.917266][ T6959] [ 203.917287][ T6959] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6954] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6967 attached ./strace-static-x86_64: Process 6966 attached [pid 6959] <... mount resumed>) = -1 EEXIST (File exists) [pid 6967] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 6966] set_robust_list(0x55558d547760, 24 [pid 6959] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6957] <... ioctl resumed>) = 0 [pid 5868] getdents64(3, [pid 6967] <... rseq resumed>) = 0 [pid 6966] <... set_robust_list resumed>) = 0 [pid 6959] <... openat resumed>) = 3 [pid 6957] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6957] <... futex resumed>) = 0 [pid 5868] close(3 [pid 6957] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] set_robust_list(0x7fb4714f59a0, 24 [pid 6959] ioctl(3, LOOP_CLR_FD [pid 6967] <... set_robust_list resumed>) = 0 [pid 6966] chdir("./55" [pid 6959] <... ioctl resumed>) = 0 [pid 6967] rt_sigprocmask(SIG_SETMASK, [], [pid 6966] <... chdir resumed>) = 0 [pid 6959] close(3 [pid 5868] <... close resumed>) = 0 [pid 6967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6967] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 204.239848][ T6959] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] rmdir("./55" [pid 6966] <... prctl resumed>) = 0 [pid 6967] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6966] setpgid(0, 0) = 0 [pid 6957] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] mkdir("./56", 0777 [pid 6967] <... futex resumed>) = 1 [pid 6967] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] close(3) = 0 [pid 6966] <... openat resumed>) = 3 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6966] write(3, "1000", 4 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 6968 ./strace-static-x86_64: Process 6968 attached [pid 6968] set_robust_list(0x55558d547760, 24 [pid 6966] <... write resumed>) = 4 [pid 6966] close(3 [pid 6968] <... set_robust_list resumed>) = 0 [pid 6966] <... close resumed>) = 0 [pid 6968] chdir("./56" [pid 6966] symlink("/dev/binderfs", "./binderfs" [pid 6968] <... chdir resumed>) = 0 [pid 6968] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 6966] <... symlink resumed>) = 0 [pid 6968] setpgid(0, 0 [pid 6966] write(1, "executing program\n", 18 [pid 6968] <... setpgid resumed>) = 0 [pid 6966] <... write resumed>) = 18 [pid 6968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6966] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6968] <... openat resumed>) = 3 [pid 6966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6968] write(3, "1000", 4 [pid 6966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6968] <... write resumed>) = 4 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6968] close(3) = 0 [pid 6966] <... mmap resumed>) = 0x7fb4714f6000 [pid 6968] symlink("/dev/binderfs", "./binderfs" [pid 6966] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6968] <... symlink resumed>) = 0 [pid 6966] <... mprotect resumed>) = 0 executing program [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6968] write(1, "executing program\n", 18 [pid 6966] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6968] <... write resumed>) = 18 [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6969 attached [pid 6968] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... clone3 resumed> => {parent_tid=[6969]}, 88) = 6969 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6966] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] <... futex resumed>) = 0 [pid 6966] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6968] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6966] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6968] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6969] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6968] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6970 attached => {parent_tid=[6970]}, 88) = 6970 [pid 6970] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], [pid 6970] <... rseq resumed>) = 0 [pid 6968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6970] set_robust_list(0x7fb4715169a0, 24 [pid 6968] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... set_robust_list resumed>) = 0 [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6970] memfd_create("syzkaller", 0) = 3 [pid 6969] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6969] memfd_create("syzkaller", 0) = 3 [pid 6969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6959] <... close resumed>) = 0 [pid 6959] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] <... futex resumed>) = 0 [pid 6959] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6958] <... futex resumed>) = 0 [pid 6959] openat(AT_FDCWD, ".", O_RDONLY [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... openat resumed>) = 3 [pid 6959] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] <... futex resumed>) = 0 [pid 6958] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6958] <... futex resumed>) = 1 [pid 6959] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... ioctl resumed>) = 0 [pid 6959] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] <... futex resumed>) = 0 [pid 6959] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6958] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... openat resumed>) = 4 [pid 6958] <... futex resumed>) = 0 [pid 6959] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... futex resumed>) = 0 [pid 6958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6959] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6958] <... futex resumed>) = 0 [pid 6959] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6958] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6954] exit_group(0 [pid 6967] <... futex resumed>) = ? [pid 6954] <... exit_group resumed>) = ? [pid 6967] +++ exited with 0 +++ [pid 6957] <... write resumed>) = ? [pid 6957] +++ exited with 0 +++ [pid 6954] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6954, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=72 /* 0.72 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./53/file0") = 0 [pid 5869] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./53/binderfs") = 0 [pid 5869] umount2("./53/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./53/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6365184, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./53/cpuset.effective_mems" [pid 6969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] <... unlink resumed>) = 0 [pid 6958] exit_group(0) = ? [pid 6970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6959] <... write resumed>) = ? [pid 5869] getdents64(3, [pid 6959] +++ exited with 0 +++ [pid 6958] +++ exited with 0 +++ [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6958, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=76 /* 0.76 s */} --- [pid 5869] close(3 [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./53" [pid 5867] <... restart_syscall resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./54", 0777 [pid 5867] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... mkdir resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 3 [pid 5867] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5867] newfstatat(3, "", [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] close(3) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./55/file0") = 0 [pid 5867] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./55/binderfs") = 0 [pid 5867] umount2("./55/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./55/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5787584, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./55/cpuset.effective_mems" [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6971 ./strace-static-x86_64: Process 6971 attached [pid 6971] set_robust_list(0x55558d547760, 24) = 0 [pid 6971] chdir("./54") = 0 [pid 6971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6971] setpgid(0, 0) = 0 [pid 6971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6971] write(3, "1000", 4) = 4 [pid 6971] close(3) = 0 [pid 6971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6971] write(1, "executing program\n", 18executing program ) = 18 [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6971] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6972 attached => {parent_tid=[6972]}, 88) = 6972 [pid 6972] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6971] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] <... rseq resumed>) = 0 [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] set_robust_list(0x7fb4715169a0, 24 [pid 6971] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... set_robust_list resumed>) = 0 [pid 6971] <... futex resumed>) = 0 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] memfd_create("syzkaller", 0) = 3 [pid 6972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./55") = 0 [pid 5867] mkdir("./56", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6973 attached , child_tidptr=0x55558d547750) = 6973 [pid 6973] set_robust_list(0x55558d547760, 24) = 0 [pid 6973] chdir("./56") = 0 [pid 6973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6973] setpgid(0, 0) = 0 [pid 6973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6973] write(3, "1000", 4) = 4 [pid 6973] close(3) = 0 [pid 6973] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6973] write(1, "executing program\n", 18) = 18 [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6973] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6974 attached => {parent_tid=[6974]}, 88) = 6974 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6974] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6973] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] <... rseq resumed>) = 0 [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6974] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6974] memfd_create("syzkaller", 0) = 3 [pid 6974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6969] <... write resumed>) = 16777216 [pid 6969] munmap(0x7fb469000000, 138412032 [pid 6970] <... write resumed>) = 16777216 [pid 6970] munmap(0x7fb469000000, 138412032 [pid 6969] <... munmap resumed>) = 0 [pid 6969] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6970] <... munmap resumed>) = 0 [pid 6969] close(3) = 0 [pid 6969] close(4) = 0 [pid 6969] mkdir("./file0", 0777 [pid 6970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6969] <... mkdir resumed>) = 0 [pid 6970] <... openat resumed>) = 4 [pid 6969] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6970] close(3) = 0 [pid 6970] close(4) = 0 [pid 6970] mkdir("./file0", 0777) = 0 [ 204.926861][ T6969] loop3: detected capacity change from 0 to 32768 [ 204.953934][ T6970] loop1: detected capacity change from 0 to 32768 [ 204.963476][ T6969] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 204.978936][ T6969] CPU: 0 UID: 0 PID: 6969 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 204.978968][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 204.978983][ T6969] Call Trace: [ 204.978991][ T6969] [ 204.979000][ T6969] dump_stack_lvl+0x189/0x250 [ 204.979030][ T6969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.979053][ T6969] ? __pfx__printk+0x10/0x10 [ 204.979079][ T6969] ? kernfs_root+0x1c/0x230 [ 204.979102][ T6969] ? kernfs_path_from_node+0x250/0x290 [ 204.979124][ T6969] ? kernfs_path_from_node+0x2f/0x290 [ 204.979148][ T6969] sysfs_create_dir_ns+0x259/0x280 [ 204.979171][ T6969] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 204.979194][ T6969] ? do_raw_spin_unlock+0x122/0x240 [ 204.979221][ T6969] kobject_add_internal+0x59f/0xb40 [ 204.979249][ T6969] kobject_init_and_add+0x125/0x190 [ 204.979274][ T6969] ? __pfx_kobject_init_and_add+0x10/0x10 [ 204.979298][ T6969] ? __raw_spin_lock_init+0x45/0x100 [ 204.979322][ T6969] ? __init_swait_queue_head+0xa9/0x150 [ 204.979348][ T6969] gfs2_sys_fs_add+0x234/0x450 [ 204.979370][ T6969] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 204.979392][ T6969] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 204.979424][ T6969] gfs2_fill_super+0x13c0/0x20d0 [ 204.979458][ T6969] ? __pfx_gfs2_fill_super+0x10/0x10 [ 204.979496][ T6969] ? sb_set_blocksize+0x104/0x180 [ 204.979527][ T6969] ? setup_bdev_super+0x4c1/0x5b0 [ 204.979556][ T6969] get_tree_bdev_flags+0x40b/0x4d0 [ 204.979583][ T6969] ? __pfx_gfs2_fill_super+0x10/0x10 [ 204.979610][ T6969] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 204.979642][ T6969] gfs2_get_tree+0x51/0x1e0 [ 204.979668][ T6969] vfs_get_tree+0x8f/0x2b0 [ 204.979695][ T6969] do_new_mount+0x2a2/0xa30 [ 204.979727][ T6969] ? ns_capable+0x8a/0xf0 [ 204.979745][ T6969] ? __pfx_do_new_mount+0x10/0x10 [ 204.979773][ T6969] ? path_mount+0x61c/0xfe0 [ 204.979800][ T6969] ? user_path_at+0x44/0x60 [ 204.979827][ T6969] __se_sys_mount+0x317/0x410 [ 204.979860][ T6969] ? __pfx___se_sys_mount+0x10/0x10 [ 204.979890][ T6969] ? rcu_is_watching+0x15/0xb0 [ 204.979913][ T6969] ? __x64_sys_mount+0x20/0xc0 [ 204.979944][ T6969] do_syscall_64+0xfa/0x3b0 [ 204.979965][ T6969] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.979985][ T6969] ? clear_bhb_loop+0x60/0xb0 [ 204.980007][ T6969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.980027][ T6969] RIP: 0033:0x7fb47156b94a [ 204.980045][ T6969] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 6970] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 204.980064][ T6969] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 204.980087][ T6969] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 204.980103][ T6969] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 204.980118][ T6969] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 204.980133][ T6969] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 204.980146][ T6969] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 204.980167][ T6969] [ 204.980191][ T6969] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 205.185632][ T6970] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 205.216516][ T6969] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 205.250818][ T6970] CPU: 1 UID: 0 PID: 6970 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 205.250855][ T6970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 205.250872][ T6970] Call Trace: [ 205.250883][ T6970] [ 205.250895][ T6970] dump_stack_lvl+0x189/0x250 [ 205.250932][ T6970] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.250960][ T6970] ? __pfx__printk+0x10/0x10 [ 205.250990][ T6970] ? kernfs_root+0x1c/0x230 [ 205.251019][ T6970] ? kernfs_path_from_node+0x250/0x290 [ 205.251043][ T6970] ? kernfs_path_from_node+0x2f/0x290 [ 205.251071][ T6970] sysfs_create_dir_ns+0x259/0x280 [ 205.251098][ T6970] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [pid 6974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6969] <... mount resumed>) = -1 EEXIST (File exists) [pid 6969] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6969] ioctl(3, LOOP_CLR_FD) = 0 [ 205.251124][ T6970] ? do_raw_spin_unlock+0x122/0x240 [ 205.251156][ T6970] kobject_add_internal+0x59f/0xb40 [ 205.251188][ T6970] kobject_init_and_add+0x125/0x190 [ 205.251216][ T6970] ? __pfx_kobject_init_and_add+0x10/0x10 [ 205.251251][ T6970] ? __raw_spin_lock_init+0x45/0x100 [ 205.251281][ T6970] ? __init_swait_queue_head+0xa9/0x150 [ 205.251311][ T6970] gfs2_sys_fs_add+0x234/0x450 [ 205.251336][ T6970] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 205.251362][ T6970] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 205.251402][ T6970] gfs2_fill_super+0x13c0/0x20d0 [ 205.251441][ T6970] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.251474][ T6970] ? sb_set_blocksize+0x104/0x180 [ 205.251507][ T6970] ? setup_bdev_super+0x4c1/0x5b0 [ 205.251542][ T6970] get_tree_bdev_flags+0x40b/0x4d0 [ 205.251571][ T6970] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.251600][ T6970] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 205.251639][ T6970] gfs2_get_tree+0x51/0x1e0 [ 205.251670][ T6970] vfs_get_tree+0x8f/0x2b0 [ 205.251702][ T6970] do_new_mount+0x2a2/0xa30 [ 205.251738][ T6970] ? ns_capable+0x8a/0xf0 [ 205.251760][ T6970] ? __pfx_do_new_mount+0x10/0x10 [ 205.251794][ T6970] ? path_mount+0x61c/0xfe0 [ 205.251826][ T6970] ? user_path_at+0x44/0x60 [ 205.251858][ T6970] __se_sys_mount+0x317/0x410 [ 205.251897][ T6970] ? __pfx___se_sys_mount+0x10/0x10 [ 205.251930][ T6970] ? rcu_is_watching+0x15/0xb0 [ 205.251956][ T6970] ? __x64_sys_mount+0x20/0xc0 [ 205.251992][ T6970] do_syscall_64+0xfa/0x3b0 [ 205.252017][ T6970] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.252041][ T6970] ? clear_bhb_loop+0x60/0xb0 [ 205.252067][ T6970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.252089][ T6970] RIP: 0033:0x7fb47156b94a [ 205.252110][ T6970] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 205.252131][ T6970] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 205.252157][ T6970] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6969] close(3) = 0 [pid 6969] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6969] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6966] <... futex resumed>) = 0 [pid 6969] openat(AT_FDCWD, ".", O_RDONLY [pid 6966] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... openat resumed>) = 3 [pid 6969] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6969] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... write resumed>) = 16777216 [pid 6969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6966] <... futex resumed>) = 0 [pid 6969] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6966] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... write resumed>) = 16777216 [pid 6974] munmap(0x7fb469000000, 138412032 [ 205.252176][ T6970] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 205.252193][ T6970] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 205.252211][ T6970] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 205.252226][ T6970] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 205.252258][ T6970] [ 205.252286][ T6970] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6972] munmap(0x7fb469000000, 138412032 [pid 6966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6966] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6966] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 6979 attached => {parent_tid=[6979]}, 88) = 6979 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6966] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6979] set_robust_list(0x7fb4714f59a0, 24 [pid 6972] <... munmap resumed>) = 0 [pid 6979] <... set_robust_list resumed>) = 0 [pid 6979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6979] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6974] <... munmap resumed>) = 0 [pid 6979] <... openat resumed>) = 4 [pid 6972] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6970] <... mount resumed>) = -1 EEXIST (File exists) [pid 6969] <... ioctl resumed>) = 0 [pid 6979] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6972] <... openat resumed>) = 4 [pid 6970] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6969] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... futex resumed>) = 1 [pid 6972] ioctl(4, LOOP_SET_FD, 3 [pid 6966] <... futex resumed>) = 0 [pid 6979] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] <... openat resumed>) = 4 [pid 6969] <... futex resumed>) = 0 [pid 6966] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] ioctl(4, LOOP_SET_FD, 3 [pid 6969] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6966] <... futex resumed>) = 0 [pid 6972] <... ioctl resumed>) = 0 [pid 6970] <... openat resumed>) = 3 [pid 6972] close(3 [pid 6970] ioctl(3, LOOP_CLR_FD [pid 6972] <... close resumed>) = 0 [pid 6970] <... ioctl resumed>) = 0 [pid 6972] close(4 [pid 6970] close(3 [pid 6966] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... close resumed>) = 0 [pid 6972] mkdir("./file0", 0777) = 0 [ 205.697116][ T6970] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 205.712321][ T6972] loop2: detected capacity change from 0 to 32768 [ 205.713800][ T6974] loop0: detected capacity change from 0 to 32768 [pid 6972] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6974] <... ioctl resumed>) = 0 [ 205.745621][ T6972] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 205.769991][ T6972] CPU: 1 UID: 0 PID: 6972 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 205.770022][ T6972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 205.770036][ T6972] Call Trace: [ 205.770044][ T6972] [ 205.770053][ T6972] dump_stack_lvl+0x189/0x250 [ 205.770084][ T6972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.770108][ T6972] ? __pfx__printk+0x10/0x10 [ 205.770135][ T6972] ? kernfs_root+0x1c/0x230 [ 205.770160][ T6972] ? kernfs_path_from_node+0x250/0x290 [ 205.770190][ T6972] ? kernfs_path_from_node+0x2f/0x290 [ 205.770214][ T6972] sysfs_create_dir_ns+0x259/0x280 [ 205.770237][ T6972] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 205.770260][ T6972] ? do_raw_spin_unlock+0x122/0x240 [ 205.770287][ T6972] kobject_add_internal+0x59f/0xb40 [ 205.770314][ T6972] kobject_init_and_add+0x125/0x190 [ 205.770339][ T6972] ? __pfx_kobject_init_and_add+0x10/0x10 [ 205.770361][ T6972] ? __raw_spin_lock_init+0x45/0x100 [ 205.770386][ T6972] ? __init_swait_queue_head+0xa9/0x150 [ 205.770411][ T6972] gfs2_sys_fs_add+0x234/0x450 [ 205.770433][ T6972] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 205.770455][ T6972] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 205.770487][ T6972] gfs2_fill_super+0x13c0/0x20d0 [pid 6974] close(3 [pid 6966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6974] <... close resumed>) = 0 [pid 6974] close(4) = 0 [pid 6974] mkdir("./file0", 0777) = 0 [ 205.770520][ T6972] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.770548][ T6972] ? sb_set_blocksize+0x104/0x180 [ 205.770578][ T6972] ? setup_bdev_super+0x4c1/0x5b0 [ 205.770607][ T6972] get_tree_bdev_flags+0x40b/0x4d0 [ 205.770653][ T6972] ? __pfx_gfs2_fill_super+0x10/0x10 [ 205.770680][ T6972] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 205.770714][ T6972] gfs2_get_tree+0x51/0x1e0 [ 205.770742][ T6972] vfs_get_tree+0x8f/0x2b0 [ 205.770771][ T6972] do_new_mount+0x2a2/0xa30 [ 205.770804][ T6972] ? ns_capable+0x8a/0xf0 [ 205.770823][ T6972] ? __pfx_do_new_mount+0x10/0x10 [ 205.770853][ T6972] ? path_mount+0x61c/0xfe0 [ 205.770881][ T6972] ? user_path_at+0x44/0x60 [ 205.770909][ T6972] __se_sys_mount+0x317/0x410 [ 205.770943][ T6972] ? __pfx___se_sys_mount+0x10/0x10 [ 205.770972][ T6972] ? rcu_is_watching+0x15/0xb0 [ 205.770995][ T6972] ? __x64_sys_mount+0x20/0xc0 [ 205.771026][ T6972] do_syscall_64+0xfa/0x3b0 [ 205.771049][ T6972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.771070][ T6972] ? clear_bhb_loop+0x60/0xb0 [pid 6974] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6970] <... close resumed>) = 0 [pid 6970] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 205.771093][ T6972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.771113][ T6972] RIP: 0033:0x7fb47156b94a [ 205.771132][ T6972] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 205.771150][ T6972] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 205.771183][ T6972] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 6970] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6968] <... futex resumed>) = 0 [ 205.771199][ T6972] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 205.771214][ T6972] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 205.771229][ T6972] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 205.771243][ T6972] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 205.771265][ T6972] [ 205.772882][ T6972] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 206.091170][ T6972] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6968] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... futex resumed>) = 0 [pid 6970] openat(AT_FDCWD, ".", O_RDONLY) = 3 [ 206.091869][ T6974] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 206.110535][ T6974] CPU: 0 UID: 0 PID: 6974 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 206.110566][ T6974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 206.110580][ T6974] Call Trace: [ 206.110589][ T6974] [ 206.110599][ T6974] dump_stack_lvl+0x189/0x250 [ 206.110631][ T6974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.110656][ T6974] ? __pfx__printk+0x10/0x10 [ 206.110684][ T6974] ? kernfs_root+0x1c/0x230 [ 206.110711][ T6974] ? kernfs_path_from_node+0x250/0x290 [ 206.110733][ T6974] ? kernfs_path_from_node+0x2f/0x290 [ 206.110758][ T6974] sysfs_create_dir_ns+0x259/0x280 [ 206.110783][ T6974] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 206.110805][ T6974] ? do_raw_spin_unlock+0x122/0x240 [ 206.110844][ T6974] kobject_add_internal+0x59f/0xb40 [ 206.110873][ T6974] kobject_init_and_add+0x125/0x190 [ 206.110898][ T6974] ? __pfx_kobject_init_and_add+0x10/0x10 [ 206.110921][ T6974] ? __raw_spin_lock_init+0x45/0x100 [ 206.110946][ T6974] ? __init_swait_queue_head+0xa9/0x150 [ 206.110972][ T6974] gfs2_sys_fs_add+0x234/0x450 [ 206.110993][ T6974] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 206.111017][ T6974] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 206.111050][ T6974] gfs2_fill_super+0x13c0/0x20d0 [ 206.111084][ T6974] ? __pfx_gfs2_fill_super+0x10/0x10 [ 206.111112][ T6974] ? sb_set_blocksize+0x104/0x180 [ 206.111141][ T6974] ? setup_bdev_super+0x4c1/0x5b0 [ 206.111178][ T6974] get_tree_bdev_flags+0x40b/0x4d0 [ 206.111206][ T6974] ? __pfx_gfs2_fill_super+0x10/0x10 [ 206.111231][ T6974] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 206.111264][ T6974] gfs2_get_tree+0x51/0x1e0 [ 206.111291][ T6974] vfs_get_tree+0x8f/0x2b0 [ 206.111319][ T6974] do_new_mount+0x2a2/0xa30 [ 206.111350][ T6974] ? ns_capable+0x8a/0xf0 [ 206.111370][ T6974] ? __pfx_do_new_mount+0x10/0x10 [ 206.111398][ T6974] ? path_mount+0x61c/0xfe0 [pid 6970] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... mount resumed>) = -1 EEXIST (File exists) [pid 6970] <... futex resumed>) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... write resumed>) = 16777152 [pid 6972] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6970] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6972] <... openat resumed>) = 3 [pid 6969] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] ioctl(3, LOOP_CLR_FD [pid 6969] <... futex resumed>) = 0 [pid 6972] <... ioctl resumed>) = 0 [pid 6969] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] exit_group(0 [ 206.111426][ T6974] ? user_path_at+0x44/0x60 [ 206.111452][ T6974] __se_sys_mount+0x317/0x410 [ 206.111485][ T6974] ? __pfx___se_sys_mount+0x10/0x10 [ 206.111514][ T6974] ? rcu_is_watching+0x15/0xb0 [ 206.111538][ T6974] ? __x64_sys_mount+0x20/0xc0 [ 206.111568][ T6974] do_syscall_64+0xfa/0x3b0 [ 206.111589][ T6974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.111609][ T6974] ? clear_bhb_loop+0x60/0xb0 [ 206.111631][ T6974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.111651][ T6974] RIP: 0033:0x7fb47156b94a [pid 6972] close(3 [pid 6969] <... futex resumed>) = ? [pid 6966] <... exit_group resumed>) = ? [pid 6968] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6968] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6968] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[6984]}, 88) = 6984 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6968] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] +++ exited with 0 +++ ./strace-static-x86_64: Process 6984 attached [pid 6984] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 6984] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 6984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 206.111669][ T6974] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 206.111687][ T6974] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 206.111709][ T6974] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 206.111725][ T6974] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 206.111740][ T6974] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 6984] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6979] <... futex resumed>) = ? [pid 6968] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6968] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6968] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6968] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6979] +++ exited with 0 +++ [pid 6968] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6966] +++ exited with 0 +++ [pid 6968] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[6985]}, 88) = 6985 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6968] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6966, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=94 /* 0.94 s */} --- [pid 5870] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6985 attached [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./55/file0") = 0 [pid 5870] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 206.111755][ T6974] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 206.111768][ T6974] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 206.111789][ T6974] [ 206.111810][ T6974] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6985] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 5870] unlink("./55/binderfs") = 0 [pid 5870] umount2("./55/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./55/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=16777152, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./55/cpuset.effective_mems" [pid 6985] <... rseq resumed>) = 0 [pid 6985] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 6985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6985] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6974] <... mount resumed>) = -1 EEXIST (File exists) [pid 6985] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6985] <... futex resumed>) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6985] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] <... openat resumed>) = 3 [pid 6974] ioctl(3, LOOP_CLR_FD) = 0 [pid 6974] close(3 [pid 6984] <... openat resumed>) = 4 [pid 6970] <... ioctl resumed>) = 0 [pid 6984] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6984] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] exit_group(0 [pid 6985] <... futex resumed>) = ? [pid 6984] <... futex resumed>) = ? [pid 6968] <... exit_group resumed>) = ? [pid 6985] +++ exited with 0 +++ [pid 6970] +++ exited with 0 +++ [pid 6984] +++ exited with 0 +++ [pid 6968] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6968, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=70 /* 0.70 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./56/file0") = 0 [pid 5868] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./56/binderfs") = 0 [pid 5868] umount2("./56/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./56/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./56/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./56") = 0 [pid 5868] mkdir("./57", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 206.450982][ T6974] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6986 ./strace-static-x86_64: Process 6986 attached [pid 6986] set_robust_list(0x55558d547760, 24) = 0 [pid 6986] chdir("./57") = 0 [pid 6986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6986] setpgid(0, 0) = 0 [pid 6986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6972] <... close resumed>) = 0 [pid 6986] write(3, "1000", 4) = 4 [pid 6986] close(3 [pid 6972] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] <... close resumed>) = 0 [pid 6972] <... futex resumed>) = 1 [pid 6971] <... futex resumed>) = 0 [pid 6986] symlink("/dev/binderfs", "./binderfs" [pid 6972] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6971] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6986] <... symlink resumed>) = 0 [pid 6972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6971] <... futex resumed>) = 0 [pid 6986] write(1, "executing program\n", 18 [pid 6972] openat(AT_FDCWD, ".", O_RDONLY [pid 6986] <... write resumed>) = 18 [pid 6972] <... openat resumed>) = 3 [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6986] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6986] <... futex resumed>) = 0 [pid 6972] <... futex resumed>) = 0 [pid 6971] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6972] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6971] <... futex resumed>) = 0 [pid 6986] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6986] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6972] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6987 attached [pid 6972] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6986] <... clone3 resumed> => {parent_tid=[6987]}, 88) = 6987 [pid 6987] <... rseq resumed>) = 0 [pid 6986] rt_sigprocmask(SIG_SETMASK, [], [pid 6972] <... futex resumed>) = 1 [pid 6971] <... futex resumed>) = 0 [pid 6987] set_robust_list(0x7fb4715169a0, 24 [pid 6986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6971] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6987] <... set_robust_list resumed>) = 0 [pid 6986] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6987] rt_sigprocmask(SIG_SETMASK, [], [pid 6986] <... futex resumed>) = 0 [pid 6972] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6986] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6987] memfd_create("syzkaller", 0 [pid 6972] <... openat resumed>) = 4 [pid 6987] <... memfd_create resumed>) = 3 [pid 6972] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6972] <... futex resumed>) = 1 [pid 6971] <... futex resumed>) = 0 [pid 6987] <... mmap resumed>) = 0x7fb469000000 [pid 6972] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6971] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6971] <... futex resumed>) = 1 [pid 6972] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6971] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./55") = 0 [pid 5870] mkdir("./56", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3 [pid 6974] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 6974] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6974] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6974] openat(AT_FDCWD, ".", O_RDONLY [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... openat resumed>) = 3 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6988 attached [pid 6974] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] set_robust_list(0x55558d547760, 24 [pid 6974] <... futex resumed>) = 1 [pid 6973] <... futex resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 6988 [pid 6988] <... set_robust_list resumed>) = 0 [pid 6974] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6988] chdir("./56" [pid 6974] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... chdir resumed>) = 0 [pid 6988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6988] setpgid(0, 0) = 0 [pid 6988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6988] write(3, "1000", 4) = 4 [pid 6988] close(3) = 0 [pid 6974] <... ioctl resumed>) = 0 [pid 6988] symlink("/dev/binderfs", "./binderfs" [pid 6974] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6988] <... symlink resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6988] write(1, "executing program\n", 18 [pid 6974] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] <... write resumed>) = 18 [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... futex resumed>) = 0 [pid 6988] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6974] <... openat resumed>) = 4 [pid 6988] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6974] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6974] <... futex resumed>) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6988] <... mmap resumed>) = 0x7fb4714f6000 [pid 6974] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6973] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... mprotect resumed>) = 0 [pid 6988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6989 attached => {parent_tid=[6989]}, 88) = 6989 [pid 6989] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 6988] rt_sigprocmask(SIG_SETMASK, [], [pid 6989] set_robust_list(0x7fb4715169a0, 24 [pid 6988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6989] <... set_robust_list resumed>) = 0 [pid 6989] rt_sigprocmask(SIG_SETMASK, [], [pid 6988] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6988] <... futex resumed>) = 0 [pid 6989] memfd_create("syzkaller", 0 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6989] <... memfd_create resumed>) = 3 [pid 6989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6973] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6973] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6971] exit_group(0) = ? [pid 6972] <... write resumed>) = ? [pid 6972] +++ exited with 0 +++ [pid 6971] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6971, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=77 /* 0.77 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./54/file0") = 0 [pid 5869] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./54/binderfs") = 0 [pid 5869] umount2("./54/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./54/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7839744, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./54/cpuset.effective_mems" [pid 6973] exit_group(0) = ? [pid 6974] <... write resumed>) = ? [pid 6974] +++ exited with 0 +++ [pid 6973] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6973, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=79 /* 0.79 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./56/file0") = 0 [pid 5867] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./56/binderfs") = 0 [pid 5867] umount2("./56/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./56/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5513216, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./56/cpuset.effective_mems" [pid 6989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./56") = 0 [pid 5867] mkdir("./57", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 6990 ./strace-static-x86_64: Process 6990 attached [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, [pid 6990] set_robust_list(0x55558d547760, 24) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./54") = 0 [pid 5869] mkdir("./55", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6990] chdir("./57") = 0 [pid 6987] <... write resumed>) = 16777216 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6987] munmap(0x7fb469000000, 138412032 [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6991 attached [pid 6990] <... prctl resumed>) = 0 [pid 6990] setpgid(0, 0 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 6991 [pid 6990] <... setpgid resumed>) = 0 [pid 6991] set_robust_list(0x55558d547760, 24) = 0 [pid 6991] chdir("./55" [pid 6990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6991] <... chdir resumed>) = 0 [pid 6991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6991] setpgid(0, 0) = 0 [pid 6991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6990] <... openat resumed>) = 3 [pid 6990] write(3, "1000", 4 [pid 6991] <... openat resumed>) = 3 [pid 6990] <... write resumed>) = 4 [pid 6991] write(3, "1000", 4) = 4 [pid 6991] close(3) = 0 [pid 6990] close(3 [pid 6991] symlink("/dev/binderfs", "./binderfs" [pid 6990] <... close resumed>) = 0 [pid 6991] <... symlink resumed>) = 0 [pid 6990] symlink("/dev/binderfs", "./binderfs" [pid 6991] write(1, "executing program\n", 18executing program ) = 18 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 6991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 6991] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6990] <... symlink resumed>) = 0 [pid 6991] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 6992 attached => {parent_tid=[6992]}, 88) = 6992 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6991] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6990] write(1, "executing program\n", 18) = 18 [pid 6992] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] <... rseq resumed>) = 0 [pid 6990] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 6992] set_robust_list(0x7fb4715169a0, 24 [pid 6990] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6990] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6992] memfd_create("syzkaller", 0 [pid 6990] <... mmap resumed>) = 0x7fb4714f6000 [pid 6990] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6992] <... memfd_create resumed>) = 3 [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6990] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 6992] <... mmap resumed>) = 0x7fb469000000 ./strace-static-x86_64: Process 6993 attached [pid 6993] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 6990] <... clone3 resumed> => {parent_tid=[6993]}, 88) = 6993 [pid 6993] <... rseq resumed>) = 0 [pid 6993] set_robust_list(0x7fb4715169a0, 24 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6993] <... set_robust_list resumed>) = 0 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6993] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6990] <... futex resumed>) = 1 [pid 6993] memfd_create("syzkaller", 0 [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6993] <... memfd_create resumed>) = 3 [pid 6993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6987] <... munmap resumed>) = 0 [pid 6987] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6987] close(3) = 0 [pid 6987] close(4) = 0 [pid 6987] mkdir("./file0", 0777) = 0 [ 207.176247][ T6987] loop1: detected capacity change from 0 to 32768 [ 207.209037][ T6987] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6987] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6989] <... write resumed>) = 16777216 [ 207.225898][ T6987] CPU: 1 UID: 0 PID: 6987 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 207.225948][ T6987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 207.225962][ T6987] Call Trace: [ 207.225971][ T6987] [ 207.225981][ T6987] dump_stack_lvl+0x189/0x250 [ 207.226013][ T6987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.226036][ T6987] ? __pfx__printk+0x10/0x10 [ 207.226064][ T6987] ? kernfs_root+0x1c/0x230 [ 207.226088][ T6987] ? kernfs_path_from_node+0x250/0x290 [ 207.226111][ T6987] ? kernfs_path_from_node+0x2f/0x290 [ 207.226135][ T6987] sysfs_create_dir_ns+0x259/0x280 [ 207.226158][ T6987] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 207.226180][ T6987] ? do_raw_spin_unlock+0x122/0x240 [ 207.226207][ T6987] kobject_add_internal+0x59f/0xb40 [ 207.226237][ T6987] kobject_init_and_add+0x125/0x190 [ 207.226261][ T6987] ? __pfx_kobject_init_and_add+0x10/0x10 [ 207.226293][ T6987] ? __raw_spin_lock_init+0x45/0x100 [ 207.226319][ T6987] ? __init_swait_queue_head+0xa9/0x150 [ 207.226344][ T6987] gfs2_sys_fs_add+0x234/0x450 [ 207.226367][ T6987] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 207.226390][ T6987] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 207.226423][ T6987] gfs2_fill_super+0x13c0/0x20d0 [ 207.226457][ T6987] ? __pfx_gfs2_fill_super+0x10/0x10 [ 207.226486][ T6987] ? sb_set_blocksize+0x104/0x180 [ 207.226515][ T6987] ? setup_bdev_super+0x4c1/0x5b0 [ 207.226543][ T6987] get_tree_bdev_flags+0x40b/0x4d0 [ 207.226572][ T6987] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6989] munmap(0x7fb469000000, 138412032) = 0 [pid 6989] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6989] close(3) = 0 [pid 6989] close(4) = 0 [pid 6989] mkdir("./file0", 0777) = 0 [ 207.226597][ T6987] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 207.226631][ T6987] gfs2_get_tree+0x51/0x1e0 [ 207.226658][ T6987] vfs_get_tree+0x8f/0x2b0 [ 207.226686][ T6987] do_new_mount+0x2a2/0xa30 [ 207.226717][ T6987] ? ns_capable+0x8a/0xf0 [ 207.226737][ T6987] ? __pfx_do_new_mount+0x10/0x10 [ 207.226764][ T6987] ? path_mount+0x61c/0xfe0 [ 207.226792][ T6987] ? user_path_at+0x44/0x60 [ 207.226818][ T6987] __se_sys_mount+0x317/0x410 [ 207.226855][ T6987] ? __pfx___se_sys_mount+0x10/0x10 [ 207.226883][ T6987] ? rcu_is_watching+0x15/0xb0 [ 207.226907][ T6987] ? __x64_sys_mount+0x20/0xc0 [ 207.226936][ T6987] do_syscall_64+0xfa/0x3b0 [ 207.226958][ T6987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.226978][ T6987] ? clear_bhb_loop+0x60/0xb0 [ 207.227001][ T6987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.227022][ T6987] RIP: 0033:0x7fb47156b94a [ 207.227039][ T6987] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 207.227058][ T6987] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 207.227080][ T6987] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 207.227096][ T6987] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 207.227111][ T6987] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 207.227126][ T6987] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 207.227140][ T6987] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 207.227161][ T6987] [ 207.228074][ T6987] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 207.401430][ T6989] loop3: detected capacity change from 0 to 32768 [ 207.554351][ T6989] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 207.565015][ T6989] CPU: 0 UID: 0 PID: 6989 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 6989] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 207.565045][ T6989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 207.565060][ T6989] Call Trace: [ 207.565068][ T6989] [ 207.565077][ T6989] dump_stack_lvl+0x189/0x250 [ 207.565107][ T6989] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.565136][ T6989] ? __pfx__printk+0x10/0x10 [ 207.565161][ T6989] ? kernfs_root+0x1c/0x230 [ 207.565186][ T6989] ? kernfs_path_from_node+0x250/0x290 [ 207.565207][ T6989] ? kernfs_path_from_node+0x2f/0x290 [ 207.565231][ T6989] sysfs_create_dir_ns+0x259/0x280 [ 207.565254][ T6989] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 207.565276][ T6989] ? do_raw_spin_unlock+0x122/0x240 [ 207.565311][ T6989] kobject_add_internal+0x59f/0xb40 [ 207.565339][ T6989] kobject_init_and_add+0x125/0x190 [ 207.565364][ T6989] ? __pfx_kobject_init_and_add+0x10/0x10 [ 207.565386][ T6989] ? __raw_spin_lock_init+0x45/0x100 [ 207.565411][ T6989] ? __init_swait_queue_head+0xa9/0x150 [ 207.565437][ T6989] gfs2_sys_fs_add+0x234/0x450 [ 207.565458][ T6989] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 207.565482][ T6989] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 207.565515][ T6989] gfs2_fill_super+0x13c0/0x20d0 [ 207.565549][ T6989] ? __pfx_gfs2_fill_super+0x10/0x10 [ 207.565576][ T6989] ? sb_set_blocksize+0x104/0x180 [ 207.565605][ T6989] ? setup_bdev_super+0x4c1/0x5b0 [ 207.565633][ T6989] get_tree_bdev_flags+0x40b/0x4d0 [ 207.565660][ T6989] ? __pfx_gfs2_fill_super+0x10/0x10 [ 207.565685][ T6989] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 207.565717][ T6989] gfs2_get_tree+0x51/0x1e0 [ 207.565744][ T6989] vfs_get_tree+0x8f/0x2b0 [ 207.565771][ T6989] do_new_mount+0x2a2/0xa30 [ 207.565802][ T6989] ? ns_capable+0x8a/0xf0 [ 207.565821][ T6989] ? __pfx_do_new_mount+0x10/0x10 [ 207.565848][ T6989] ? path_mount+0x61c/0xfe0 [ 207.565875][ T6989] ? user_path_at+0x44/0x60 [ 207.565901][ T6989] __se_sys_mount+0x317/0x410 [ 207.565934][ T6989] ? __pfx___se_sys_mount+0x10/0x10 [ 207.565962][ T6989] ? rcu_is_watching+0x15/0xb0 [ 207.565984][ T6989] ? __x64_sys_mount+0x20/0xc0 [ 207.566014][ T6989] do_syscall_64+0xfa/0x3b0 [ 207.566035][ T6989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.566055][ T6989] ? clear_bhb_loop+0x60/0xb0 [ 207.566076][ T6989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.566096][ T6989] RIP: 0033:0x7fb47156b94a [ 207.566114][ T6989] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 207.566132][ T6989] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 207.566154][ T6989] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 207.566169][ T6989] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 207.566185][ T6989] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 207.566200][ T6989] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 207.566213][ T6989] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 207.566234][ T6989] [ 207.627582][ T6987] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6987] <... mount resumed>) = -1 EEXIST (File exists) [pid 6987] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6987] ioctl(3, LOOP_CLR_FD) = 0 [pid 6987] close(3 [pid 6992] <... write resumed>) = 16777216 [ 207.634706][ T6989] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 6992] munmap(0x7fb469000000, 138412032 [pid 6993] <... write resumed>) = 16777216 [pid 6992] <... munmap resumed>) = 0 [pid 6993] munmap(0x7fb469000000, 138412032 [pid 6992] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6992] close(3) = 0 [pid 6992] close(4) = 0 [pid 6992] mkdir("./file0", 0777) = 0 [ 207.956651][ T6989] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 207.964951][ T6992] loop2: detected capacity change from 0 to 32768 [ 207.981093][ T6992] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6992] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6989] <... mount resumed>) = -1 EEXIST (File exists) [ 208.009443][ T6992] CPU: 1 UID: 0 PID: 6992 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 208.009476][ T6992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 208.009489][ T6992] Call Trace: [ 208.009497][ T6992] [ 208.009507][ T6992] dump_stack_lvl+0x189/0x250 [ 208.009539][ T6992] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.009564][ T6992] ? __pfx__printk+0x10/0x10 [ 208.009591][ T6992] ? kernfs_root+0x1c/0x230 [pid 6993] <... munmap resumed>) = 0 [pid 6989] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6987] <... close resumed>) = 0 [pid 6989] <... openat resumed>) = 3 [pid 6989] ioctl(3, LOOP_CLR_FD) = 0 [pid 6989] close(3 [pid 6993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 208.009617][ T6992] ? kernfs_path_from_node+0x250/0x290 [ 208.009639][ T6992] ? kernfs_path_from_node+0x2f/0x290 [ 208.009664][ T6992] sysfs_create_dir_ns+0x259/0x280 [ 208.009689][ T6992] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 208.009712][ T6992] ? do_raw_spin_unlock+0x122/0x240 [ 208.009740][ T6992] kobject_add_internal+0x59f/0xb40 [ 208.009769][ T6992] kobject_init_and_add+0x125/0x190 [ 208.009794][ T6992] ? __pfx_kobject_init_and_add+0x10/0x10 [ 208.009817][ T6992] ? __raw_spin_lock_init+0x45/0x100 [ 208.009843][ T6992] ? __init_swait_queue_head+0xa9/0x150 [ 208.009870][ T6992] gfs2_sys_fs_add+0x234/0x450 [ 208.009893][ T6992] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 208.009916][ T6992] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 208.009951][ T6992] gfs2_fill_super+0x13c0/0x20d0 [ 208.009986][ T6992] ? __pfx_gfs2_fill_super+0x10/0x10 [ 208.010026][ T6992] ? sb_set_blocksize+0x104/0x180 [ 208.010056][ T6992] ? setup_bdev_super+0x4c1/0x5b0 [ 208.010086][ T6992] get_tree_bdev_flags+0x40b/0x4d0 [ 208.010115][ T6992] ? __pfx_gfs2_fill_super+0x10/0x10 [ 208.010141][ T6992] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 208.010175][ T6992] gfs2_get_tree+0x51/0x1e0 [ 208.010202][ T6992] vfs_get_tree+0x8f/0x2b0 [ 208.010231][ T6992] do_new_mount+0x2a2/0xa30 [ 208.010262][ T6992] ? ns_capable+0x8a/0xf0 [ 208.010282][ T6992] ? __pfx_do_new_mount+0x10/0x10 [ 208.010311][ T6992] ? path_mount+0x61c/0xfe0 [ 208.010339][ T6992] ? user_path_at+0x44/0x60 [ 208.010367][ T6992] __se_sys_mount+0x317/0x410 [ 208.010401][ T6992] ? __pfx___se_sys_mount+0x10/0x10 [pid 6993] ioctl(4, LOOP_SET_FD, 3 [pid 6987] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6986] <... futex resumed>) = 0 [pid 6986] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6987] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6987] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6986] <... futex resumed>) = 0 [pid 6986] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6987] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6993] <... ioctl resumed>) = 0 [pid 6993] close(3) = 0 [pid 6993] close(4) = 0 [pid 6993] mkdir("./file0", 0777) = 0 [pid 6993] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 6986] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6986] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6986] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 6986] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7000]}, 88) = 7000 [pid 6986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6986] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6986] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6986] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 6986] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7001]}, 88) = 7001 [pid 6986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6986] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 208.010430][ T6992] ? rcu_is_watching+0x15/0xb0 [ 208.010453][ T6992] ? __x64_sys_mount+0x20/0xc0 [ 208.010485][ T6992] do_syscall_64+0xfa/0x3b0 [ 208.010506][ T6992] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.010526][ T6992] ? clear_bhb_loop+0x60/0xb0 [ 208.010549][ T6992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.010570][ T6992] RIP: 0033:0x7fb47156b94a [pid 6986] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 208.010588][ T6992] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 208.010607][ T6992] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 208.010629][ T6992] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 208.010645][ T6992] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 208.010659][ T6992] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 208.010674][ T6992] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 208.010688][ T6992] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 ./strace-static-x86_64: Process 7001 attached ./strace-static-x86_64: Process 7000 attached [pid 6992] <... mount resumed>) = -1 EEXIST (File exists) [pid 7001] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7000] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7001] <... rseq resumed>) = 0 [pid 7000] <... rseq resumed>) = 0 [pid 7001] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7000] set_robust_list(0x7fb4714f59a0, 24 [pid 7001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7000] <... set_robust_list resumed>) = 0 [pid 7001] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7000] rt_sigprocmask(SIG_SETMASK, [], [pid 7001] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7001] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7001] <... futex resumed>) = 0 [pid 6992] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7001] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6992] <... openat resumed>) = 3 [pid 6992] ioctl(3, LOOP_CLR_FD) = 0 [pid 6992] close(3 [pid 6989] <... close resumed>) = 0 [pid 6989] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... futex resumed>) = 0 [pid 6988] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 6989] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6989] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7000] <... openat resumed>) = 4 [pid 6987] <... ioctl resumed>) = 0 [pid 7000] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] <... futex resumed>) = 0 [pid 6987] <... futex resumed>) = 0 [pid 7000] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 208.010709][ T6992] [ 208.010732][ T6992] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 208.076809][ T6993] loop0: detected capacity change from 0 to 32768 [ 208.081158][ T6992] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 208.282516][ T6993] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 6987] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] exit_group(0 [pid 7001] <... futex resumed>) = ? [pid 7000] <... futex resumed>) = ? [pid 6987] <... futex resumed>) = ? [pid 6986] <... exit_group resumed>) = ? [pid 7001] +++ exited with 0 +++ [pid 7000] +++ exited with 0 +++ [pid 6987] +++ exited with 0 +++ [pid 6986] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6986, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=56 /* 0.56 s */} --- [pid 5868] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./57/file0") = 0 [pid 5868] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./57/binderfs") = 0 [pid 5868] umount2("./57/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./57/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./57/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./57" [pid 6988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./58", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7004 ./strace-static-x86_64: Process 7004 attached [pid 7004] set_robust_list(0x55558d547760, 24) = 0 [pid 6988] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7004] chdir("./58") = 0 [pid 7004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7004] setpgid(0, 0) = 0 [pid 7004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7004] write(3, "1000", 4) = 4 [pid 7004] close(3) = 0 [pid 7004] symlink("/dev/binderfs", "./binderfs" [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 7004] <... symlink resumed>) = 0 [pid 6989] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]executing program [pid 7004] write(1, "executing program\n", 18) = 18 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7004] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7005 attached => {parent_tid=[7005]}, 88) = 7005 [pid 7004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7005] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7004] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... rseq resumed>) = 0 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7005] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7005] memfd_create("syzkaller", 0) = 3 [pid 7005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6989] <... ioctl resumed>) = 0 [pid 6989] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6989] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 6989] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6989] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6988] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 6989] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 208.451428][ T6993] CPU: 0 UID: 0 PID: 6993 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 208.451461][ T6993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 208.451477][ T6993] Call Trace: [ 208.451485][ T6993] [ 208.451496][ T6993] dump_stack_lvl+0x189/0x250 [ 208.451529][ T6993] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.451554][ T6993] ? __pfx__printk+0x10/0x10 [ 208.451581][ T6993] ? kernfs_root+0x1c/0x230 [pid 6988] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6992] <... close resumed>) = 0 [pid 6992] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 208.451606][ T6993] ? kernfs_path_from_node+0x250/0x290 [ 208.451636][ T6993] ? kernfs_path_from_node+0x2f/0x290 [ 208.451660][ T6993] sysfs_create_dir_ns+0x259/0x280 [ 208.451684][ T6993] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 208.451706][ T6993] ? do_raw_spin_unlock+0x122/0x240 [ 208.451733][ T6993] kobject_add_internal+0x59f/0xb40 [ 208.451763][ T6993] kobject_init_and_add+0x125/0x190 [ 208.451787][ T6993] ? __pfx_kobject_init_and_add+0x10/0x10 [ 208.451808][ T6993] ? __raw_spin_lock_init+0x45/0x100 [pid 6992] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = 0 [pid 6991] <... futex resumed>) = 1 [pid 6992] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6991] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 208.451834][ T6993] ? __init_swait_queue_head+0xa9/0x150 [ 208.451860][ T6993] gfs2_sys_fs_add+0x234/0x450 [ 208.451881][ T6993] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 208.451904][ T6993] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 208.451946][ T6993] gfs2_fill_super+0x13c0/0x20d0 [ 208.451980][ T6993] ? __pfx_gfs2_fill_super+0x10/0x10 [ 208.452007][ T6993] ? sb_set_blocksize+0x104/0x180 [ 208.452037][ T6993] ? setup_bdev_super+0x4c1/0x5b0 [ 208.452067][ T6993] get_tree_bdev_flags+0x40b/0x4d0 [ 208.452095][ T6993] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... ioctl resumed>) = 0 [pid 6992] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6991] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... openat resumed>) = 4 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 208.452120][ T6993] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 208.452152][ T6993] gfs2_get_tree+0x51/0x1e0 [ 208.452187][ T6993] vfs_get_tree+0x8f/0x2b0 [ 208.452214][ T6993] do_new_mount+0x2a2/0xa30 [ 208.452245][ T6993] ? ns_capable+0x8a/0xf0 [ 208.452265][ T6993] ? __pfx_do_new_mount+0x10/0x10 [ 208.452293][ T6993] ? path_mount+0x61c/0xfe0 [ 208.452321][ T6993] ? user_path_at+0x44/0x60 [ 208.452350][ T6993] __se_sys_mount+0x317/0x410 [ 208.452384][ T6993] ? __pfx___se_sys_mount+0x10/0x10 [ 208.452412][ T6993] ? rcu_is_watching+0x15/0xb0 [ 208.452434][ T6993] ? __x64_sys_mount+0x20/0xc0 [ 208.452465][ T6993] do_syscall_64+0xfa/0x3b0 [ 208.452487][ T6993] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.452507][ T6993] ? clear_bhb_loop+0x60/0xb0 [ 208.452529][ T6993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.452549][ T6993] RIP: 0033:0x7fb47156b94a [ 208.452567][ T6993] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 208.452585][ T6993] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 208.452607][ T6993] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 208.452623][ T6993] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 208.452637][ T6993] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 208.452651][ T6993] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 208.452664][ T6993] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 6991] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... mount resumed>) = -1 EEXIST (File exists) [pid 6993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6993] ioctl(3, LOOP_CLR_FD) = 0 [ 208.452684][ T6993] [ 208.452738][ T6993] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 208.770391][ T6993] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 6993] close(3 [pid 6991] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6988] exit_group(0) = ? [pid 6989] <... write resumed>) = ? [pid 6989] +++ exited with 0 +++ [pid 6988] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6988, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=77 /* 0.77 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./56/file0") = 0 [pid 5870] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./56/binderfs") = 0 [pid 5870] umount2("./56/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./56/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6483904, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./56/cpuset.effective_mems" [pid 6993] <... close resumed>) = 0 [pid 7005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6993] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6993] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] <... futex resumed>) = 0 [pid 6993] openat(AT_FDCWD, ".", O_RDONLY [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... openat resumed>) = 3 [pid 6993] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6993] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... ioctl resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 6993] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6993] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] getdents64(3, [pid 6993] <... openat resumed>) = 4 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 6993] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3) = 0 [pid 6993] <... futex resumed>) = 1 [pid 6990] <... futex resumed>) = 0 [pid 5870] rmdir("./56" [pid 6993] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... rmdir resumed>) = 0 [pid 6993] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5870] mkdir("./57", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7006 ./strace-static-x86_64: Process 7006 attached [pid 7006] set_robust_list(0x55558d547760, 24) = 0 [pid 7006] chdir("./57") = 0 [pid 7006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7006] setpgid(0, 0) = 0 [pid 7006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7006] write(3, "1000", 4) = 4 [pid 7006] close(3) = 0 [pid 7006] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7006] write(1, "executing program\n", 18) = 18 [pid 7006] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7006] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7007 attached => {parent_tid=[7007]}, 88) = 7007 [pid 7007] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7007] set_robust_list(0x7fb4715169a0, 24 [pid 7006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7006] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7007] <... set_robust_list resumed>) = 0 [pid 7007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7007] memfd_create("syzkaller", 0) = 3 [pid 6990] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 6991] exit_group(0) = ? [pid 6992] <... write resumed>) = ? [pid 6992] +++ exited with 0 +++ [pid 6991] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6991, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=84 /* 0.84 s */} --- [pid 5869] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./55/file0") = 0 [pid 5869] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./55/binderfs") = 0 [pid 5869] umount2("./55/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./55/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=11427776, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./55/cpuset.effective_mems" [pid 7005] <... write resumed>) = 16777216 [pid 7005] munmap(0x7fb469000000, 138412032) = 0 [pid 7005] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7005] close(3) = 0 [pid 7005] close(4) = 0 [pid 7005] mkdir("./file0", 0777) = 0 [ 209.254569][ T7005] loop1: detected capacity change from 0 to 32768 [pid 7005] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./55") = 0 [pid 5869] mkdir("./56", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7010 ./strace-static-x86_64: Process 7010 attached [ 209.310437][ T7005] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 209.328357][ T7005] CPU: 1 UID: 0 PID: 7005 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 209.328390][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 209.328404][ T7005] Call Trace: [ 209.328412][ T7005] [pid 7010] set_robust_list(0x55558d547760, 24) = 0 [pid 7010] chdir("./56") = 0 [pid 7010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7010] setpgid(0, 0) = 0 [pid 7010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7010] write(3, "1000", 4) = 4 [pid 7010] close(3) = 0 [pid 7010] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7010] write(1, "executing program\n", 18) = 18 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7010] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7011]}, 88) = 7011 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7011 attached [pid 7010] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7011] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7011] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 209.328421][ T7005] dump_stack_lvl+0x189/0x250 [ 209.328454][ T7005] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.328479][ T7005] ? __pfx__printk+0x10/0x10 [ 209.328506][ T7005] ? kernfs_root+0x1c/0x230 [ 209.328532][ T7005] ? kernfs_path_from_node+0x250/0x290 [ 209.328554][ T7005] ? kernfs_path_from_node+0x2f/0x290 [ 209.328579][ T7005] sysfs_create_dir_ns+0x259/0x280 [ 209.328603][ T7005] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 209.328626][ T7005] ? do_raw_spin_unlock+0x122/0x240 [pid 7011] memfd_create("syzkaller", 0) = 3 [pid 7011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 209.328654][ T7005] kobject_add_internal+0x59f/0xb40 [ 209.328683][ T7005] kobject_init_and_add+0x125/0x190 [ 209.328707][ T7005] ? __pfx_kobject_init_and_add+0x10/0x10 [ 209.328730][ T7005] ? __raw_spin_lock_init+0x45/0x100 [ 209.328756][ T7005] ? __init_swait_queue_head+0xa9/0x150 [ 209.328783][ T7005] gfs2_sys_fs_add+0x234/0x450 [ 209.328805][ T7005] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 209.328829][ T7005] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 209.328864][ T7005] gfs2_fill_super+0x13c0/0x20d0 [pid 7007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6990] exit_group(0) = ? [ 209.328899][ T7005] ? __pfx_gfs2_fill_super+0x10/0x10 [ 209.328934][ T7005] ? sb_set_blocksize+0x104/0x180 [ 209.328964][ T7005] ? setup_bdev_super+0x4c1/0x5b0 [ 209.328994][ T7005] get_tree_bdev_flags+0x40b/0x4d0 [ 209.329023][ T7005] ? __pfx_gfs2_fill_super+0x10/0x10 [ 209.329049][ T7005] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 209.329083][ T7005] gfs2_get_tree+0x51/0x1e0 [ 209.329111][ T7005] vfs_get_tree+0x8f/0x2b0 [ 209.329140][ T7005] do_new_mount+0x2a2/0xa30 [ 209.329173][ T7005] ? ns_capable+0x8a/0xf0 [ 209.329192][ T7005] ? __pfx_do_new_mount+0x10/0x10 [ 209.329220][ T7005] ? path_mount+0x61c/0xfe0 [ 209.329247][ T7005] ? user_path_at+0x44/0x60 [ 209.329275][ T7005] __se_sys_mount+0x317/0x410 [ 209.329309][ T7005] ? __pfx___se_sys_mount+0x10/0x10 [ 209.329339][ T7005] ? rcu_is_watching+0x15/0xb0 [ 209.329362][ T7005] ? __x64_sys_mount+0x20/0xc0 [ 209.329394][ T7005] do_syscall_64+0xfa/0x3b0 [ 209.329415][ T7005] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.329436][ T7005] ? clear_bhb_loop+0x60/0xb0 [ 209.329459][ T7005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.329479][ T7005] RIP: 0033:0x7fb47156b94a [ 209.329498][ T7005] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 209.329517][ T7005] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 209.329539][ T7005] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 209.329555][ T7005] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 6993] <... write resumed>) = ? [pid 6993] +++ exited with 0 +++ [pid 6990] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6990, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=94 /* 0.94 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 7005] <... mount resumed>) = -1 EEXIST (File exists) [pid 7005] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] <... restart_syscall resumed>) = 0 [pid 7005] <... openat resumed>) = 3 [pid 7005] ioctl(3, LOOP_CLR_FD [pid 5867] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7005] <... ioctl resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7005] close(3 [pid 5867] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 209.329570][ T7005] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 209.329584][ T7005] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 209.329598][ T7005] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 209.329620][ T7005] [ 209.329642][ T7005] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 209.652033][ T7005] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./57/file0") = 0 [pid 5867] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./57/binderfs") = 0 [pid 5867] umount2("./57/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./57/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8323008, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./57/cpuset.effective_mems" [pid 7007] <... write resumed>) = 16777216 [pid 7007] munmap(0x7fb469000000, 138412032 [pid 5867] <... unlink resumed>) = 0 [pid 7005] <... close resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./57") = 0 [pid 5867] mkdir("./58", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3 [pid 7005] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... close resumed>) = 0 [pid 7005] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7005] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7004] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7004] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7012 attached [pid 7005] openat(AT_FDCWD, ".", O_RDONLY [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] set_robust_list(0x55558d547760, 24 [pid 7005] <... openat resumed>) = 3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7012 [pid 7012] <... set_robust_list resumed>) = 0 [pid 7005] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] chdir("./58" [pid 7005] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7005] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7004] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7004] <... futex resumed>) = 0 [pid 7005] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... chdir resumed>) = 0 [pid 7005] <... ioctl resumed>) = 0 [pid 7012] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7005] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... prctl resumed>) = 0 [pid 7005] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7012] setpgid(0, 0 [pid 7005] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7004] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... setpgid resumed>) = 0 [pid 7012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7005] <... openat resumed>) = 4 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7007] <... munmap resumed>) = 0 [pid 7007] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7007] ioctl(4, LOOP_SET_FD, 3 [pid 7012] <... openat resumed>) = 3 [pid 7005] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] write(3, "1000", 4 [pid 7005] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7012] <... write resumed>) = 4 [pid 7005] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7004] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] close(3 [pid 7005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7004] <... futex resumed>) = 0 [pid 7012] <... close resumed>) = 0 [pid 7005] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7004] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] symlink("/dev/binderfs", "./binderfs" [pid 7007] <... ioctl resumed>) = 0 [pid 7007] close(3) = 0 [pid 7007] close(4) = 0 [pid 7007] mkdir("./file0", 0777) = 0 [pid 7007] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7012] <... symlink resumed>) = 0 [pid 7012] write(1, "executing program\n", 18executing program ) = 18 [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.890087][ T7007] loop3: detected capacity change from 0 to 32768 [ 209.927369][ T7007] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 209.945197][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 209.945228][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 209.945242][ T7007] Call Trace: [ 209.945249][ T7007] [ 209.945258][ T7007] dump_stack_lvl+0x189/0x250 [ 209.945288][ T7007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.945312][ T7007] ? __pfx__printk+0x10/0x10 [ 209.945338][ T7007] ? kernfs_root+0x1c/0x230 [ 209.945361][ T7007] ? kernfs_path_from_node+0x250/0x290 [ 209.945382][ T7007] ? kernfs_path_from_node+0x2f/0x290 [ 209.945405][ T7007] sysfs_create_dir_ns+0x259/0x280 [ 209.945428][ T7007] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 209.945449][ T7007] ? do_raw_spin_unlock+0x122/0x240 [ 209.945475][ T7007] kobject_add_internal+0x59f/0xb40 [ 209.945503][ T7007] kobject_init_and_add+0x125/0x190 [ 209.945527][ T7007] ? __pfx_kobject_init_and_add+0x10/0x10 [ 209.945550][ T7007] ? __raw_spin_lock_init+0x45/0x100 [ 209.945575][ T7007] ? __init_swait_queue_head+0xa9/0x150 [ 209.945600][ T7007] gfs2_sys_fs_add+0x234/0x450 [ 209.945621][ T7007] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 209.945643][ T7007] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 209.945676][ T7007] gfs2_fill_super+0x13c0/0x20d0 [ 209.945707][ T7007] ? __pfx_gfs2_fill_super+0x10/0x10 [ 209.945739][ T7007] ? sb_set_blocksize+0x104/0x180 [ 209.945767][ T7007] ? setup_bdev_super+0x4c1/0x5b0 [ 209.945796][ T7007] get_tree_bdev_flags+0x40b/0x4d0 [ 209.945823][ T7007] ? __pfx_gfs2_fill_super+0x10/0x10 [ 209.945849][ T7007] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 209.945883][ T7007] gfs2_get_tree+0x51/0x1e0 [ 209.945910][ T7007] vfs_get_tree+0x8f/0x2b0 [ 209.945940][ T7007] do_new_mount+0x2a2/0xa30 [ 209.945972][ T7007] ? ns_capable+0x8a/0xf0 [ 209.945992][ T7007] ? __pfx_do_new_mount+0x10/0x10 [ 209.946021][ T7007] ? path_mount+0x61c/0xfe0 [ 209.946049][ T7007] ? user_path_at+0x44/0x60 [ 209.946077][ T7007] __se_sys_mount+0x317/0x410 [ 209.946122][ T7007] ? __pfx___se_sys_mount+0x10/0x10 [ 209.946152][ T7007] ? rcu_is_watching+0x15/0xb0 [ 209.946177][ T7007] ? __x64_sys_mount+0x20/0xc0 [ 209.946208][ T7007] do_syscall_64+0xfa/0x3b0 [ 209.946231][ T7007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.946263][ T7007] ? clear_bhb_loop+0x60/0xb0 [ 209.946286][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.946307][ T7007] RIP: 0033:0x7fb47156b94a [ 209.946326][ T7007] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7012] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7012] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7012] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7015]}, 88) = 7015 [pid 7012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7012] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.946345][ T7007] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 209.946368][ T7007] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 209.946384][ T7007] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 209.946400][ T7007] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 209.946415][ T7007] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 209.946430][ T7007] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7011] <... write resumed>) = 16777216 ./strace-static-x86_64: Process 7015 attached [pid 7015] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7015] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7011] munmap(0x7fb469000000, 138412032 [pid 7015] memfd_create("syzkaller", 0) = 3 [pid 7015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7007] <... mount resumed>) = -1 EEXIST (File exists) [pid 7007] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7007] ioctl(3, LOOP_CLR_FD) = 0 [pid 7007] close(3 [pid 7004] exit_group(0) = ? [ 209.946452][ T7007] [ 209.946584][ T7007] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 210.263043][ T7007] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7005] <... write resumed>) = ? [pid 7005] +++ exited with 0 +++ [pid 7004] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7004, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=65 /* 0.65 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7011] <... munmap resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./58/file0") = 0 [pid 5868] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./58/binderfs") = 0 [pid 5868] umount2("./58/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./58/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5021696, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./58/cpuset.effective_mems" [pid 7011] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7011] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./58") = 0 [pid 5868] mkdir("./59", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7016 ./strace-static-x86_64: Process 7016 attached [pid 7011] <... ioctl resumed>) = 0 [pid 7007] <... close resumed>) = 0 [pid 7016] set_robust_list(0x55558d547760, 24 [pid 7011] close(3 [pid 7016] <... set_robust_list resumed>) = 0 [pid 7007] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] chdir("./59" [pid 7011] <... close resumed>) = 0 [pid 7007] <... futex resumed>) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7016] <... chdir resumed>) = 0 [pid 7011] close(4 [pid 7007] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7006] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7006] <... futex resumed>) = 0 [pid 7006] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7016] setpgid(0, 0) = 0 [pid 7016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7016] write(3, "1000", 4) = 4 [pid 7016] close(3) = 0 [pid 7007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7007] openat(AT_FDCWD, ".", O_RDONLY [pid 7011] <... close resumed>) = 0 [pid 7007] <... openat resumed>) = 3 [pid 7016] symlink("/dev/binderfs", "./binderfs" [pid 7011] mkdir("./file0", 0777 [pid 7007] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7006] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7016] <... symlink resumed>) = 0 [pid 7011] <... mkdir resumed>) = 0 [ 210.395204][ T7011] loop2: detected capacity change from 0 to 32768 [pid 7007] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7016] write(1, "executing program\n", 18 [pid 7011] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade,"executing program [pid 7016] <... write resumed>) = 18 [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7016] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7017]}, 88) = 7017 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7016] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7017 attached [pid 7017] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7017] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7017] memfd_create("syzkaller", 0 [pid 7007] <... ioctl resumed>) = 0 [pid 7017] <... memfd_create resumed>) = 3 [pid 7006] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7006] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7006] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7020]}, 88) = 7020 [pid 7006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7006] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 210.472360][ T7011] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 210.492272][ T7011] CPU: 0 UID: 0 PID: 7011 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 210.492306][ T7011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 210.492320][ T7011] Call Trace: [ 210.492328][ T7011] [pid 7006] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7020 attached [pid 7017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7020] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7017] <... mmap resumed>) = 0x7fb469000000 [pid 7020] <... rseq resumed>) = 0 [pid 7020] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7020] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7020] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7006] <... futex resumed>) = 0 [pid 7020] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7006] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 210.492338][ T7011] dump_stack_lvl+0x189/0x250 [ 210.492369][ T7011] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.492394][ T7011] ? __pfx__printk+0x10/0x10 [ 210.492421][ T7011] ? kernfs_root+0x1c/0x230 [ 210.492447][ T7011] ? kernfs_path_from_node+0x250/0x290 [ 210.492469][ T7011] ? kernfs_path_from_node+0x2f/0x290 [ 210.492493][ T7011] sysfs_create_dir_ns+0x259/0x280 [ 210.492516][ T7011] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 210.492539][ T7011] ? do_raw_spin_unlock+0x122/0x240 [pid 7006] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7007] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 210.492567][ T7011] kobject_add_internal+0x59f/0xb40 [ 210.492595][ T7011] kobject_init_and_add+0x125/0x190 [ 210.492620][ T7011] ? __pfx_kobject_init_and_add+0x10/0x10 [ 210.492643][ T7011] ? __raw_spin_lock_init+0x45/0x100 [ 210.492667][ T7011] ? __init_swait_queue_head+0xa9/0x150 [ 210.492693][ T7011] gfs2_sys_fs_add+0x234/0x450 [ 210.492715][ T7011] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 210.492739][ T7011] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 210.492774][ T7011] gfs2_fill_super+0x13c0/0x20d0 [ 210.492808][ T7011] ? __pfx_gfs2_fill_super+0x10/0x10 [ 210.492835][ T7011] ? sb_set_blocksize+0x104/0x180 [ 210.492866][ T7011] ? setup_bdev_super+0x4c1/0x5b0 [ 210.492895][ T7011] get_tree_bdev_flags+0x40b/0x4d0 [ 210.492924][ T7011] ? __pfx_gfs2_fill_super+0x10/0x10 [ 210.492951][ T7011] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 210.492984][ T7011] gfs2_get_tree+0x51/0x1e0 [ 210.493012][ T7011] vfs_get_tree+0x8f/0x2b0 [ 210.493051][ T7011] do_new_mount+0x2a2/0xa30 [ 210.493082][ T7011] ? ns_capable+0x8a/0xf0 [ 210.493101][ T7011] ? __pfx_do_new_mount+0x10/0x10 [pid 7007] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 210.493129][ T7011] ? path_mount+0x61c/0xfe0 [ 210.493156][ T7011] ? user_path_at+0x44/0x60 [ 210.493182][ T7011] __se_sys_mount+0x317/0x410 [ 210.493213][ T7011] ? __pfx___se_sys_mount+0x10/0x10 [ 210.493240][ T7011] ? rcu_is_watching+0x15/0xb0 [ 210.493262][ T7011] ? __x64_sys_mount+0x20/0xc0 [ 210.493292][ T7011] do_syscall_64+0xfa/0x3b0 [ 210.493312][ T7011] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.493331][ T7011] ? clear_bhb_loop+0x60/0xb0 [ 210.493353][ T7011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.493372][ T7011] RIP: 0033:0x7fb47156b94a [ 210.493389][ T7011] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 210.493405][ T7011] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 210.493427][ T7011] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 210.493443][ T7011] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 210.493458][ T7011] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 210.493473][ T7011] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 210.493487][ T7011] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 210.493509][ T7011] [ 210.493532][ T7011] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7006] exit_group(0 [pid 7007] <... futex resumed>) = ? [pid 7006] <... exit_group resumed>) = ? [pid 7007] +++ exited with 0 +++ [pid 7020] <... write resumed>) = ? [pid 7020] +++ exited with 0 +++ [pid 7017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7006] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7006, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=76 /* 0.76 s */} --- [pid 5870] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./57/file0") = 0 [pid 5870] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./57/binderfs") = 0 [pid 5870] umount2("./57/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7011] <... mount resumed>) = -1 EEXIST (File exists) [pid 7011] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7011] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7011] close(3 [pid 5870] newfstatat(AT_FDCWD, "./57/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5328896, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 210.898680][ T7011] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] unlink("./57/cpuset.effective_mems" [pid 7015] <... write resumed>) = 16777216 [pid 7015] munmap(0x7fb469000000, 138412032 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./57") = 0 [pid 5870] mkdir("./58", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7021 ./strace-static-x86_64: Process 7021 attached [pid 7021] set_robust_list(0x55558d547760, 24) = 0 [pid 7021] chdir("./58") = 0 [pid 7021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7021] setpgid(0, 0) = 0 [pid 7021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7021] write(3, "1000", 4) = 4 [pid 7021] close(3) = 0 [pid 7021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7021] write(1, "executing program\n", 18) = 18 [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7021] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7022]}, 88) = 7022 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7021] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7022 attached [pid 7022] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7017] <... write resumed>) = 16777216 [pid 7022] set_robust_list(0x7fb4715169a0, 24 [pid 7015] <... munmap resumed>) = 0 [pid 7022] <... set_robust_list resumed>) = 0 [pid 7022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7017] munmap(0x7fb469000000, 138412032 [pid 7022] memfd_create("syzkaller", 0 [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7022] <... memfd_create resumed>) = 3 [pid 7015] <... openat resumed>) = 4 [pid 7022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7011] <... close resumed>) = 0 [pid 7022] <... mmap resumed>) = 0x7fb469000000 [pid 7015] ioctl(4, LOOP_SET_FD, 3 [pid 7011] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] <... ioctl resumed>) = 0 [pid 7011] <... futex resumed>) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7011] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] close(3 [pid 7011] openat(AT_FDCWD, ".", O_RDONLY [pid 7015] <... close resumed>) = 0 [pid 7015] close(4) = 0 [pid 7011] <... openat resumed>) = 3 [pid 7015] mkdir("./file0", 0777) = 0 [pid 7015] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7011] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 211.096677][ T7015] loop0: detected capacity change from 0 to 32768 [ 211.128233][ T7015] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 211.145195][ T7015] CPU: 0 UID: 0 PID: 7015 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 211.145227][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 211.145240][ T7015] Call Trace: [ 211.145249][ T7015] [ 211.145258][ T7015] dump_stack_lvl+0x189/0x250 [ 211.145291][ T7015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.145316][ T7015] ? __pfx__printk+0x10/0x10 [ 211.145342][ T7015] ? kernfs_root+0x1c/0x230 [ 211.145365][ T7015] ? kernfs_path_from_node+0x250/0x290 [ 211.145386][ T7015] ? kernfs_path_from_node+0x2f/0x290 [ 211.145409][ T7015] sysfs_create_dir_ns+0x259/0x280 [ 211.145431][ T7015] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 211.145451][ T7015] ? do_raw_spin_unlock+0x122/0x240 [ 211.145477][ T7015] kobject_add_internal+0x59f/0xb40 [ 211.145506][ T7015] kobject_init_and_add+0x125/0x190 [ 211.145530][ T7015] ? __pfx_kobject_init_and_add+0x10/0x10 [ 211.145553][ T7015] ? __raw_spin_lock_init+0x45/0x100 [pid 7011] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7017] <... munmap resumed>) = 0 [pid 7011] <... ioctl resumed>) = 0 [pid 7017] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 211.145577][ T7015] ? __init_swait_queue_head+0xa9/0x150 [ 211.145603][ T7015] gfs2_sys_fs_add+0x234/0x450 [ 211.145625][ T7015] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 211.145647][ T7015] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 211.145680][ T7015] gfs2_fill_super+0x13c0/0x20d0 [ 211.145727][ T7015] ? __pfx_gfs2_fill_super+0x10/0x10 [ 211.145756][ T7015] ? sb_set_blocksize+0x104/0x180 [ 211.145786][ T7015] ? setup_bdev_super+0x4c1/0x5b0 [ 211.145815][ T7015] get_tree_bdev_flags+0x40b/0x4d0 [ 211.145854][ T7015] ? __pfx_gfs2_fill_super+0x10/0x10 [ 211.145898][ T7015] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 211.145938][ T7015] gfs2_get_tree+0x51/0x1e0 [ 211.145965][ T7015] vfs_get_tree+0x8f/0x2b0 [ 211.146008][ T7015] do_new_mount+0x2a2/0xa30 [ 211.146039][ T7015] ? ns_capable+0x8a/0xf0 [ 211.146057][ T7015] ? __pfx_do_new_mount+0x10/0x10 [ 211.146084][ T7015] ? path_mount+0x61c/0xfe0 [ 211.146123][ T7015] ? user_path_at+0x44/0x60 [ 211.146148][ T7015] __se_sys_mount+0x317/0x410 [ 211.146181][ T7015] ? __pfx___se_sys_mount+0x10/0x10 [ 211.146210][ T7015] ? rcu_is_watching+0x15/0xb0 [pid 7017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7017] close(3) = 0 [pid 7017] close(4) = 0 [pid 7017] mkdir("./file0", 0777) = 0 [pid 7017] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7011] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7011] <... futex resumed>) = 0 [pid 7010] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7010] <... futex resumed>) = 0 [pid 7011] <... openat resumed>) = 4 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 211.146233][ T7015] ? __x64_sys_mount+0x20/0xc0 [ 211.146262][ T7015] do_syscall_64+0xfa/0x3b0 [ 211.146282][ T7015] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.146302][ T7015] ? clear_bhb_loop+0x60/0xb0 [ 211.146325][ T7015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.146345][ T7015] RIP: 0033:0x7fb47156b94a [ 211.146364][ T7015] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7010] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 211.146382][ T7015] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 211.146404][ T7015] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 211.146419][ T7015] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 211.146433][ T7015] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 211.146448][ T7015] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 211.146462][ T7015] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7011] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 211.146482][ T7015] [ 211.146550][ T7015] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 211.228731][ T7017] loop1: detected capacity change from 0 to 32768 [ 211.254016][ T7015] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7015] <... mount resumed>) = -1 EEXIST (File exists) [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7015] ioctl(3, LOOP_CLR_FD) = 0 [ 211.499981][ T7017] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 211.507602][ T7017] CPU: 1 UID: 0 PID: 7017 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 211.507638][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 211.507652][ T7017] Call Trace: [ 211.507661][ T7017] [ 211.507670][ T7017] dump_stack_lvl+0x189/0x250 [ 211.507702][ T7017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.507727][ T7017] ? __pfx__printk+0x10/0x10 [ 211.507753][ T7017] ? kernfs_root+0x1c/0x230 [ 211.507778][ T7017] ? kernfs_path_from_node+0x250/0x290 [ 211.507800][ T7017] ? kernfs_path_from_node+0x2f/0x290 [ 211.507825][ T7017] sysfs_create_dir_ns+0x259/0x280 [ 211.507849][ T7017] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 211.507871][ T7017] ? do_raw_spin_unlock+0x122/0x240 [ 211.507898][ T7017] kobject_add_internal+0x59f/0xb40 [ 211.507933][ T7017] kobject_init_and_add+0x125/0x190 [ 211.507958][ T7017] ? __pfx_kobject_init_and_add+0x10/0x10 [ 211.507981][ T7017] ? __raw_spin_lock_init+0x45/0x100 [ 211.508007][ T7017] ? __init_swait_queue_head+0xa9/0x150 [ 211.508033][ T7017] gfs2_sys_fs_add+0x234/0x450 [ 211.508056][ T7017] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 211.508080][ T7017] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 211.508114][ T7017] gfs2_fill_super+0x13c0/0x20d0 [ 211.508149][ T7017] ? __pfx_gfs2_fill_super+0x10/0x10 [ 211.508178][ T7017] ? sb_set_blocksize+0x104/0x180 [ 211.508208][ T7017] ? setup_bdev_super+0x4c1/0x5b0 [ 211.508237][ T7017] get_tree_bdev_flags+0x40b/0x4d0 [ 211.508266][ T7017] ? __pfx_gfs2_fill_super+0x10/0x10 [ 211.508292][ T7017] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 211.508326][ T7017] gfs2_get_tree+0x51/0x1e0 [ 211.508353][ T7017] vfs_get_tree+0x8f/0x2b0 [ 211.508383][ T7017] do_new_mount+0x2a2/0xa30 [ 211.508414][ T7017] ? ns_capable+0x8a/0xf0 [ 211.508434][ T7017] ? __pfx_do_new_mount+0x10/0x10 [ 211.508462][ T7017] ? path_mount+0x61c/0xfe0 [ 211.508490][ T7017] ? user_path_at+0x44/0x60 [pid 7015] close(3 [pid 7010] exit_group(0) = ? [pid 7011] <... write resumed>) = ? [pid 7011] +++ exited with 0 +++ [pid 7010] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7010, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=68 /* 0.68 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 211.508517][ T7017] __se_sys_mount+0x317/0x410 [ 211.508551][ T7017] ? __pfx___se_sys_mount+0x10/0x10 [ 211.508581][ T7017] ? rcu_is_watching+0x15/0xb0 [ 211.508604][ T7017] ? __x64_sys_mount+0x20/0xc0 [ 211.508635][ T7017] do_syscall_64+0xfa/0x3b0 [ 211.508656][ T7017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.508677][ T7017] ? clear_bhb_loop+0x60/0xb0 [ 211.508700][ T7017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.508720][ T7017] RIP: 0033:0x7fb47156b94a [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./56/file0") = 0 [pid 5869] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 211.508738][ T7017] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 211.508756][ T7017] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 211.508779][ T7017] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 211.508795][ T7017] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 211.508810][ T7017] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 5869] unlink("./56/binderfs") = 0 [pid 5869] umount2("./56/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./56/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3710976, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./56/cpuset.effective_mems" [pid 7017] <... mount resumed>) = -1 EEXIST (File exists) [pid 7022] <... write resumed>) = 16777216 [pid 7022] munmap(0x7fb469000000, 138412032 [pid 7017] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7017] ioctl(3, LOOP_CLR_FD) = 0 [pid 7017] close(3) = 0 [pid 7017] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7017] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7016] <... futex resumed>) = 0 [pid 7016] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = 0 [pid 7016] <... futex resumed>) = 1 [pid 7017] openat(AT_FDCWD, ".", O_RDONLY [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] <... openat resumed>) = 3 [pid 7017] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7017] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7016] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 7017] <... ioctl resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7017] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7017] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7016] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... openat resumed>) = 4 [pid 7016] <... futex resumed>) = 0 [pid 7017] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] <... futex resumed>) = 0 [pid 7016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7017] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7016] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rmdir("./56" [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... rmdir resumed>) = 0 [ 211.508824][ T7017] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 211.508838][ T7017] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 211.508859][ T7017] [ 211.509146][ T7017] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 211.832388][ T7017] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5869] mkdir("./57", 0777) = 0 [pid 7015] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3 [pid 7016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] <... close resumed>) = 0 [pid 7016] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 7027 attached [pid 7027] set_robust_list(0x55558d547760, 24) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7027 [pid 7027] chdir("./57") = 0 [pid 7027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7027] setpgid(0, 0) = 0 [pid 7027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7015] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] write(3, "1000", 4) = 4 [pid 7015] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7027] close(3 [pid 7015] openat(AT_FDCWD, ".", O_RDONLY [pid 7012] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... close resumed>) = 0 [pid 7015] <... openat resumed>) = 3 [pid 7012] <... futex resumed>) = 0 executing program [pid 7027] symlink("/dev/binderfs", "./binderfs" [pid 7015] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] <... symlink resumed>) = 0 [pid 7027] write(1, "executing program\n", 18 [pid 7015] <... futex resumed>) = 0 [pid 7012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7027] <... write resumed>) = 18 [pid 7015] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7012] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... futex resumed>) = 0 [pid 7027] <... futex resumed>) = 0 [pid 7027] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7027] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7015] <... ioctl resumed>) = 0 [pid 7027] <... mprotect resumed>) = 0 [pid 7015] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7015] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7012] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7015] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7012] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7028 attached [pid 7015] <... openat resumed>) = 4 [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] <... clone3 resumed> => {parent_tid=[7028]}, 88) = 7028 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], [pid 7015] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7015] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7027] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7022] <... munmap resumed>) = 0 [pid 7012] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7015] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7012] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7027] <... futex resumed>) = 0 [pid 7022] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7028] <... rseq resumed>) = 0 [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7022] <... openat resumed>) = 4 [pid 7028] set_robust_list(0x7fb4715169a0, 24 [pid 7022] ioctl(4, LOOP_SET_FD, 3 [pid 7028] <... set_robust_list resumed>) = 0 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7028] memfd_create("syzkaller", 0) = 3 [pid 7028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7022] <... ioctl resumed>) = 0 [pid 7022] close(3) = 0 [pid 7022] close(4) = 0 [pid 7022] mkdir("./file0", 0777) = 0 [ 211.969481][ T7022] loop3: detected capacity change from 0 to 32768 [pid 7022] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7012] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 212.014242][ T7022] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 212.045896][ T7022] CPU: 0 UID: 0 PID: 7022 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 212.045928][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.045942][ T7022] Call Trace: [ 212.045950][ T7022] [ 212.045958][ T7022] dump_stack_lvl+0x189/0x250 [ 212.045990][ T7022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.046014][ T7022] ? __pfx__printk+0x10/0x10 [ 212.046039][ T7022] ? kernfs_root+0x1c/0x230 [ 212.046068][ T7022] ? kernfs_path_from_node+0x250/0x290 [ 212.046089][ T7022] ? kernfs_path_from_node+0x2f/0x290 [ 212.046114][ T7022] sysfs_create_dir_ns+0x259/0x280 [ 212.046137][ T7022] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 212.046160][ T7022] ? do_raw_spin_unlock+0x122/0x240 [ 212.046187][ T7022] kobject_add_internal+0x59f/0xb40 [ 212.046214][ T7022] kobject_init_and_add+0x125/0x190 [ 212.046238][ T7022] ? __pfx_kobject_init_and_add+0x10/0x10 [ 212.046261][ T7022] ? __raw_spin_lock_init+0x45/0x100 [ 212.046284][ T7022] ? __init_swait_queue_head+0xa9/0x150 [ 212.046308][ T7022] gfs2_sys_fs_add+0x234/0x450 [ 212.046329][ T7022] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 212.046352][ T7022] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 212.046385][ T7022] gfs2_fill_super+0x13c0/0x20d0 [ 212.046419][ T7022] ? __pfx_gfs2_fill_super+0x10/0x10 [ 212.046448][ T7022] ? sb_set_blocksize+0x104/0x180 [ 212.046478][ T7022] ? setup_bdev_super+0x4c1/0x5b0 [ 212.046509][ T7022] get_tree_bdev_flags+0x40b/0x4d0 [ 212.046538][ T7022] ? __pfx_gfs2_fill_super+0x10/0x10 [ 212.046565][ T7022] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 212.046598][ T7022] gfs2_get_tree+0x51/0x1e0 [ 212.046638][ T7022] vfs_get_tree+0x8f/0x2b0 [ 212.046668][ T7022] do_new_mount+0x2a2/0xa30 [ 212.046701][ T7022] ? ns_capable+0x8a/0xf0 [ 212.046720][ T7022] ? __pfx_do_new_mount+0x10/0x10 [ 212.046750][ T7022] ? path_mount+0x61c/0xfe0 [ 212.046779][ T7022] ? user_path_at+0x44/0x60 [ 212.046806][ T7022] __se_sys_mount+0x317/0x410 [ 212.046840][ T7022] ? __pfx___se_sys_mount+0x10/0x10 [ 212.046878][ T7022] ? rcu_is_watching+0x15/0xb0 [ 212.046902][ T7022] ? __x64_sys_mount+0x20/0xc0 [ 212.046933][ T7022] do_syscall_64+0xfa/0x3b0 [ 212.046955][ T7022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.046976][ T7022] ? clear_bhb_loop+0x60/0xb0 [ 212.047000][ T7022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.047020][ T7022] RIP: 0033:0x7fb47156b94a [ 212.047038][ T7022] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 212.047057][ T7022] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 212.047080][ T7022] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 212.047096][ T7022] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 212.047111][ T7022] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 212.047127][ T7022] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 212.047141][ T7022] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 212.047163][ T7022] [ 212.048090][ T7022] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7012] exit_group(0) = ? [pid 7015] <... write resumed>) = ? [pid 7015] +++ exited with 0 +++ [pid 7012] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7012, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=91 /* 0.91 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7022] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7022] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7022] <... openat resumed>) = 3 [pid 5867] <... openat resumed>) = 3 [pid 5867] newfstatat(3, "", [pid 7022] ioctl(3, LOOP_CLR_FD [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7022] <... ioctl resumed>) = 0 [pid 5867] getdents64(3, [pid 7022] close(3 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 212.521645][ T7022] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, [pid 7016] exit_group(0) = ? [pid 7017] <... write resumed>) = ? [pid 5867] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./58/file0") = 0 [pid 5867] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./58/binderfs") = 0 [pid 7017] +++ exited with 0 +++ [pid 7016] +++ exited with 0 +++ [pid 5867] umount2("./58/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7016, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=81 /* 0.81 s */} --- [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5867] newfstatat(AT_FDCWD, "./58/cpuset.effective_mems", [pid 5868] <... restart_syscall resumed>) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=12537856, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./58/cpuset.effective_mems" [pid 5868] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7022] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 7022] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7022] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7021] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] <... futex resumed>) = 0 [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7022] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 5868] newfstatat(AT_FDCWD, "./59/file0", [pid 7022] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] <... futex resumed>) = 0 [pid 7022] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7021] <... futex resumed>) = 0 [pid 5868] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7022] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7022] <... ioctl resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, [pid 7022] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7022] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 5868] close(4 [pid 7022] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7021] <... futex resumed>) = 0 [pid 5868] rmdir("./59/file0" [pid 7022] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7022] <... openat resumed>) = 4 [pid 5868] <... rmdir resumed>) = 0 [pid 7022] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7021] <... futex resumed>) = 0 [pid 5868] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7022] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7021] <... futex resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./59/binderfs", [pid 7021] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./59/binderfs") = 0 [pid 5868] umount2("./59/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./59/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=11776000, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./59/cpuset.effective_mems" [pid 7021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] <... unlink resumed>) = 0 [pid 7028] <... write resumed>) = 16777216 [pid 5867] getdents64(3, [pid 7028] munmap(0x7fb469000000, 138412032 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./58") = 0 [pid 5867] mkdir("./59", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7031 attached [pid 7031] set_robust_list(0x55558d547760, 24) = 0 [pid 7031] chdir("./59" [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7031 [pid 7031] <... chdir resumed>) = 0 [pid 7031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7031] setpgid(0, 0) = 0 [pid 7031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7031] write(3, "1000", 4) = 4 [pid 7031] close(3) = 0 [pid 7031] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7031] write(1, "executing program\n", 18) = 18 [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7031] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7032 attached => {parent_tid=[7032]}, 88) = 7032 [pid 7031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7031] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7032] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7032] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7032] memfd_create("syzkaller", 0) = 3 [pid 7032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5868] <... unlink resumed>) = 0 [pid 7028] <... munmap resumed>) = 0 [pid 5868] getdents64(3, [pid 7028] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7028] <... openat resumed>) = 4 [pid 5868] close(3 [pid 7028] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./59") = 0 [pid 5868] mkdir("./60", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7028] <... ioctl resumed>) = 0 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5868] close(3 [pid 7028] close(3) = 0 [pid 5868] <... close resumed>) = 0 [pid 7028] close(4 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7028] <... close resumed>) = 0 [pid 7028] mkdir("./file0", 0777./strace-static-x86_64: Process 7033 attached [pid 7033] set_robust_list(0x55558d547760, 24) = 0 [pid 7033] chdir("./60" [pid 7028] <... mkdir resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7033 [pid 7028] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7033] <... chdir resumed>) = 0 [pid 7033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7033] setpgid(0, 0executing program ) = 0 [pid 7033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7033] write(3, "1000", 4) = 4 [pid 7033] close(3) = 0 [pid 7033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7033] write(1, "executing program\n", 18) = 18 [pid 7033] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7033] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7035 attached [pid 7035] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7033] <... clone3 resumed> => {parent_tid=[7035]}, 88) = 7035 [pid 7035] <... rseq resumed>) = 0 [pid 7035] set_robust_list(0x7fb4715169a0, 24 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7035] <... set_robust_list resumed>) = 0 [pid 7033] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], [pid 7033] <... futex resumed>) = 0 [pid 7035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7033] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7035] memfd_create("syzkaller", 0) = 3 [pid 7035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 212.866634][ T7028] loop2: detected capacity change from 0 to 32768 [pid 7021] exit_group(0) = ? [ 212.909105][ T7028] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 212.931877][ T7028] CPU: 1 UID: 0 PID: 7028 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 212.931908][ T7028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.931922][ T7028] Call Trace: [ 212.931929][ T7028] [ 212.931938][ T7028] dump_stack_lvl+0x189/0x250 [ 212.931968][ T7028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.931992][ T7028] ? __pfx__printk+0x10/0x10 [ 212.932018][ T7028] ? kernfs_root+0x1c/0x230 [ 212.932043][ T7028] ? kernfs_path_from_node+0x250/0x290 [ 212.932065][ T7028] ? kernfs_path_from_node+0x2f/0x290 [ 212.932089][ T7028] sysfs_create_dir_ns+0x259/0x280 [ 212.932111][ T7028] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 212.932133][ T7028] ? do_raw_spin_unlock+0x122/0x240 [pid 7022] <... write resumed>) = ? [pid 7022] +++ exited with 0 +++ [pid 7021] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7021, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=76 /* 0.76 s */} --- [pid 5870] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./58/file0") = 0 [pid 5870] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./58/binderfs") = 0 [pid 5870] umount2("./58/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./58/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6238208, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 212.932160][ T7028] kobject_add_internal+0x59f/0xb40 [ 212.932187][ T7028] kobject_init_and_add+0x125/0x190 [ 212.932212][ T7028] ? __pfx_kobject_init_and_add+0x10/0x10 [ 212.932235][ T7028] ? __raw_spin_lock_init+0x45/0x100 [ 212.932260][ T7028] ? __init_swait_queue_head+0xa9/0x150 [ 212.932285][ T7028] gfs2_sys_fs_add+0x234/0x450 [ 212.932306][ T7028] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 212.932330][ T7028] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 212.932363][ T7028] gfs2_fill_super+0x13c0/0x20d0 [ 212.932396][ T7028] ? __pfx_gfs2_fill_super+0x10/0x10 [ 212.932424][ T7028] ? sb_set_blocksize+0x104/0x180 [ 212.932453][ T7028] ? setup_bdev_super+0x4c1/0x5b0 [ 212.932482][ T7028] get_tree_bdev_flags+0x40b/0x4d0 [ 212.932510][ T7028] ? __pfx_gfs2_fill_super+0x10/0x10 [ 212.932535][ T7028] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 212.932568][ T7028] gfs2_get_tree+0x51/0x1e0 [ 212.932594][ T7028] vfs_get_tree+0x8f/0x2b0 [ 212.932622][ T7028] do_new_mount+0x2a2/0xa30 [ 212.932652][ T7028] ? ns_capable+0x8a/0xf0 [ 212.932670][ T7028] ? __pfx_do_new_mount+0x10/0x10 [ 212.932699][ T7028] ? path_mount+0x61c/0xfe0 [ 212.932726][ T7028] ? user_path_at+0x44/0x60 [ 212.932752][ T7028] __se_sys_mount+0x317/0x410 [ 212.932790][ T7028] ? __pfx___se_sys_mount+0x10/0x10 [ 212.932819][ T7028] ? rcu_is_watching+0x15/0xb0 [ 212.932841][ T7028] ? __x64_sys_mount+0x20/0xc0 [ 212.932872][ T7028] do_syscall_64+0xfa/0x3b0 [ 212.932893][ T7028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.932912][ T7028] ? clear_bhb_loop+0x60/0xb0 [pid 5870] unlink("./58/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./58") = 0 [pid 5870] mkdir("./59", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 212.932934][ T7028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.932952][ T7028] RIP: 0033:0x7fb47156b94a [ 212.932969][ T7028] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 212.932987][ T7028] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 212.933008][ T7028] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7037 ./strace-static-x86_64: Process 7037 attached [pid 7037] set_robust_list(0x55558d547760, 24) = 0 [pid 7037] chdir("./59") = 0 [pid 7037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7037] setpgid(0, 0) = 0 [pid 7037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7037] write(3, "1000", 4) = 4 [pid 7037] close(3) = 0 [pid 7037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7037] write(1, "executing program\n", 18executing program ) = 18 [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7037] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7038]}, 88) = 7038 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7037] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7038 attached [pid 7038] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7038] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7038] memfd_create("syzkaller", 0) = 3 [pid 7038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 212.933024][ T7028] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 212.933039][ T7028] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 212.933054][ T7028] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 212.933067][ T7028] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 212.933088][ T7028] [ 212.933107][ T7028] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7028] <... mount resumed>) = -1 EEXIST (File exists) [ 213.324278][ T7028] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7028] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7028] ioctl(3, LOOP_CLR_FD) = 0 [pid 7028] close(3 [pid 7035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7032] <... write resumed>) = 16777216 [pid 7032] munmap(0x7fb469000000, 138412032 [pid 7028] <... close resumed>) = 0 [pid 7028] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7028] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7027] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] openat(AT_FDCWD, ".", O_RDONLY [pid 7027] <... futex resumed>) = 0 [pid 7028] <... openat resumed>) = 3 [pid 7028] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7027] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] <... futex resumed>) = 0 [pid 7027] <... futex resumed>) = 1 [pid 7028] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... ioctl resumed>) = 0 [pid 7028] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7028] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7027] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... openat resumed>) = 4 [pid 7028] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7028] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7027] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7032] <... munmap resumed>) = 0 [pid 7028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7028] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7032] <... openat resumed>) = 4 [pid 7038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7027] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7032] close(3) = 0 [pid 7032] close(4) = 0 [pid 7032] mkdir("./file0", 0777) = 0 [pid 7032] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7035] <... write resumed>) = 16777216 [ 213.615910][ T7032] loop0: detected capacity change from 0 to 32768 [ 213.670929][ T7032] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 213.678558][ T7032] CPU: 1 UID: 0 PID: 7032 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 213.678590][ T7032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 213.678604][ T7032] Call Trace: [ 213.678613][ T7032] [ 213.678622][ T7032] dump_stack_lvl+0x189/0x250 [ 213.678654][ T7032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.678680][ T7032] ? __pfx__printk+0x10/0x10 [ 213.678707][ T7032] ? kernfs_root+0x1c/0x230 [ 213.678733][ T7032] ? kernfs_path_from_node+0x250/0x290 [ 213.678756][ T7032] ? kernfs_path_from_node+0x2f/0x290 [ 213.678781][ T7032] sysfs_create_dir_ns+0x259/0x280 [ 213.678805][ T7032] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 213.678827][ T7032] ? do_raw_spin_unlock+0x122/0x240 [ 213.678856][ T7032] kobject_add_internal+0x59f/0xb40 [ 213.678884][ T7032] kobject_init_and_add+0x125/0x190 [ 213.678910][ T7032] ? __pfx_kobject_init_and_add+0x10/0x10 [ 213.678934][ T7032] ? __raw_spin_lock_init+0x45/0x100 [ 213.678960][ T7032] ? __init_swait_queue_head+0xa9/0x150 [ 213.678987][ T7032] gfs2_sys_fs_add+0x234/0x450 [ 213.679008][ T7032] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 213.679033][ T7032] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 213.679067][ T7032] gfs2_fill_super+0x13c0/0x20d0 [ 213.679101][ T7032] ? __pfx_gfs2_fill_super+0x10/0x10 [ 213.679130][ T7032] ? sb_set_blocksize+0x104/0x180 [ 213.679161][ T7032] ? setup_bdev_super+0x4c1/0x5b0 [ 213.679191][ T7032] get_tree_bdev_flags+0x40b/0x4d0 [ 213.679219][ T7032] ? __pfx_gfs2_fill_super+0x10/0x10 [ 213.679246][ T7032] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 213.679279][ T7032] gfs2_get_tree+0x51/0x1e0 [ 213.679307][ T7032] vfs_get_tree+0x8f/0x2b0 [ 213.679336][ T7032] do_new_mount+0x2a2/0xa30 [ 213.679367][ T7032] ? ns_capable+0x8a/0xf0 [ 213.679387][ T7032] ? __pfx_do_new_mount+0x10/0x10 [ 213.679417][ T7032] ? path_mount+0x61c/0xfe0 [ 213.679445][ T7032] ? user_path_at+0x44/0x60 [ 213.679474][ T7032] __se_sys_mount+0x317/0x410 [ 213.679569][ T7032] ? __pfx___se_sys_mount+0x10/0x10 [ 213.679601][ T7032] ? rcu_is_watching+0x15/0xb0 [ 213.679624][ T7032] ? __x64_sys_mount+0x20/0xc0 [ 213.679656][ T7032] do_syscall_64+0xfa/0x3b0 [ 213.679678][ T7032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.679699][ T7032] ? clear_bhb_loop+0x60/0xb0 [ 213.679721][ T7032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.679742][ T7032] RIP: 0033:0x7fb47156b94a [ 213.679760][ T7032] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 213.679778][ T7032] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 213.679801][ T7032] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 213.679817][ T7032] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 213.679832][ T7032] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 213.679848][ T7032] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 213.679861][ T7032] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 213.679883][ T7032] [ 213.679905][ T7032] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7035] munmap(0x7fb469000000, 138412032) = 0 [pid 7035] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7035] ioctl(4, LOOP_SET_FD, 3 [pid 7038] <... write resumed>) = 16777216 [pid 7035] <... ioctl resumed>) = 0 [pid 7032] <... mount resumed>) = -1 EEXIST (File exists) [pid 7035] close(3 [pid 7032] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7035] <... close resumed>) = 0 [pid 7032] <... openat resumed>) = 3 [pid 7035] close(4 [pid 7032] ioctl(3, LOOP_CLR_FD [pid 7035] <... close resumed>) = 0 [pid 7032] <... ioctl resumed>) = 0 [pid 7035] mkdir("./file0", 0777 [pid 7032] close(3 [pid 7027] exit_group(0) = ? [pid 7038] munmap(0x7fb469000000, 138412032 [pid 7035] <... mkdir resumed>) = 0 [pid 7028] <... write resumed>) = ? [pid 7035] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7028] +++ exited with 0 +++ [pid 7027] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7027, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=86 /* 0.86 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 214.022869][ T7032] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 214.030926][ T7035] loop1: detected capacity change from 0 to 32768 [pid 5869] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./57/file0") = 0 [pid 5869] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./57/binderfs") = 0 [pid 5869] umount2("./57/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./57/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=11378688, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 214.105325][ T7035] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 214.113063][ T7035] CPU: 1 UID: 0 PID: 7035 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 214.113094][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 214.113107][ T7035] Call Trace: [ 214.113116][ T7035] [ 214.113124][ T7035] dump_stack_lvl+0x189/0x250 [ 214.113157][ T7035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.113182][ T7035] ? __pfx__printk+0x10/0x10 [ 214.113209][ T7035] ? kernfs_root+0x1c/0x230 [ 214.113235][ T7035] ? kernfs_path_from_node+0x250/0x290 [ 214.113258][ T7035] ? kernfs_path_from_node+0x2f/0x290 [ 214.113283][ T7035] sysfs_create_dir_ns+0x259/0x280 [ 214.113307][ T7035] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 214.113330][ T7035] ? do_raw_spin_unlock+0x122/0x240 [ 214.113373][ T7035] kobject_add_internal+0x59f/0xb40 [ 214.113402][ T7035] kobject_init_and_add+0x125/0x190 [ 214.113427][ T7035] ? __pfx_kobject_init_and_add+0x10/0x10 [ 214.113451][ T7035] ? __raw_spin_lock_init+0x45/0x100 [ 214.113476][ T7035] ? __init_swait_queue_head+0xa9/0x150 [ 214.113503][ T7035] gfs2_sys_fs_add+0x234/0x450 [ 214.113525][ T7035] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 214.113548][ T7035] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 214.113582][ T7035] gfs2_fill_super+0x13c0/0x20d0 [ 214.113617][ T7035] ? __pfx_gfs2_fill_super+0x10/0x10 [ 214.113647][ T7035] ? sb_set_blocksize+0x104/0x180 [ 214.113677][ T7035] ? setup_bdev_super+0x4c1/0x5b0 [pid 5869] unlink("./57/cpuset.effective_mems" [pid 7038] <... munmap resumed>) = 0 [pid 7038] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 214.113713][ T7035] get_tree_bdev_flags+0x40b/0x4d0 [ 214.113742][ T7035] ? __pfx_gfs2_fill_super+0x10/0x10 [ 214.113769][ T7035] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 214.113802][ T7035] gfs2_get_tree+0x51/0x1e0 [ 214.113829][ T7035] vfs_get_tree+0x8f/0x2b0 [ 214.113858][ T7035] do_new_mount+0x2a2/0xa30 [ 214.113890][ T7035] ? ns_capable+0x8a/0xf0 [ 214.113910][ T7035] ? __pfx_do_new_mount+0x10/0x10 [ 214.113940][ T7035] ? path_mount+0x61c/0xfe0 [ 214.113968][ T7035] ? user_path_at+0x44/0x60 [ 214.113995][ T7035] __se_sys_mount+0x317/0x410 [pid 7038] ioctl(4, LOOP_SET_FD, 3 [pid 7032] <... close resumed>) = 0 [pid 7032] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./57") = 0 [pid 5869] mkdir("./58", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 214.114029][ T7035] ? __pfx___se_sys_mount+0x10/0x10 [ 214.114059][ T7035] ? rcu_is_watching+0x15/0xb0 [ 214.114093][ T7035] ? __x64_sys_mount+0x20/0xc0 [ 214.114126][ T7035] do_syscall_64+0xfa/0x3b0 [ 214.114147][ T7035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.114167][ T7035] ? clear_bhb_loop+0x60/0xb0 [ 214.114198][ T7035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.114218][ T7035] RIP: 0033:0x7fb47156b94a [ 214.114236][ T7035] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 214.114256][ T7035] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 214.114279][ T7035] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 214.114294][ T7035] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 214.114309][ T7035] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7031] <... futex resumed>) = 0 [pid 7031] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7031] <... futex resumed>) = 1 [pid 7032] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7032] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7032] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7031] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7031] <... futex resumed>) = 1 [pid 7032] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7038] <... ioctl resumed>) = 0 [pid 7038] close(3 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7043 [pid 7038] <... close resumed>) = 0 [pid 7038] close(4) = 0 ./strace-static-x86_64: Process 7043 attached [pid 7038] mkdir("./file0", 0777 [pid 7043] set_robust_list(0x55558d547760, 24) = 0 [pid 7043] chdir("./58") = 0 [pid 7043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7043] setpgid(0, 0) = 0 [pid 7043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7043] write(3, "1000", 4) = 4 [pid 7038] <... mkdir resumed>) = 0 [pid 7035] <... mount resumed>) = -1 EEXIST (File exists) [pid 7043] close(3 [pid 7038] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7035] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7032] <... ioctl resumed>) = 0 [pid 7043] <... close resumed>) = 0 [pid 7032] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... openat resumed>) = 3 [pid 7032] <... futex resumed>) = 1 [pid 7043] symlink("/dev/binderfs", "./binderfs" [pid 7035] ioctl(3, LOOP_CLR_FD [pid 7032] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL executing program [pid 7031] <... futex resumed>) = 0 [pid 7043] <... symlink resumed>) = 0 [pid 7035] <... ioctl resumed>) = 0 [pid 7031] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] write(1, "executing program\n", 18 [pid 7035] close(3 [pid 7032] <... futex resumed>) = 0 [pid 7031] <... futex resumed>) = 1 [pid 7043] <... write resumed>) = 18 [pid 7032] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] <... futex resumed>) = 0 [pid 7032] <... futex resumed>) = 0 [pid 7031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 214.114324][ T7035] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 214.114337][ T7035] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 214.114358][ T7035] [ 214.114379][ T7035] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 214.219019][ T7038] loop3: detected capacity change from 0 to 32768 [ 214.416502][ T7035] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7032] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7031] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] <... futex resumed>) = 0 [pid 7031] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7043] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7032] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7043] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7043] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7046 attached => {parent_tid=[7046]}, 88) = 7046 [pid 7046] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7043] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7046] <... rseq resumed>) = 0 [pid 7046] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7046] memfd_create("syzkaller", 0) = 3 [pid 7046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 214.469217][ T7038] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7035] <... close resumed>) = 0 [pid 7035] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7035] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7033] <... futex resumed>) = 0 [pid 7033] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7035] openat(AT_FDCWD, ".", O_RDONLY [pid 7033] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7035] <... openat resumed>) = 3 [pid 7035] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7033] <... futex resumed>) = 0 [pid 7035] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7033] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 214.536236][ T7038] CPU: 1 UID: 0 PID: 7038 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 214.536271][ T7038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 214.536286][ T7038] Call Trace: [ 214.536294][ T7038] [ 214.536304][ T7038] dump_stack_lvl+0x189/0x250 [ 214.536337][ T7038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.536363][ T7038] ? __pfx__printk+0x10/0x10 [ 214.536391][ T7038] ? kernfs_root+0x1c/0x230 [pid 7033] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7033] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7033] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7047 attached => {parent_tid=[7047]}, 88) = 7047 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7033] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7033] <... futex resumed>) = 0 [pid 7047] <... rseq resumed>) = 0 [pid 7033] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7047] set_robust_list(0x7fb4714f59a0, 24) = 0 [ 214.536417][ T7038] ? kernfs_path_from_node+0x250/0x290 [ 214.536439][ T7038] ? kernfs_path_from_node+0x2f/0x290 [ 214.536464][ T7038] sysfs_create_dir_ns+0x259/0x280 [ 214.536488][ T7038] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 214.536510][ T7038] ? do_raw_spin_unlock+0x122/0x240 [ 214.536538][ T7038] kobject_add_internal+0x59f/0xb40 [ 214.536573][ T7038] kobject_init_and_add+0x125/0x190 [ 214.536599][ T7038] ? __pfx_kobject_init_and_add+0x10/0x10 [ 214.536622][ T7038] ? __raw_spin_lock_init+0x45/0x100 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 214.536648][ T7038] ? __init_swait_queue_head+0xa9/0x150 [ 214.536674][ T7038] gfs2_sys_fs_add+0x234/0x450 [ 214.536696][ T7038] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 214.536720][ T7038] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 214.536753][ T7038] gfs2_fill_super+0x13c0/0x20d0 [ 214.536787][ T7038] ? __pfx_gfs2_fill_super+0x10/0x10 [ 214.536817][ T7038] ? sb_set_blocksize+0x104/0x180 [ 214.536846][ T7038] ? setup_bdev_super+0x4c1/0x5b0 [ 214.536878][ T7038] get_tree_bdev_flags+0x40b/0x4d0 [ 214.536907][ T7038] ? __pfx_gfs2_fill_super+0x10/0x10 [ 214.536934][ T7038] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 214.536968][ T7038] gfs2_get_tree+0x51/0x1e0 [ 214.536995][ T7038] vfs_get_tree+0x8f/0x2b0 [ 214.537024][ T7038] do_new_mount+0x2a2/0xa30 [ 214.537055][ T7038] ? ns_capable+0x8a/0xf0 [ 214.537075][ T7038] ? __pfx_do_new_mount+0x10/0x10 [ 214.537104][ T7038] ? path_mount+0x61c/0xfe0 [ 214.537133][ T7038] ? user_path_at+0x44/0x60 [ 214.537160][ T7038] __se_sys_mount+0x317/0x410 [ 214.537193][ T7038] ? __pfx___se_sys_mount+0x10/0x10 [pid 7047] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7033] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7033] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7048]}, 88) = 7048 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7033] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 214.537222][ T7038] ? rcu_is_watching+0x15/0xb0 [ 214.537245][ T7038] ? __x64_sys_mount+0x20/0xc0 [ 214.537276][ T7038] do_syscall_64+0xfa/0x3b0 [ 214.537298][ T7038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.537319][ T7038] ? clear_bhb_loop+0x60/0xb0 [ 214.537341][ T7038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.537362][ T7038] RIP: 0033:0x7fb47156b94a [pid 7033] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 214.537381][ T7038] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 214.537400][ T7038] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 214.537423][ T7038] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 214.537440][ T7038] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 214.537455][ T7038] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 214.537470][ T7038] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 ./strace-static-x86_64: Process 7048 attached [pid 7048] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7038] <... mount resumed>) = -1 EEXIST (File exists) [pid 7038] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7038] ioctl(3, LOOP_CLR_FD) = 0 [pid 7038] close(3) = 0 [pid 7038] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7038] openat(AT_FDCWD, ".", O_RDONLY [pid 7037] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] set_robust_list(0x7fb4714d49a0, 24 [pid 7038] <... openat resumed>) = 3 [pid 7037] <... futex resumed>) = 0 [pid 7048] <... set_robust_list resumed>) = 0 [pid 7038] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] rt_sigprocmask(SIG_SETMASK, [], [pid 7038] <... futex resumed>) = 0 [pid 7037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7038] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7037] <... futex resumed>) = 0 [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7038] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7048] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7048] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] <... ioctl resumed>) = 0 [pid 7048] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7047] <... openat resumed>) = 4 [pid 7047] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7047] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7033] exit_group(0 [pid 7048] <... futex resumed>) = ? [pid 7047] <... futex resumed>) = ? [pid 7035] <... futex resumed>) = ? [pid 7033] <... exit_group resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7047] +++ exited with 0 +++ [pid 7035] +++ exited with 0 +++ [pid 7033] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7033, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=52 /* 0.52 s */} --- [pid 5868] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./60/file0") = 0 [pid 5868] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./60/binderfs") = 0 [pid 5868] umount2("./60/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./60/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./60/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./60") = 0 [pid 5868] mkdir("./61", 0777 [pid 7038] <... ioctl resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 7038] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7038] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7037] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7049 attached [pid 7038] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7049 [pid 7049] set_robust_list(0x55558d547760, 24 [pid 7038] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... set_robust_list resumed>) = 0 [pid 7038] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7049] chdir("./61" [pid 7038] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7037] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... chdir resumed>) = 0 [pid 7037] <... futex resumed>) = 0 [pid 7049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7049] <... prctl resumed>) = 0 [pid 7049] setpgid(0, 0) = 0 [pid 7049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7049] write(3, "1000", 4) = 4 executing program [pid 7049] close(3) = 0 [pid 7049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7049] write(1, "executing program\n", 18) = 18 [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7049] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7050 attached => {parent_tid=[7050]}, 88) = 7050 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7049] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7050] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7050] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7050] memfd_create("syzkaller", 0) = 3 [ 214.537485][ T7038] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 214.537506][ T7038] [ 214.537528][ T7038] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 214.858630][ T7038] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7031] exit_group(0) = ? [pid 7037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7037] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7032] <... write resumed>) = ? [pid 7032] +++ exited with 0 +++ [pid 7031] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7031, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=76 /* 0.76 s */} --- [pid 5867] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./59/file0") = 0 [pid 5867] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./59/binderfs") = 0 [pid 5867] umount2("./59/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./59/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3985344, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./59/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./59") = 0 [pid 5867] mkdir("./60", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7051 ./strace-static-x86_64: Process 7051 attached [pid 7051] set_robust_list(0x55558d547760, 24) = 0 [pid 7051] chdir("./60") = 0 [pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7051] setpgid(0, 0) = 0 [pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7051] write(3, "1000", 4) = 4 [pid 7051] close(3) = 0 [pid 7051] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7051] write(1, "executing program\n", 18) = 18 [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7051] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7052]}, 88) = 7052 [pid 7051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7052 attached [pid 7051] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7052] set_robust_list(0x7fb4715169a0, 24 [pid 7051] <... futex resumed>) = 0 [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7052] <... set_robust_list resumed>) = 0 [pid 7052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7052] memfd_create("syzkaller", 0) = 3 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7037] exit_group(0) = ? [pid 7038] <... write resumed>) = ? [pid 7050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7038] +++ exited with 0 +++ [pid 7037] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7037, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=86 /* 0.86 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./59/file0") = 0 [pid 5870] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./59/binderfs") = 0 [pid 5870] umount2("./59/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./59/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5435392, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./59/cpuset.effective_mems" [pid 7046] <... write resumed>) = 16777216 [pid 7046] munmap(0x7fb469000000, 138412032 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./59") = 0 [pid 5870] mkdir("./60", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7053 attached , child_tidptr=0x55558d547750) = 7053 [pid 7053] set_robust_list(0x55558d547760, 24) = 0 [pid 7053] chdir("./60") = 0 [pid 7053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7053] setpgid(0, 0) = 0 [pid 7053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7053] write(3, "1000", 4) = 4 [pid 7053] close(3executing program ) = 0 [pid 7053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7053] write(1, "executing program\n", 18) = 18 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7046] <... munmap resumed>) = 0 [pid 7046] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7053] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7054 attached [pid 7046] <... openat resumed>) = 4 [pid 7054] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7053] <... clone3 resumed> => {parent_tid=[7054]}, 88) = 7054 [pid 7053] rt_sigprocmask(SIG_SETMASK, [], [pid 7054] <... rseq resumed>) = 0 [pid 7053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7054] set_robust_list(0x7fb4715169a0, 24 [pid 7046] ioctl(4, LOOP_SET_FD, 3 [pid 7053] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... set_robust_list resumed>) = 0 [pid 7054] rt_sigprocmask(SIG_SETMASK, [], [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7054] memfd_create("syzkaller", 0 [pid 7046] <... ioctl resumed>) = 0 [pid 7054] <... memfd_create resumed>) = 3 [pid 7054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7046] close(3) = 0 [pid 7046] close(4) = 0 [pid 7046] mkdir("./file0", 0777) = 0 [ 215.355767][ T7046] loop2: detected capacity change from 0 to 32768 [ 215.395655][ T7046] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 215.403092][ T7046] CPU: 1 UID: 0 PID: 7046 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 215.403122][ T7046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.403136][ T7046] Call Trace: [ 215.403144][ T7046] [ 215.403153][ T7046] dump_stack_lvl+0x189/0x250 [ 215.403184][ T7046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.403208][ T7046] ? __pfx__printk+0x10/0x10 [ 215.403234][ T7046] ? kernfs_root+0x1c/0x230 [ 215.403258][ T7046] ? kernfs_path_from_node+0x250/0x290 [ 215.403279][ T7046] ? kernfs_path_from_node+0x2f/0x290 [ 215.403309][ T7046] sysfs_create_dir_ns+0x259/0x280 [ 215.403332][ T7046] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 215.403353][ T7046] ? do_raw_spin_unlock+0x122/0x240 [ 215.403380][ T7046] kobject_add_internal+0x59f/0xb40 [ 215.403408][ T7046] kobject_init_and_add+0x125/0x190 [ 215.403432][ T7046] ? __pfx_kobject_init_and_add+0x10/0x10 [ 215.403455][ T7046] ? __raw_spin_lock_init+0x45/0x100 [ 215.403479][ T7046] ? __init_swait_queue_head+0xa9/0x150 [pid 7046] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 215.403505][ T7046] gfs2_sys_fs_add+0x234/0x450 [ 215.403527][ T7046] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 215.403550][ T7046] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 215.403583][ T7046] gfs2_fill_super+0x13c0/0x20d0 [ 215.403616][ T7046] ? __pfx_gfs2_fill_super+0x10/0x10 [ 215.403644][ T7046] ? sb_set_blocksize+0x104/0x180 [ 215.403674][ T7046] ? setup_bdev_super+0x4c1/0x5b0 [ 215.403702][ T7046] get_tree_bdev_flags+0x40b/0x4d0 [ 215.403730][ T7046] ? __pfx_gfs2_fill_super+0x10/0x10 [ 215.403755][ T7046] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 215.403787][ T7046] gfs2_get_tree+0x51/0x1e0 [ 215.403813][ T7046] vfs_get_tree+0x8f/0x2b0 [ 215.403841][ T7046] do_new_mount+0x2a2/0xa30 [ 215.403871][ T7046] ? ns_capable+0x8a/0xf0 [ 215.403890][ T7046] ? __pfx_do_new_mount+0x10/0x10 [ 215.403917][ T7046] ? path_mount+0x61c/0xfe0 [ 215.403944][ T7046] ? user_path_at+0x44/0x60 [ 215.403970][ T7046] __se_sys_mount+0x317/0x410 [ 215.404003][ T7046] ? __pfx___se_sys_mount+0x10/0x10 [ 215.404031][ T7046] ? rcu_is_watching+0x15/0xb0 [ 215.404054][ T7046] ? __x64_sys_mount+0x20/0xc0 [ 215.404084][ T7046] do_syscall_64+0xfa/0x3b0 [ 215.404128][ T7046] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.404149][ T7046] ? clear_bhb_loop+0x60/0xb0 [ 215.404171][ T7046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.404190][ T7046] RIP: 0033:0x7fb47156b94a [ 215.404209][ T7046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7050] <... write resumed>) = 16777216 [ 215.404227][ T7046] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 215.404249][ T7046] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 215.404265][ T7046] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 215.404284][ T7046] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 215.404305][ T7046] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 215.404320][ T7046] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 215.404342][ T7046] [ 215.404364][ T7046] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7050] munmap(0x7fb469000000, 138412032 [pid 7054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7050] <... munmap resumed>) = 0 [pid 7050] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7046] <... mount resumed>) = -1 EEXIST (File exists) [pid 7050] close(3) = 0 [pid 7050] close(4) = 0 [pid 7050] mkdir("./file0", 0777) = 0 [pid 7050] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 215.762051][ T7046] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 215.772366][ T7050] loop1: detected capacity change from 0 to 32768 [ 215.801516][ T7050] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7046] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7052] <... write resumed>) = 16777216 [pid 7046] ioctl(3, LOOP_CLR_FD) = 0 [pid 7046] close(3 [ 215.812862][ T7050] CPU: 1 UID: 0 PID: 7050 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 215.812894][ T7050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.812909][ T7050] Call Trace: [ 215.812917][ T7050] [ 215.812926][ T7050] dump_stack_lvl+0x189/0x250 [ 215.812959][ T7050] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.812985][ T7050] ? __pfx__printk+0x10/0x10 [ 215.813012][ T7050] ? kernfs_root+0x1c/0x230 [ 215.813038][ T7050] ? kernfs_path_from_node+0x250/0x290 [ 215.813060][ T7050] ? kernfs_path_from_node+0x2f/0x290 [ 215.813085][ T7050] sysfs_create_dir_ns+0x259/0x280 [ 215.813109][ T7050] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 215.813132][ T7050] ? do_raw_spin_unlock+0x122/0x240 [ 215.813161][ T7050] kobject_add_internal+0x59f/0xb40 [ 215.813189][ T7050] kobject_init_and_add+0x125/0x190 [ 215.813216][ T7050] ? __pfx_kobject_init_and_add+0x10/0x10 [ 215.813240][ T7050] ? __raw_spin_lock_init+0x45/0x100 [ 215.813265][ T7050] ? __init_swait_queue_head+0xa9/0x150 [ 215.813292][ T7050] gfs2_sys_fs_add+0x234/0x450 [ 215.813314][ T7050] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 215.813339][ T7050] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 215.813373][ T7050] gfs2_fill_super+0x13c0/0x20d0 [ 215.813408][ T7050] ? __pfx_gfs2_fill_super+0x10/0x10 [ 215.813437][ T7050] ? sb_set_blocksize+0x104/0x180 [ 215.813475][ T7050] ? setup_bdev_super+0x4c1/0x5b0 [ 215.813506][ T7050] get_tree_bdev_flags+0x40b/0x4d0 [ 215.813535][ T7050] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7052] munmap(0x7fb469000000, 138412032) = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 215.813561][ T7050] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 215.813595][ T7050] gfs2_get_tree+0x51/0x1e0 [ 215.813623][ T7050] vfs_get_tree+0x8f/0x2b0 [ 215.813653][ T7050] do_new_mount+0x2a2/0xa30 [ 215.813685][ T7050] ? ns_capable+0x8a/0xf0 [ 215.813704][ T7050] ? __pfx_do_new_mount+0x10/0x10 [ 215.813734][ T7050] ? path_mount+0x61c/0xfe0 [ 215.813762][ T7050] ? user_path_at+0x44/0x60 [ 215.813790][ T7050] __se_sys_mount+0x317/0x410 [ 215.813824][ T7050] ? __pfx___se_sys_mount+0x10/0x10 [pid 7052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7052] close(3) = 0 [pid 7052] close(4) = 0 [pid 7052] mkdir("./file0", 0777) = 0 [ 215.813854][ T7050] ? rcu_is_watching+0x15/0xb0 [ 215.813879][ T7050] ? __x64_sys_mount+0x20/0xc0 [ 215.813910][ T7050] do_syscall_64+0xfa/0x3b0 [ 215.813932][ T7050] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.813953][ T7050] ? clear_bhb_loop+0x60/0xb0 [ 215.813977][ T7050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.813997][ T7050] RIP: 0033:0x7fb47156b94a [ 215.814014][ T7050] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 215.814032][ T7050] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 215.814055][ T7050] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 215.814071][ T7050] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 215.814086][ T7050] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 215.814101][ T7050] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 215.814115][ T7050] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7052] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7050] <... mount resumed>) = -1 EEXIST (File exists) [pid 7046] <... close resumed>) = 0 [pid 7050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7046] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7043] <... futex resumed>) = 0 [pid 7050] <... openat resumed>) = 3 [pid 7046] openat(AT_FDCWD, ".", O_RDONLY [pid 7043] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] ioctl(3, LOOP_CLR_FD [pid 7046] <... openat resumed>) = 3 [pid 7043] <... futex resumed>) = 0 [pid 7050] <... ioctl resumed>) = 0 [pid 7046] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] close(3 [pid 7046] <... futex resumed>) = 0 [pid 7043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7050] <... close resumed>) = 0 [pid 7046] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7043] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] <... futex resumed>) = 0 [pid 7050] <... futex resumed>) = 1 [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 215.814136][ T7050] [ 215.814159][ T7050] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 215.980812][ T7052] loop0: detected capacity change from 0 to 32768 [ 215.996762][ T7050] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 216.063593][ T7052] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7050] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7049] <... futex resumed>) = 0 [pid 7046] <... ioctl resumed>) = 0 [pid 7046] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7043] <... futex resumed>) = 0 [pid 7043] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7046] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7043] <... futex resumed>) = 0 [pid 7043] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7049] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... futex resumed>) = 0 [pid 7049] <... futex resumed>) = 1 [pid 7050] openat(AT_FDCWD, ".", O_RDONLY [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] <... openat resumed>) = 3 [pid 7050] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7049] <... futex resumed>) = 0 [pid 7050] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7049] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] <... ioctl resumed>) = 0 [pid 7050] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7049] <... futex resumed>) = 0 [pid 7050] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 216.158870][ T7052] CPU: 0 UID: 0 PID: 7052 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 216.158903][ T7052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 216.158916][ T7052] Call Trace: [ 216.158925][ T7052] [ 216.158933][ T7052] dump_stack_lvl+0x189/0x250 [ 216.158965][ T7052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.158990][ T7052] ? __pfx__printk+0x10/0x10 [ 216.159017][ T7052] ? kernfs_root+0x1c/0x230 [ 216.159043][ T7052] ? kernfs_path_from_node+0x250/0x290 [pid 7049] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... openat resumed>) = 4 [pid 7049] <... futex resumed>) = 0 [pid 7050] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] <... futex resumed>) = 0 [pid 7049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7050] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7049] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7043] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 216.159065][ T7052] ? kernfs_path_from_node+0x2f/0x290 [ 216.159089][ T7052] sysfs_create_dir_ns+0x259/0x280 [ 216.159113][ T7052] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 216.159134][ T7052] ? do_raw_spin_unlock+0x122/0x240 [ 216.159162][ T7052] kobject_add_internal+0x59f/0xb40 [ 216.159189][ T7052] kobject_init_and_add+0x125/0x190 [ 216.159215][ T7052] ? __pfx_kobject_init_and_add+0x10/0x10 [ 216.159238][ T7052] ? __raw_spin_lock_init+0x45/0x100 [ 216.159263][ T7052] ? __init_swait_queue_head+0xa9/0x150 [pid 7049] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 216.159289][ T7052] gfs2_sys_fs_add+0x234/0x450 [ 216.159312][ T7052] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 216.159335][ T7052] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 216.159371][ T7052] gfs2_fill_super+0x13c0/0x20d0 [ 216.159405][ T7052] ? __pfx_gfs2_fill_super+0x10/0x10 [ 216.159442][ T7052] ? sb_set_blocksize+0x104/0x180 [ 216.159471][ T7052] ? setup_bdev_super+0x4c1/0x5b0 [ 216.159501][ T7052] get_tree_bdev_flags+0x40b/0x4d0 [ 216.159530][ T7052] ? __pfx_gfs2_fill_super+0x10/0x10 [ 216.159556][ T7052] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 216.159589][ T7052] gfs2_get_tree+0x51/0x1e0 [ 216.159617][ T7052] vfs_get_tree+0x8f/0x2b0 [ 216.159647][ T7052] do_new_mount+0x2a2/0xa30 [ 216.159679][ T7052] ? ns_capable+0x8a/0xf0 [ 216.159699][ T7052] ? __pfx_do_new_mount+0x10/0x10 [ 216.159728][ T7052] ? path_mount+0x61c/0xfe0 [ 216.159756][ T7052] ? user_path_at+0x44/0x60 [ 216.159784][ T7052] __se_sys_mount+0x317/0x410 [ 216.159817][ T7052] ? __pfx___se_sys_mount+0x10/0x10 [ 216.159846][ T7052] ? rcu_is_watching+0x15/0xb0 [ 216.159870][ T7052] ? __x64_sys_mount+0x20/0xc0 [ 216.159900][ T7052] do_syscall_64+0xfa/0x3b0 [ 216.159921][ T7052] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.159941][ T7052] ? clear_bhb_loop+0x60/0xb0 [ 216.159963][ T7052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.159983][ T7052] RIP: 0033:0x7fb47156b94a [ 216.160001][ T7052] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7043] exit_group(0) = ? [pid 7046] <... write resumed>) = ? [ 216.160019][ T7052] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 216.160041][ T7052] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 216.160057][ T7052] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 216.160072][ T7052] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 216.160087][ T7052] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 216.160101][ T7052] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 216.160123][ T7052] [pid 7052] <... mount resumed>) = -1 EEXIST (File exists) [pid 7046] +++ exited with 0 +++ [pid 7043] +++ exited with 0 +++ [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7043, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=65 /* 0.65 s */} --- [pid 5869] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7052] ioctl(3, LOOP_CLR_FD [pid 5869] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7052] <... ioctl resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7052] close(3) = 0 [pid 5869] newfstatat(3, "", [pid 7052] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7051] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7052] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(3, [pid 7052] <... futex resumed>) = 0 [pid 7051] <... futex resumed>) = 1 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7052] openat(AT_FDCWD, ".", O_RDONLY [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7052] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "./58/file0", [pid 7052] <... futex resumed>) = 1 [pid 7051] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7052] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7052] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7051] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7049] exit_group(0 [pid 5869] <... openat resumed>) = 4 [pid 7049] <... exit_group resumed>) = ? [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 7052] <... ioctl resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7052] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rmdir("./58/file0" [pid 7052] <... futex resumed>) = 1 [pid 7051] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7052] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7051] <... futex resumed>) = 0 [pid 5869] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./58/binderfs" [pid 7052] <... openat resumed>) = 4 [pid 5869] <... unlink resumed>) = 0 [pid 7052] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./58/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] <... futex resumed>) = 1 [pid 7051] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7052] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "./58/cpuset.effective_mems", [pid 7052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7051] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=1777664, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 216.160144][ T7052] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 216.478114][ T7052] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7052] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7051] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] unlink("./58/cpuset.effective_mems" [pid 7050] <... write resumed>) = ? [pid 7050] +++ exited with 0 +++ [pid 7049] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7049, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=54 /* 0.54 s */} --- [pid 5868] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] <... unlink resumed>) = 0 [pid 5868] getdents64(4, [pid 7054] <... write resumed>) = 16777216 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./61/file0") = 0 [pid 5868] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7054] munmap(0x7fb469000000, 138412032 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./61/binderfs") = 0 [pid 7051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5868] umount2("./61/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./61/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=2052032, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./61/cpuset.effective_mems" [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./58") = 0 [pid 5869] mkdir("./59", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7061 attached , child_tidptr=0x55558d547750) = 7061 [pid 7061] set_robust_list(0x55558d547760, 24) = 0 [pid 7061] chdir("./59") = 0 [pid 7061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7061] setpgid(0, 0) = 0 [pid 7061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7061] write(3, "1000", 4) = 4 [pid 7061] close(3) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7061] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7061] write(1, "executing program\n", 18) = 18 [pid 7061] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7061] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 5868] getdents64(3, [pid 7061] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7061] <... mprotect resumed>) = 0 [pid 5868] close(3 [pid 7061] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... close resumed>) = 0 [pid 7061] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] rmdir("./61" [pid 7061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5868] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 7062 attached [pid 5868] mkdir("./62", 0777 [pid 7061] <... clone3 resumed> => {parent_tid=[7062]}, 88) = 7062 [pid 5868] <... mkdir resumed>) = 0 [pid 7061] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7061] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7061] <... futex resumed>) = 0 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7061] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7063 attached [pid 7062] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7063] set_robust_list(0x55558d547760, 24 [pid 7062] <... rseq resumed>) = 0 [pid 7063] <... set_robust_list resumed>) = 0 [pid 7062] set_robust_list(0x7fb4715169a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7063 [pid 7062] <... set_robust_list resumed>) = 0 [pid 7063] chdir("./62" [pid 7062] rt_sigprocmask(SIG_SETMASK, [], [pid 7063] <... chdir resumed>) = 0 [pid 7062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7062] memfd_create("syzkaller", 0 [pid 7063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7062] <... memfd_create resumed>) = 3 [pid 7063] <... prctl resumed>) = 0 [pid 7062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7063] setpgid(0, 0) = 0 [pid 7062] <... mmap resumed>) = 0x7fb469000000 [pid 7063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7063] write(3, "1000", 4) = 4 [pid 7063] close(3) = 0 [pid 7063] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7063] write(1, "executing program\n", 18) = 18 [pid 7063] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7063] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7064 attached [pid 7064] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7063] <... clone3 resumed> => {parent_tid=[7064]}, 88) = 7064 [pid 7064] <... rseq resumed>) = 0 [pid 7063] rt_sigprocmask(SIG_SETMASK, [], [pid 7064] set_robust_list(0x7fb4715169a0, 24 [pid 7063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] <... set_robust_list resumed>) = 0 [pid 7063] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], [pid 7063] <... futex resumed>) = 0 [pid 7063] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] memfd_create("syzkaller", 0 [pid 7054] <... munmap resumed>) = 0 [pid 7054] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7064] <... memfd_create resumed>) = 3 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7054] <... openat resumed>) = 4 [pid 7054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7054] close(3) = 0 [pid 7054] close(4) = 0 [pid 7054] mkdir("./file0", 0777) = 0 [ 216.712862][ T7054] loop3: detected capacity change from 0 to 32768 [ 216.756814][ T7054] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 216.776042][ T7054] CPU: 1 UID: 0 PID: 7054 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 216.776076][ T7054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 216.776090][ T7054] Call Trace: [ 216.776099][ T7054] [ 216.776108][ T7054] dump_stack_lvl+0x189/0x250 [ 216.776152][ T7054] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.776176][ T7054] ? __pfx__printk+0x10/0x10 [ 216.776202][ T7054] ? kernfs_root+0x1c/0x230 [ 216.776226][ T7054] ? kernfs_path_from_node+0x250/0x290 [ 216.776247][ T7054] ? kernfs_path_from_node+0x2f/0x290 [ 216.776270][ T7054] sysfs_create_dir_ns+0x259/0x280 [ 216.776312][ T7054] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 216.776334][ T7054] ? do_raw_spin_unlock+0x122/0x240 [ 216.776362][ T7054] kobject_add_internal+0x59f/0xb40 [ 216.776392][ T7054] kobject_init_and_add+0x125/0x190 [ 216.776427][ T7054] ? __pfx_kobject_init_and_add+0x10/0x10 [ 216.776450][ T7054] ? __raw_spin_lock_init+0x45/0x100 [ 216.776475][ T7054] ? __init_swait_queue_head+0xa9/0x150 [ 216.776502][ T7054] gfs2_sys_fs_add+0x234/0x450 [ 216.776524][ T7054] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 216.776547][ T7054] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 216.776582][ T7054] gfs2_fill_super+0x13c0/0x20d0 [ 216.776616][ T7054] ? __pfx_gfs2_fill_super+0x10/0x10 [ 216.776645][ T7054] ? sb_set_blocksize+0x104/0x180 [ 216.776675][ T7054] ? setup_bdev_super+0x4c1/0x5b0 [ 216.776704][ T7054] get_tree_bdev_flags+0x40b/0x4d0 [ 216.776733][ T7054] ? __pfx_gfs2_fill_super+0x10/0x10 [ 216.776760][ T7054] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 216.776793][ T7054] gfs2_get_tree+0x51/0x1e0 [ 216.776821][ T7054] vfs_get_tree+0x8f/0x2b0 [ 216.776850][ T7054] do_new_mount+0x2a2/0xa30 [ 216.776882][ T7054] ? ns_capable+0x8a/0xf0 [ 216.776901][ T7054] ? __pfx_do_new_mount+0x10/0x10 [ 216.776931][ T7054] ? path_mount+0x61c/0xfe0 [ 216.776959][ T7054] ? user_path_at+0x44/0x60 [ 216.776987][ T7054] __se_sys_mount+0x317/0x410 [ 216.777021][ T7054] ? __pfx___se_sys_mount+0x10/0x10 [ 216.777050][ T7054] ? rcu_is_watching+0x15/0xb0 [ 216.777078][ T7054] ? __x64_sys_mount+0x20/0xc0 [ 216.777109][ T7054] do_syscall_64+0xfa/0x3b0 [ 216.777130][ T7054] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.777149][ T7054] ? clear_bhb_loop+0x60/0xb0 [ 216.777172][ T7054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.777193][ T7054] RIP: 0033:0x7fb47156b94a [ 216.777211][ T7054] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 216.777229][ T7054] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 216.777251][ T7054] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 216.777267][ T7054] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 7054] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7051] exit_group(0) = ? [pid 7052] <... write resumed>) = ? [pid 7052] +++ exited with 0 +++ [pid 7051] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=80 /* 0.80 s */} --- [pid 5867] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./60/file0") = 0 [pid 7054] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7054] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7054] <... openat resumed>) = 3 [pid 7054] ioctl(3, LOOP_CLR_FD [pid 5867] newfstatat(AT_FDCWD, "./60/binderfs", [pid 7054] <... ioctl resumed>) = 0 [pid 7054] close(3 [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./60/binderfs") = 0 [pid 5867] umount2("./60/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./60/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9957312, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 216.777282][ T7054] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 216.777297][ T7054] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 216.777311][ T7054] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 216.777332][ T7054] [ 216.777552][ T7054] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 217.095695][ T7054] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] unlink("./60/cpuset.effective_mems" [pid 7054] <... close resumed>) = 0 [pid 7054] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... futex resumed>) = 0 [pid 7053] <... futex resumed>) = 1 [pid 7054] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7054] <... futex resumed>) = 0 [pid 7053] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7053] <... futex resumed>) = 0 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] <... ioctl resumed>) = 0 [pid 7054] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] <... futex resumed>) = 0 [pid 7054] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] <... futex resumed>) = 0 [pid 7054] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] <... openat resumed>) = 4 [pid 7064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7054] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] <... futex resumed>) = 0 [pid 7054] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] <... futex resumed>) = 0 [pid 7054] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7053] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./60") = 0 [pid 7062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7053] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] mkdir("./61", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7067 attached , child_tidptr=0x55558d547750) = 7067 [pid 7067] set_robust_list(0x55558d547760, 24) = 0 [pid 7067] chdir("./61") = 0 [pid 7067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7067] setpgid(0, 0) = 0 [pid 7067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7067] write(3, "1000", 4) = 4 [pid 7067] close(3) = 0 [pid 7067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7067] write(1, "executing program\n", 18executing program ) = 18 [pid 7067] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7067] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7068 attached => {parent_tid=[7068]}, 88) = 7068 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], [pid 7068] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7068] <... rseq resumed>) = 0 [pid 7068] set_robust_list(0x7fb4715169a0, 24 [pid 7067] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... set_robust_list resumed>) = 0 [pid 7067] <... futex resumed>) = 0 [pid 7068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7067] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7068] memfd_create("syzkaller", 0) = 3 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7053] exit_group(0) = ? [pid 7064] <... write resumed>) = 16777216 [pid 7054] <... write resumed>) = ? [pid 7064] munmap(0x7fb469000000, 138412032 [pid 7054] +++ exited with 0 +++ [pid 7053] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7053, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=68 /* 0.68 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./60/file0") = 0 [pid 5870] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./60/binderfs") = 0 [pid 5870] umount2("./60/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./60/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5369856, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./60/cpuset.effective_mems" [pid 7062] <... write resumed>) = 16777216 [pid 7062] munmap(0x7fb469000000, 138412032 [pid 7068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7064] <... munmap resumed>) = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7064] close(3) = 0 [pid 7064] close(4) = 0 [pid 7064] mkdir("./file0", 0777 [pid 5870] getdents64(3, [pid 7064] <... mkdir resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 7064] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./60" [pid 7062] <... munmap resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./61", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7062] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 7062] <... openat resumed>) = 4 [ 217.604270][ T7064] loop1: detected capacity change from 0 to 32768 [ 217.641201][ T7064] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7062] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7071 attached , child_tidptr=0x55558d547750) = 7071 [ 217.655706][ T7062] loop2: detected capacity change from 0 to 32768 [ 217.687487][ T7064] CPU: 0 UID: 0 PID: 7064 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 217.687519][ T7064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 217.687533][ T7064] Call Trace: [ 217.687541][ T7064] [ 217.687550][ T7064] dump_stack_lvl+0x189/0x250 [ 217.687581][ T7064] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.687606][ T7064] ? __pfx__printk+0x10/0x10 [ 217.687632][ T7064] ? kernfs_root+0x1c/0x230 [ 217.687657][ T7064] ? kernfs_path_from_node+0x250/0x290 [ 217.687680][ T7064] ? kernfs_path_from_node+0x2f/0x290 [ 217.687705][ T7064] sysfs_create_dir_ns+0x259/0x280 [pid 7071] set_robust_list(0x55558d547760, 24) = 0 [pid 7068] <... write resumed>) = 16777216 [pid 7062] <... ioctl resumed>) = 0 [pid 7068] munmap(0x7fb469000000, 138412032 [pid 7062] close(3) = 0 [pid 7062] close(4) = 0 [pid 7062] mkdir("./file0", 0777) = 0 [ 217.687728][ T7064] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 217.687751][ T7064] ? do_raw_spin_unlock+0x122/0x240 [ 217.687788][ T7064] kobject_add_internal+0x59f/0xb40 [ 217.687817][ T7064] kobject_init_and_add+0x125/0x190 [ 217.687843][ T7064] ? __pfx_kobject_init_and_add+0x10/0x10 [ 217.687867][ T7064] ? __raw_spin_lock_init+0x45/0x100 [ 217.687892][ T7064] ? __init_swait_queue_head+0xa9/0x150 [ 217.687919][ T7064] gfs2_sys_fs_add+0x234/0x450 [ 217.687941][ T7064] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 7062] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7068] <... munmap resumed>) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7068] ioctl(4, LOOP_SET_FD, 3 [pid 7071] chdir("./61" [pid 7068] <... ioctl resumed>) = 0 [pid 7068] close(3) = 0 [pid 7068] close(4) = 0 [pid 7068] mkdir("./file0", 0777) = 0 [pid 7068] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7071] <... chdir resumed>) = 0 [pid 7071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7071] setpgid(0, 0) = 0 [pid 7071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 217.687966][ T7064] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 217.688001][ T7064] gfs2_fill_super+0x13c0/0x20d0 [ 217.688036][ T7064] ? __pfx_gfs2_fill_super+0x10/0x10 [ 217.688073][ T7064] ? sb_set_blocksize+0x104/0x180 [ 217.688102][ T7064] ? setup_bdev_super+0x4c1/0x5b0 [ 217.688132][ T7064] get_tree_bdev_flags+0x40b/0x4d0 [ 217.688162][ T7064] ? __pfx_gfs2_fill_super+0x10/0x10 [ 217.688188][ T7064] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 217.688227][ T7064] gfs2_get_tree+0x51/0x1e0 [ 217.688254][ T7064] vfs_get_tree+0x8f/0x2b0 [pid 7071] write(3, "1000", 4) = 4 [pid 7071] close(3) = 0 [pid 7071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7071] write(1, "executing program\n", 18executing program ) = 18 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7071] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7072]}, 88) = 7072 [ 217.688284][ T7064] do_new_mount+0x2a2/0xa30 [ 217.688316][ T7064] ? ns_capable+0x8a/0xf0 [ 217.688336][ T7064] ? __pfx_do_new_mount+0x10/0x10 [ 217.688366][ T7064] ? path_mount+0x61c/0xfe0 [ 217.688394][ T7064] ? user_path_at+0x44/0x60 [ 217.688422][ T7064] __se_sys_mount+0x317/0x410 [ 217.688456][ T7064] ? __pfx___se_sys_mount+0x10/0x10 [ 217.688487][ T7064] ? rcu_is_watching+0x15/0xb0 [ 217.688511][ T7064] ? __x64_sys_mount+0x20/0xc0 [ 217.688543][ T7064] do_syscall_64+0xfa/0x3b0 [ 217.688564][ T7064] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7071] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7072 attached [ 217.688585][ T7064] ? clear_bhb_loop+0x60/0xb0 [ 217.688607][ T7064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.688628][ T7064] RIP: 0033:0x7fb47156b94a [ 217.688647][ T7064] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 217.688665][ T7064] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 217.688688][ T7064] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 7072] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7072] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7072] memfd_create("syzkaller", 0) = 3 [pid 7072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 217.688704][ T7064] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 217.688718][ T7064] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 217.688734][ T7064] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 217.688748][ T7064] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 217.688769][ T7064] [ 217.688835][ T7064] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 217.816487][ T7068] loop0: detected capacity change from 0 to 32768 [ 217.818242][ T7064] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 218.019815][ T7068] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 218.029144][ T7068] CPU: 1 UID: 0 PID: 7068 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 218.029174][ T7068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 218.029188][ T7068] Call Trace: [ 218.029197][ T7068] [ 218.029205][ T7068] dump_stack_lvl+0x189/0x250 [ 218.029239][ T7068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.029263][ T7068] ? __pfx__printk+0x10/0x10 [ 218.029300][ T7068] ? kernfs_root+0x1c/0x230 [ 218.029324][ T7068] ? kernfs_path_from_node+0x250/0x290 [ 218.029347][ T7068] ? kernfs_path_from_node+0x2f/0x290 [ 218.029370][ T7068] sysfs_create_dir_ns+0x259/0x280 [ 218.029394][ T7068] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 218.029416][ T7068] ? do_raw_spin_unlock+0x122/0x240 [ 218.029444][ T7068] kobject_add_internal+0x59f/0xb40 [ 218.029472][ T7068] kobject_init_and_add+0x125/0x190 [ 218.029497][ T7068] ? __pfx_kobject_init_and_add+0x10/0x10 [ 218.029520][ T7068] ? __raw_spin_lock_init+0x45/0x100 [ 218.029545][ T7068] ? __init_swait_queue_head+0xa9/0x150 [ 218.029571][ T7068] gfs2_sys_fs_add+0x234/0x450 [ 218.029592][ T7068] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 218.029616][ T7068] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 218.029650][ T7068] gfs2_fill_super+0x13c0/0x20d0 [ 218.029685][ T7068] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.029712][ T7068] ? sb_set_blocksize+0x104/0x180 [ 218.029742][ T7068] ? setup_bdev_super+0x4c1/0x5b0 [ 218.029771][ T7068] get_tree_bdev_flags+0x40b/0x4d0 [ 218.029798][ T7068] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.029825][ T7068] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 218.029857][ T7068] gfs2_get_tree+0x51/0x1e0 [ 218.029884][ T7068] vfs_get_tree+0x8f/0x2b0 [ 218.029912][ T7068] do_new_mount+0x2a2/0xa30 [ 218.029945][ T7068] ? ns_capable+0x8a/0xf0 [pid 7072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7064] <... mount resumed>) = -1 EEXIST (File exists) [pid 7064] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7064] ioctl(3, LOOP_CLR_FD) = 0 [ 218.029963][ T7068] ? __pfx_do_new_mount+0x10/0x10 [ 218.029991][ T7068] ? path_mount+0x61c/0xfe0 [ 218.030018][ T7068] ? user_path_at+0x44/0x60 [ 218.030047][ T7068] __se_sys_mount+0x317/0x410 [ 218.030080][ T7068] ? __pfx___se_sys_mount+0x10/0x10 [ 218.030109][ T7068] ? rcu_is_watching+0x15/0xb0 [ 218.030131][ T7068] ? __x64_sys_mount+0x20/0xc0 [ 218.030163][ T7068] do_syscall_64+0xfa/0x3b0 [ 218.030184][ T7068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.030205][ T7068] ? clear_bhb_loop+0x60/0xb0 [ 218.030228][ T7068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.030248][ T7068] RIP: 0033:0x7fb47156b94a [ 218.030272][ T7068] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 218.030290][ T7068] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 218.030313][ T7068] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 218.030329][ T7068] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 218.030345][ T7068] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 218.030359][ T7068] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 218.030373][ T7068] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 218.030394][ T7068] [ 218.030415][ T7068] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 218.184245][ T7062] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 218.191598][ T7068] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 218.193626][ T7062] CPU: 0 UID: 0 PID: 7062 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 218.193660][ T7062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 218.193676][ T7062] Call Trace: [ 218.193686][ T7062] [ 218.193696][ T7062] dump_stack_lvl+0x189/0x250 [ 218.193735][ T7062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.193763][ T7062] ? __pfx__printk+0x10/0x10 [pid 7064] close(3 [pid 7072] <... write resumed>) = 16777216 [pid 7064] <... close resumed>) = 0 [pid 7072] munmap(0x7fb469000000, 138412032 [pid 7064] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 218.193793][ T7062] ? kernfs_root+0x1c/0x230 [ 218.193823][ T7062] ? kernfs_path_from_node+0x250/0x290 [ 218.193847][ T7062] ? kernfs_path_from_node+0x2f/0x290 [ 218.193875][ T7062] sysfs_create_dir_ns+0x259/0x280 [ 218.193901][ T7062] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 218.193927][ T7062] ? do_raw_spin_unlock+0x122/0x240 [ 218.193959][ T7062] kobject_add_internal+0x59f/0xb40 [ 218.193991][ T7062] kobject_init_and_add+0x125/0x190 [ 218.194020][ T7062] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 7064] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] <... munmap resumed>) = 0 [pid 7068] <... mount resumed>) = -1 EEXIST (File exists) [pid 7072] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 218.194046][ T7062] ? __raw_spin_lock_init+0x45/0x100 [ 218.194085][ T7062] ? __init_swait_queue_head+0xa9/0x150 [ 218.194114][ T7062] gfs2_sys_fs_add+0x234/0x450 [ 218.194139][ T7062] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 218.194167][ T7062] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 218.194205][ T7062] gfs2_fill_super+0x13c0/0x20d0 [ 218.194243][ T7062] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.194277][ T7062] ? sb_set_blocksize+0x104/0x180 [ 218.194311][ T7062] ? setup_bdev_super+0x4c1/0x5b0 [ 218.194344][ T7062] get_tree_bdev_flags+0x40b/0x4d0 [pid 7068] ioctl(3, LOOP_CLR_FD) = 0 [pid 7068] close(3 [pid 7072] ioctl(4, LOOP_SET_FD, 3 [pid 7063] <... futex resumed>) = 0 [pid 7072] <... ioctl resumed>) = 0 [pid 7072] close(3) = 0 [ 218.194375][ T7062] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.194404][ T7062] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 218.194443][ T7062] gfs2_get_tree+0x51/0x1e0 [ 218.194473][ T7062] vfs_get_tree+0x8f/0x2b0 [ 218.194506][ T7062] do_new_mount+0x2a2/0xa30 [ 218.194542][ T7062] ? ns_capable+0x8a/0xf0 [ 218.194563][ T7062] ? __pfx_do_new_mount+0x10/0x10 [ 218.194596][ T7062] ? path_mount+0x61c/0xfe0 [ 218.194627][ T7062] ? user_path_at+0x44/0x60 [ 218.194659][ T7062] __se_sys_mount+0x317/0x410 [pid 7072] close(4) = 0 [pid 7063] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] mkdir("./file0", 0777 [pid 7064] <... futex resumed>) = 0 [pid 7063] <... futex resumed>) = 1 [pid 7072] <... mkdir resumed>) = 0 [pid 7064] openat(AT_FDCWD, ".", O_RDONLY [pid 7063] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7064] <... openat resumed>) = 3 [pid 7064] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7063] <... futex resumed>) = 0 [pid 7064] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7063] <... futex resumed>) = 0 [pid 7064] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 218.194696][ T7062] ? __pfx___se_sys_mount+0x10/0x10 [ 218.194730][ T7062] ? rcu_is_watching+0x15/0xb0 [ 218.194756][ T7062] ? __x64_sys_mount+0x20/0xc0 [ 218.194792][ T7062] do_syscall_64+0xfa/0x3b0 [ 218.194816][ T7062] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.194839][ T7062] ? clear_bhb_loop+0x60/0xb0 [ 218.194865][ T7062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.194887][ T7062] RIP: 0033:0x7fb47156b94a [pid 7063] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7063] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7063] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7078]}, 88) = 7078 [pid 7063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7063] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.194907][ T7062] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 218.194928][ T7062] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 218.194954][ T7062] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 218.194973][ T7062] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 218.194988][ T7062] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 218.195002][ T7062] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7063] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7078 attached ) = -1 ETIMEDOUT (Connection timed out) [pid 7078] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7063] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... mount resumed>) = -1 EEXIST (File exists) [pid 7078] <... rseq resumed>) = 0 [pid 7063] <... futex resumed>) = 0 [pid 7062] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7078] set_robust_list(0x7fb4714f59a0, 24 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7062] <... openat resumed>) = 3 [pid 7078] <... set_robust_list resumed>) = 0 [pid 7063] <... mmap resumed>) = 0x7fb4714b4000 [pid 7062] ioctl(3, LOOP_CLR_FD [pid 7078] rt_sigprocmask(SIG_SETMASK, [], [pid 7063] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7062] <... ioctl resumed>) = 0 [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7063] <... mprotect resumed>) = 0 [pid 7062] close(3 [pid 7078] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7080]}, 88) = 7080 ./strace-static-x86_64: Process 7080 attached [pid 7063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7080] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7063] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... rseq resumed>) = 0 [pid 7080] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7063] <... futex resumed>) = 0 [pid 7080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7063] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7080] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7063] <... futex resumed>) = 0 [pid 7080] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7064] <... ioctl resumed>) = 0 [pid 7064] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.195015][ T7062] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 218.195036][ T7062] [ 218.195070][ T7062] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 218.530844][ T7072] loop3: detected capacity change from 0 to 32768 [ 218.533124][ T7062] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 218.695963][ T7072] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7064] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7078] <... openat resumed>) = 4 [pid 7078] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7063] exit_group(0) = ? [pid 7080] <... futex resumed>) = ? [pid 7064] <... futex resumed>) = ? [pid 7078] +++ exited with 0 +++ [pid 7080] +++ exited with 0 +++ [pid 7064] +++ exited with 0 +++ [pid 7063] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7063, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=70 /* 0.70 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./62/file0") = 0 [ 218.747774][ T7072] CPU: 1 UID: 0 PID: 7072 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 218.747807][ T7072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 218.747822][ T7072] Call Trace: [ 218.747830][ T7072] [ 218.747839][ T7072] dump_stack_lvl+0x189/0x250 [ 218.747872][ T7072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.747897][ T7072] ? __pfx__printk+0x10/0x10 [ 218.747924][ T7072] ? kernfs_root+0x1c/0x230 [pid 5868] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./62/binderfs") = 0 [pid 5868] umount2("./62/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./62/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./62/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./62") = 0 [pid 5868] mkdir("./63", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7068] <... close resumed>) = 0 [pid 5868] close(3 [pid 7068] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7068] <... futex resumed>) = 1 [pid 7067] <... futex resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7068] openat(AT_FDCWD, ".", O_RDONLY [pid 7067] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... openat resumed>) = 3 [pid 7067] <... futex resumed>) = 0 [pid 7068] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... futex resumed>) = 0 [pid 7067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7068] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7067] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7081 attached [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7081 [ 218.747950][ T7072] ? kernfs_path_from_node+0x250/0x290 [ 218.747972][ T7072] ? kernfs_path_from_node+0x2f/0x290 [ 218.748006][ T7072] sysfs_create_dir_ns+0x259/0x280 [ 218.748028][ T7072] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 218.748050][ T7072] ? do_raw_spin_unlock+0x122/0x240 [ 218.748078][ T7072] kobject_add_internal+0x59f/0xb40 [ 218.748106][ T7072] kobject_init_and_add+0x125/0x190 [ 218.748130][ T7072] ? __pfx_kobject_init_and_add+0x10/0x10 [ 218.748152][ T7072] ? __raw_spin_lock_init+0x45/0x100 [pid 7081] set_robust_list(0x55558d547760, 24) = 0 [ 218.748177][ T7072] ? __init_swait_queue_head+0xa9/0x150 [ 218.748202][ T7072] gfs2_sys_fs_add+0x234/0x450 [ 218.748222][ T7072] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 218.748245][ T7072] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 218.748278][ T7072] gfs2_fill_super+0x13c0/0x20d0 [ 218.748311][ T7072] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.748339][ T7072] ? sb_set_blocksize+0x104/0x180 [ 218.748369][ T7072] ? setup_bdev_super+0x4c1/0x5b0 [ 218.748398][ T7072] get_tree_bdev_flags+0x40b/0x4d0 [pid 7081] chdir("./63") = 0 [pid 7067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7067] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7067] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7081] setpgid(0, 0 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7081] <... setpgid resumed>) = 0 [pid 7081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7082]}, 88) = 7082 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7067] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 7081] <... openat resumed>) = 3 [pid 7081] write(3, "1000", 4) = 4 [pid 7081] close(3) = 0 [pid 7081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7081] write(1, "executing program\n", 18) = 18 [pid 7081] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7081] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7083]}, 88) = 7083 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7081] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.748427][ T7072] ? __pfx_gfs2_fill_super+0x10/0x10 [ 218.748453][ T7072] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 218.748486][ T7072] gfs2_get_tree+0x51/0x1e0 [ 218.748515][ T7072] vfs_get_tree+0x8f/0x2b0 [ 218.748543][ T7072] do_new_mount+0x2a2/0xa30 [ 218.748574][ T7072] ? ns_capable+0x8a/0xf0 [ 218.748593][ T7072] ? __pfx_do_new_mount+0x10/0x10 [ 218.748622][ T7072] ? path_mount+0x61c/0xfe0 [ 218.748650][ T7072] ? user_path_at+0x44/0x60 [ 218.748677][ T7072] __se_sys_mount+0x317/0x410 [pid 7081] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7082 attached [pid 7082] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7082] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7082] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7067] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7067] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 7084 attached => {parent_tid=[7084]}, 88) = 7084 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7067] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7084] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7084] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7084] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7084] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = 0 [pid 7084] <... futex resumed>) = 1 [pid 7084] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] <... close resumed>) = 0 ./strace-static-x86_64: Process 7083 attached [pid 7062] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7062] <... futex resumed>) = 1 [pid 7083] <... rseq resumed>) = 0 [pid 7062] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 218.748710][ T7072] ? __pfx___se_sys_mount+0x10/0x10 [ 218.748739][ T7072] ? rcu_is_watching+0x15/0xb0 [ 218.748761][ T7072] ? __x64_sys_mount+0x20/0xc0 [ 218.748792][ T7072] do_syscall_64+0xfa/0x3b0 [ 218.748813][ T7072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.748833][ T7072] ? clear_bhb_loop+0x60/0xb0 [ 218.748856][ T7072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.748876][ T7072] RIP: 0033:0x7fb47156b94a [pid 7083] memfd_create("syzkaller", 0) = 3 [pid 7061] <... futex resumed>) = 0 [pid 7083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7061] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... mmap resumed>) = 0x7fb469000000 [pid 7062] <... futex resumed>) = 0 [pid 7061] <... futex resumed>) = 1 [pid 7061] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7062] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7062] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7061] <... futex resumed>) = 0 [pid 7061] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7061] <... futex resumed>) = 1 [pid 7062] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 218.748895][ T7072] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 218.748913][ T7072] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 218.748935][ T7072] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 218.748949][ T7072] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 218.748963][ T7072] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 218.748978][ T7072] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7061] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7061] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7061] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7085]}, 88) = 7085 [pid 7061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7061] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7061] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7085 attached [pid 7085] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7082] <... openat resumed>) = 4 [pid 7072] <... mount resumed>) = -1 EEXIST (File exists) [pid 7068] <... ioctl resumed>) = 0 [pid 7085] <... rseq resumed>) = 0 [pid 7082] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7068] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] exit_group(0 [pid 7085] set_robust_list(0x7fb4714f59a0, 24 [pid 7084] <... futex resumed>) = ? [pid 7082] <... futex resumed>) = ? [pid 7072] <... openat resumed>) = 3 [pid 7068] <... futex resumed>) = ? [pid 7067] <... exit_group resumed>) = ? [pid 7062] <... ioctl resumed>) = 0 [pid 7085] <... set_robust_list resumed>) = 0 [pid 7084] +++ exited with 0 +++ [pid 7082] +++ exited with 0 +++ [pid 7072] ioctl(3, LOOP_CLR_FD [pid 7068] +++ exited with 0 +++ [pid 7067] +++ exited with 0 +++ [pid 7062] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] rt_sigprocmask(SIG_SETMASK, [], [pid 7072] <... ioctl resumed>) = 0 [pid 7062] <... futex resumed>) = 0 [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7067, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=47 /* 0.47 s */} --- [pid 7085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] close(3 [pid 7062] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7085] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7061] <... futex resumed>) = 0 [pid 7061] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7062] <... futex resumed>) = 0 [pid 7061] <... futex resumed>) = 1 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7062] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5867] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7061] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... openat resumed>) = 3 [ 218.749000][ T7072] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 218.749021][ T7072] [ 218.749043][ T7072] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 219.076642][ T7072] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./61/file0") = 0 [pid 5867] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./61/binderfs") = 0 [pid 5867] umount2("./61/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./61/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./61/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./61") = 0 [pid 5867] mkdir("./62", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 7061] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7086 attached , child_tidptr=0x55558d547750) = 7086 [pid 7086] set_robust_list(0x55558d547760, 24) = 0 [pid 7086] chdir("./62") = 0 [pid 7086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7086] setpgid(0, 0) = 0 [pid 7086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7086] write(3, "1000", 4) = 4 [pid 7086] close(3) = 0 [pid 7086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7086] write(1, "executing program\n", 18executing program ) = 18 [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7086] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7087 attached => {parent_tid=[7087]}, 88) = 7087 [pid 7086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7086] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7087] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7087] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7087] memfd_create("syzkaller", 0) = 3 [pid 7087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7072] <... close resumed>) = 0 [pid 7072] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] <... futex resumed>) = 0 [pid 7072] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7071] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7072] openat(AT_FDCWD, ".", O_RDONLY [pid 7071] <... futex resumed>) = 0 [pid 7072] <... openat resumed>) = 3 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] <... futex resumed>) = 0 [pid 7072] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7071] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7071] <... futex resumed>) = 0 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] <... ioctl resumed>) = 0 [pid 7072] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] <... futex resumed>) = 0 [pid 7072] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7071] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7071] <... futex resumed>) = 0 [pid 7072] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] <... openat resumed>) = 4 [pid 7072] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7071] <... futex resumed>) = 0 [pid 7072] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7071] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7071] <... futex resumed>) = 0 [pid 7072] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7071] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7061] exit_group(0) = ? [pid 7085] <... futex resumed>) = ? [pid 7062] <... write resumed>) = ? [pid 7085] +++ exited with 0 +++ [pid 7083] <... write resumed>) = 16777216 [pid 7083] munmap(0x7fb469000000, 138412032 [pid 7071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7062] +++ exited with 0 +++ [pid 7061] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7061, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=87 /* 0.87 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./59/file0") = 0 [pid 5869] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./59/binderfs") = 0 [pid 5869] umount2("./59/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./59/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5836800, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./59/cpuset.effective_mems" [pid 7083] <... munmap resumed>) = 0 [pid 7083] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7083] close(3) = 0 [pid 7083] close(4) = 0 [pid 7083] mkdir("./file0", 0777) = 0 [pid 7083] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./59") = 0 [ 219.470655][ T7083] loop1: detected capacity change from 0 to 32768 [ 219.504191][ T7083] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 5869] mkdir("./60", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7090 attached [pid 7090] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7090 [pid 7090] <... set_robust_list resumed>) = 0 [pid 7090] chdir("./60") = 0 [pid 7090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7090] setpgid(0, 0) = 0 [pid 7090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7090] write(3, "1000", 4) = 4 [pid 7090] close(3) = 0 [pid 7090] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7090] write(1, "executing program\n", 18) = 18 [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7090] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 219.518210][ T7083] CPU: 1 UID: 0 PID: 7083 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 219.518242][ T7083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 219.518256][ T7083] Call Trace: [ 219.518264][ T7083] [ 219.518273][ T7083] dump_stack_lvl+0x189/0x250 [ 219.518303][ T7083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.518325][ T7083] ? __pfx__printk+0x10/0x10 [pid 7090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7091 attached => {parent_tid=[7091]}, 88) = 7091 [pid 7091] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], [pid 7091] <... rseq resumed>) = 0 [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] set_robust_list(0x7fb4715169a0, 24 [pid 7090] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... set_robust_list resumed>) = 0 [pid 7090] <... futex resumed>) = 0 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] memfd_create("syzkaller", 0) = 3 [ 219.518351][ T7083] ? kernfs_root+0x1c/0x230 [ 219.518374][ T7083] ? kernfs_path_from_node+0x250/0x290 [ 219.518395][ T7083] ? kernfs_path_from_node+0x2f/0x290 [ 219.518417][ T7083] sysfs_create_dir_ns+0x259/0x280 [ 219.518439][ T7083] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 219.518460][ T7083] ? do_raw_spin_unlock+0x122/0x240 [ 219.518486][ T7083] kobject_add_internal+0x59f/0xb40 [ 219.518513][ T7083] kobject_init_and_add+0x125/0x190 [ 219.518537][ T7083] ? __pfx_kobject_init_and_add+0x10/0x10 [ 219.518560][ T7083] ? __raw_spin_lock_init+0x45/0x100 [pid 7091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 219.518587][ T7083] ? __init_swait_queue_head+0xa9/0x150 [ 219.518614][ T7083] gfs2_sys_fs_add+0x234/0x450 [ 219.518638][ T7083] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 219.518663][ T7083] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 219.518697][ T7083] gfs2_fill_super+0x13c0/0x20d0 [ 219.518734][ T7083] ? __pfx_gfs2_fill_super+0x10/0x10 [ 219.518764][ T7083] ? sb_set_blocksize+0x104/0x180 [ 219.518795][ T7083] ? setup_bdev_super+0x4c1/0x5b0 [ 219.518825][ T7083] get_tree_bdev_flags+0x40b/0x4d0 [pid 7087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7071] exit_group(0) = ? [ 219.518855][ T7083] ? __pfx_gfs2_fill_super+0x10/0x10 [ 219.518882][ T7083] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 219.518917][ T7083] gfs2_get_tree+0x51/0x1e0 [ 219.518944][ T7083] vfs_get_tree+0x8f/0x2b0 [ 219.518972][ T7083] do_new_mount+0x2a2/0xa30 [ 219.519005][ T7083] ? ns_capable+0x8a/0xf0 [ 219.519025][ T7083] ? __pfx_do_new_mount+0x10/0x10 [ 219.519055][ T7083] ? path_mount+0x61c/0xfe0 [ 219.519092][ T7083] ? user_path_at+0x44/0x60 [ 219.519121][ T7083] __se_sys_mount+0x317/0x410 [ 219.519154][ T7083] ? __pfx___se_sys_mount+0x10/0x10 [ 219.519188][ T7083] ? __x64_sys_mount+0x20/0xc0 [ 219.519219][ T7083] do_syscall_64+0xfa/0x3b0 [ 219.519238][ T7083] ? rcu_is_watching+0x15/0xb0 [ 219.519258][ T7083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.519276][ T7083] ? clear_bhb_loop+0x60/0xb0 [ 219.519298][ T7083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.519319][ T7083] RIP: 0033:0x7fb47156b94a [ 219.519337][ T7083] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 219.519356][ T7083] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 219.519380][ T7083] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 219.519395][ T7083] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 219.519411][ T7083] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 219.519425][ T7083] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7072] <... write resumed>) = ? [ 219.519439][ T7083] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 219.519461][ T7083] [ 219.521198][ T7083] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7087] <... write resumed>) = 16777216 [pid 7072] +++ exited with 0 +++ [pid 7071] +++ exited with 0 +++ [pid 7087] munmap(0x7fb469000000, 138412032 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7071, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=76 /* 0.76 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./61/file0") = 0 [pid 5870] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./61/binderfs") = 0 [pid 5870] umount2("./61/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./61/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5541888, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./61/cpuset.effective_mems" [pid 7087] <... munmap resumed>) = 0 [pid 7083] <... mount resumed>) = -1 EEXIST (File exists) [pid 7087] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7083] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7087] <... openat resumed>) = 4 [pid 7083] <... openat resumed>) = 3 [pid 7087] ioctl(4, LOOP_SET_FD, 3 [pid 7083] ioctl(3, LOOP_CLR_FD) = 0 [ 219.909651][ T7083] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7083] close(3 [pid 7087] <... ioctl resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7087] close(3) = 0 [pid 7087] close(4) = 0 [pid 7087] mkdir("./file0", 0777) = 0 [pid 7087] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./61") = 0 [pid 5870] mkdir("./62", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7093 attached , child_tidptr=0x55558d547750) = 7093 [pid 7093] set_robust_list(0x55558d547760, 24 [ 219.968336][ T7087] loop0: detected capacity change from 0 to 32768 [ 220.004411][ T7087] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7093] <... set_robust_list resumed>) = 0 [ 220.028754][ T7087] CPU: 1 UID: 0 PID: 7087 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 220.028785][ T7087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 220.028798][ T7087] Call Trace: [ 220.028807][ T7087] [ 220.028816][ T7087] dump_stack_lvl+0x189/0x250 [ 220.028857][ T7087] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.028882][ T7087] ? __pfx__printk+0x10/0x10 [ 220.028908][ T7087] ? kernfs_root+0x1c/0x230 [ 220.028932][ T7087] ? kernfs_path_from_node+0x250/0x290 [ 220.028954][ T7087] ? kernfs_path_from_node+0x2f/0x290 [ 220.028979][ T7087] sysfs_create_dir_ns+0x259/0x280 [ 220.029003][ T7087] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 220.029025][ T7087] ? do_raw_spin_unlock+0x122/0x240 [ 220.029052][ T7087] kobject_add_internal+0x59f/0xb40 [ 220.029079][ T7087] kobject_init_and_add+0x125/0x190 [ 220.029104][ T7087] ? __pfx_kobject_init_and_add+0x10/0x10 [ 220.029143][ T7087] ? __raw_spin_lock_init+0x45/0x100 [ 220.029169][ T7087] ? __init_swait_queue_head+0xa9/0x150 [ 220.029194][ T7087] gfs2_sys_fs_add+0x234/0x450 [ 220.029216][ T7087] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 220.029240][ T7087] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 220.029274][ T7087] gfs2_fill_super+0x13c0/0x20d0 [ 220.029307][ T7087] ? __pfx_gfs2_fill_super+0x10/0x10 [ 220.029335][ T7087] ? sb_set_blocksize+0x104/0x180 [ 220.029364][ T7087] ? setup_bdev_super+0x4c1/0x5b0 [ 220.029393][ T7087] get_tree_bdev_flags+0x40b/0x4d0 [ 220.029422][ T7087] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7083] <... close resumed>) = 0 [pid 7083] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] <... futex resumed>) = 0 [pid 7081] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] <... futex resumed>) = 1 [pid 7083] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7083] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7081] <... futex resumed>) = 0 [pid 7081] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 220.029448][ T7087] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 220.029481][ T7087] gfs2_get_tree+0x51/0x1e0 [ 220.029507][ T7087] vfs_get_tree+0x8f/0x2b0 [ 220.029537][ T7087] do_new_mount+0x2a2/0xa30 [ 220.029568][ T7087] ? ns_capable+0x8a/0xf0 [ 220.029588][ T7087] ? __pfx_do_new_mount+0x10/0x10 [ 220.029618][ T7087] ? path_mount+0x61c/0xfe0 [ 220.029646][ T7087] ? user_path_at+0x44/0x60 [ 220.029674][ T7087] __se_sys_mount+0x317/0x410 [ 220.029708][ T7087] ? __pfx___se_sys_mount+0x10/0x10 [pid 7083] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7093] chdir("./62") = 0 [pid 7093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7093] setpgid(0, 0 [pid 7081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7093] <... setpgid resumed>) = 0 [pid 7081] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7081] <... futex resumed>) = 0 [pid 7093] <... openat resumed>) = 3 [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7093] write(3, "1000", 4 [pid 7081] <... mmap resumed>) = 0x7fb4714d5000 [pid 7093] <... write resumed>) = 4 [pid 7081] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7093] close(3 [pid 7081] <... mprotect resumed>) = 0 [pid 7093] <... close resumed>) = 0 [pid 7081] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7093] symlink("/dev/binderfs", "./binderfs" [pid 7081] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7093] <... symlink resumed>) = 0 [pid 7081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}executing program [pid 7093] write(1, "executing program\n", 18) = 18 [pid 7081] <... clone3 resumed> => {parent_tid=[7095]}, 88) = 7095 [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], [pid 7093] <... futex resumed>) = 0 [pid 7081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7093] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7081] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7081] <... futex resumed>) = 0 [pid 7093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7081] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7093] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7096]}, 88) = 7096 [pid 7093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7093] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.029737][ T7087] ? rcu_is_watching+0x15/0xb0 [ 220.029761][ T7087] ? __x64_sys_mount+0x20/0xc0 [ 220.029793][ T7087] do_syscall_64+0xfa/0x3b0 [ 220.029815][ T7087] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.029843][ T7087] ? clear_bhb_loop+0x60/0xb0 [ 220.029866][ T7087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.029886][ T7087] RIP: 0033:0x7fb47156b94a [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7081] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7081] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7081] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7097]}, 88) = 7097 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7081] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7081] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7097 attached [pid 7097] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7097] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7097] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7097] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7081] <... futex resumed>) = 0 [ 220.029904][ T7087] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 220.029923][ T7087] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 220.029946][ T7087] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 220.029961][ T7087] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 220.029976][ T7087] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 220.029991][ T7087] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7097] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7096 attached ./strace-static-x86_64: Process 7095 attached [pid 7096] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7096] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7096] memfd_create("syzkaller", 0) = 3 [pid 7096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7095] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7095] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7095] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7091] <... write resumed>) = 16777216 [pid 7083] <... ioctl resumed>) = 0 [pid 7095] <... openat resumed>) = 4 [pid 7091] munmap(0x7fb469000000, 138412032 [pid 7083] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... futex resumed>) = 0 [pid 7095] <... futex resumed>) = 0 [pid 7095] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] exit_group(0 [pid 7083] <... futex resumed>) = ? [pid 7081] <... exit_group resumed>) = ? [pid 7095] <... futex resumed>) = ? [pid 7097] <... futex resumed>) = ? [pid 7083] +++ exited with 0 +++ [pid 7097] +++ exited with 0 +++ [pid 7095] +++ exited with 0 +++ [pid 7087] <... mount resumed>) = -1 EEXIST (File exists) [pid 7087] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7081] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7081, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=65 /* 0.65 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7087] <... openat resumed>) = 3 [pid 7087] ioctl(3, LOOP_CLR_FD) = 0 [pid 7087] close(3 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./63/file0") = 0 [pid 5868] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./63/binderfs") = 0 [pid 5868] umount2("./63/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./63/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./63/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./63") = 0 [pid 5868] mkdir("./64", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7098 attached , child_tidptr=0x55558d547750) = 7098 [pid 7098] set_robust_list(0x55558d547760, 24) = 0 [pid 7098] chdir("./64") = 0 [pid 7098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7098] setpgid(0, 0) = 0 [ 220.030004][ T7087] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 220.030025][ T7087] [ 220.030046][ T7087] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 220.353059][ T7087] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7098] write(3, "1000", 4) = 4 [pid 7098] close(3) = 0 [pid 7098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7098] write(1, "executing program\n", 18) = 18 [pid 7098] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7098] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7098] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7099 attached => {parent_tid=[7099]}, 88) = 7099 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], [pid 7099] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7099] <... rseq resumed>) = 0 [pid 7098] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] set_robust_list(0x7fb4715169a0, 24 [pid 7098] <... futex resumed>) = 0 [pid 7099] <... set_robust_list resumed>) = 0 [pid 7098] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7099] memfd_create("syzkaller", 0) = 3 [pid 7099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7091] <... munmap resumed>) = 0 [pid 7091] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7091] close(3) = 0 [pid 7091] close(4) = 0 [ 220.449486][ T7091] loop2: detected capacity change from 0 to 32768 [ 220.466856][ T7091] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 220.474386][ T7091] CPU: 1 UID: 0 PID: 7091 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 220.474417][ T7091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 220.474431][ T7091] Call Trace: [ 220.474440][ T7091] [ 220.474448][ T7091] dump_stack_lvl+0x189/0x250 [ 220.474479][ T7091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.474504][ T7091] ? __pfx__printk+0x10/0x10 [ 220.474530][ T7091] ? kernfs_root+0x1c/0x230 [ 220.474555][ T7091] ? kernfs_path_from_node+0x250/0x290 [ 220.474577][ T7091] ? kernfs_path_from_node+0x2f/0x290 [ 220.474602][ T7091] sysfs_create_dir_ns+0x259/0x280 [ 220.474624][ T7091] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 220.474646][ T7091] ? do_raw_spin_unlock+0x122/0x240 [ 220.474674][ T7091] kobject_add_internal+0x59f/0xb40 [ 220.474702][ T7091] kobject_init_and_add+0x125/0x190 [ 220.474727][ T7091] ? __pfx_kobject_init_and_add+0x10/0x10 [ 220.474750][ T7091] ? __raw_spin_lock_init+0x45/0x100 [ 220.474775][ T7091] ? __init_swait_queue_head+0xa9/0x150 [ 220.474802][ T7091] gfs2_sys_fs_add+0x234/0x450 [ 220.474822][ T7091] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 220.474846][ T7091] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 220.474880][ T7091] gfs2_fill_super+0x13c0/0x20d0 [ 220.474916][ T7091] ? __pfx_gfs2_fill_super+0x10/0x10 [ 220.474944][ T7091] ? sb_set_blocksize+0x104/0x180 [ 220.474973][ T7091] ? setup_bdev_super+0x4c1/0x5b0 [ 220.475002][ T7091] get_tree_bdev_flags+0x40b/0x4d0 [ 220.475030][ T7091] ? __pfx_gfs2_fill_super+0x10/0x10 [ 220.475056][ T7091] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 220.475098][ T7091] gfs2_get_tree+0x51/0x1e0 [ 220.475131][ T7091] vfs_get_tree+0x8f/0x2b0 [ 220.475158][ T7091] do_new_mount+0x2a2/0xa30 [ 220.475190][ T7091] ? ns_capable+0x8a/0xf0 [ 220.475209][ T7091] ? __pfx_do_new_mount+0x10/0x10 [ 220.475237][ T7091] ? path_mount+0x61c/0xfe0 [ 220.475265][ T7091] ? user_path_at+0x44/0x60 [ 220.475291][ T7091] __se_sys_mount+0x317/0x410 [ 220.475323][ T7091] ? __pfx___se_sys_mount+0x10/0x10 [ 220.475352][ T7091] ? rcu_is_watching+0x15/0xb0 [ 220.475375][ T7091] ? __x64_sys_mount+0x20/0xc0 [ 220.475407][ T7091] do_syscall_64+0xfa/0x3b0 [ 220.475427][ T7091] ? rcu_is_watching+0x15/0xb0 [ 220.475447][ T7091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.475466][ T7091] ? clear_bhb_loop+0x60/0xb0 [ 220.475489][ T7091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.475508][ T7091] RIP: 0033:0x7fb47156b94a [ 220.475527][ T7091] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 220.475545][ T7091] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 220.475567][ T7091] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 7091] mkdir("./file0", 0777) = 0 [ 220.475583][ T7091] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 220.475598][ T7091] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 220.475613][ T7091] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 220.475626][ T7091] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 220.475648][ T7091] [ 220.782982][ T7091] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7091] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7087] <... close resumed>) = 0 [pid 7087] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... mount resumed>) = -1 EEXIST (File exists) [pid 7086] <... futex resumed>) = 0 [pid 7091] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7087] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7086] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] ioctl(3, LOOP_CLR_FD [pid 7087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7086] <... futex resumed>) = 0 [pid 7091] <... ioctl resumed>) = 0 [pid 7087] openat(AT_FDCWD, ".", O_RDONLY [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7091] close(3) = 0 [pid 7091] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] <... openat resumed>) = 3 [pid 7090] <... futex resumed>) = 0 [pid 7090] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7091] <... futex resumed>) = 1 [pid 7091] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7091] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... futex resumed>) = 0 [pid 7090] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7091] <... futex resumed>) = 1 [pid 7091] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7087] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7086] <... futex resumed>) = 0 [pid 7086] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 220.796963][ T7091] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7087] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7090] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7090] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7102]}, 88) = 7102 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7090] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7102 attached [pid 7102] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7102] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7102] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7086] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... ioctl resumed>) = 0 [pid 7086] <... futex resumed>) = 0 [pid 7086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7091] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... mmap resumed>) = 0x7fb4714d5000 [pid 7086] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7086] <... mprotect resumed>) = 0 [pid 7102] <... openat resumed>) = 4 [pid 7102] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7090] <... futex resumed>) = 0 [pid 7090] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... futex resumed>) = 0 [pid 7090] <... futex resumed>) = 1 [pid 7091] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7090] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7102] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7103]}, 88) = 7103 [pid 7086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7086] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7103 attached [pid 7103] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7103] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7103] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7103] <... openat resumed>) = 4 [pid 7087] <... ioctl resumed>) = 0 [pid 7103] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 1 [pid 7087] <... futex resumed>) = 0 [pid 7086] <... futex resumed>) = 0 [pid 7087] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7086] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7086] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7103] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7096] <... write resumed>) = 16777216 [pid 7096] munmap(0x7fb469000000, 138412032 [pid 7090] exit_group(0 [pid 7102] <... futex resumed>) = ? [pid 7090] <... exit_group resumed>) = ? [pid 7102] +++ exited with 0 +++ [pid 7091] <... write resumed>) = ? [pid 7091] +++ exited with 0 +++ [pid 7090] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7090, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=31 /* 0.31 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7096] <... munmap resumed>) = 0 [pid 7096] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7096] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./60/file0") = 0 [pid 5869] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./60/binderfs") = 0 [pid 5869] umount2("./60/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./60/cpuset.effective_mems", [pid 7096] <... ioctl resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=2858944, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7096] close(3 [pid 5869] unlink("./60/cpuset.effective_mems" [pid 7096] <... close resumed>) = 0 [pid 7096] close(4) = 0 [pid 7096] mkdir("./file0", 0777) = 0 [pid 7096] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7086] exit_group(0 [pid 7103] <... futex resumed>) = ? [pid 7086] <... exit_group resumed>) = ? [pid 7103] +++ exited with 0 +++ [pid 7087] <... write resumed>) = ? [ 221.167894][ T7096] loop3: detected capacity change from 0 to 32768 [pid 7087] +++ exited with 0 +++ [pid 7086] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7086, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=82 /* 0.82 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 221.221022][ T7096] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 221.243307][ T7096] CPU: 0 UID: 0 PID: 7096 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 221.243338][ T7096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 221.243351][ T7096] Call Trace: [pid 5867] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./62/file0") = 0 [pid 5867] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./62/binderfs") = 0 [pid 5867] umount2("./62/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./62/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5636096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./62/cpuset.effective_mems" [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./60") = 0 [pid 5869] mkdir("./61", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7106 [ 221.243359][ T7096] [ 221.243368][ T7096] dump_stack_lvl+0x189/0x250 [ 221.243400][ T7096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.243422][ T7096] ? __pfx__printk+0x10/0x10 [ 221.243447][ T7096] ? kernfs_root+0x1c/0x230 [ 221.243471][ T7096] ? kernfs_path_from_node+0x250/0x290 [ 221.243493][ T7096] ? kernfs_path_from_node+0x2f/0x290 [ 221.243517][ T7096] sysfs_create_dir_ns+0x259/0x280 [ 221.243561][ T7096] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 221.243584][ T7096] ? do_raw_spin_unlock+0x122/0x240 [pid 7099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216./strace-static-x86_64: Process 7106 attached [pid 7106] set_robust_list(0x55558d547760, 24) = 0 [pid 7106] chdir("./61") = 0 [pid 7106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7106] setpgid(0, 0) = 0 [pid 7106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7106] write(3, "1000", 4executing program ) = 4 [pid 7106] close(3) = 0 [pid 7106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7106] write(1, "executing program\n", 18) = 18 [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7106] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7106] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 221.243612][ T7096] kobject_add_internal+0x59f/0xb40 [ 221.243641][ T7096] kobject_init_and_add+0x125/0x190 [ 221.243666][ T7096] ? __pfx_kobject_init_and_add+0x10/0x10 [ 221.243689][ T7096] ? __raw_spin_lock_init+0x45/0x100 [ 221.243715][ T7096] ? __init_swait_queue_head+0xa9/0x150 [ 221.243741][ T7096] gfs2_sys_fs_add+0x234/0x450 [ 221.243764][ T7096] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 221.243788][ T7096] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 221.243822][ T7096] gfs2_fill_super+0x13c0/0x20d0 [pid 7106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7107]}, 88) = 7107 [pid 7106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7106] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 221.243857][ T7096] ? __pfx_gfs2_fill_super+0x10/0x10 [ 221.243885][ T7096] ? sb_set_blocksize+0x104/0x180 [ 221.243913][ T7096] ? setup_bdev_super+0x4c1/0x5b0 [ 221.243944][ T7096] get_tree_bdev_flags+0x40b/0x4d0 [ 221.243972][ T7096] ? __pfx_gfs2_fill_super+0x10/0x10 [ 221.244007][ T7096] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 221.244041][ T7096] gfs2_get_tree+0x51/0x1e0 [ 221.244069][ T7096] vfs_get_tree+0x8f/0x2b0 [ 221.244098][ T7096] do_new_mount+0x2a2/0xa30 [ 221.244131][ T7096] ? ns_capable+0x8a/0xf0 [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./62") = 0 [pid 5867] mkdir("./63", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [ 221.244150][ T7096] ? __pfx_do_new_mount+0x10/0x10 [ 221.244179][ T7096] ? path_mount+0x61c/0xfe0 [ 221.244207][ T7096] ? user_path_at+0x44/0x60 [ 221.244233][ T7096] __se_sys_mount+0x317/0x410 [ 221.244267][ T7096] ? __pfx___se_sys_mount+0x10/0x10 [ 221.244304][ T7096] ? __x64_sys_mount+0x20/0xc0 [ 221.244335][ T7096] do_syscall_64+0xfa/0x3b0 [ 221.244354][ T7096] ? rcu_is_watching+0x15/0xb0 [ 221.244374][ T7096] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.244393][ T7096] ? clear_bhb_loop+0x60/0xb0 [ 221.244416][ T7096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7108 [ 221.244436][ T7096] RIP: 0033:0x7fb47156b94a [ 221.244454][ T7096] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 221.244472][ T7096] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 221.244495][ T7096] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 221.244510][ T7096] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 ./strace-static-x86_64: Process 7107 attached [pid 7107] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7107] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7107] memfd_create("syzkaller", 0) = 3 [pid 7107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 ./strace-static-x86_64: Process 7108 attached [pid 7108] set_robust_list(0x55558d547760, 24) = 0 [pid 7108] chdir("./63") = 0 [pid 7108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7096] <... mount resumed>) = -1 EEXIST (File exists) [pid 7108] setpgid(0, 0 [pid 7096] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7108] <... setpgid resumed>) = 0 [pid 7096] <... openat resumed>) = 3 [pid 7108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7096] ioctl(3, LOOP_CLR_FD [pid 7108] <... openat resumed>) = 3 [pid 7096] <... ioctl resumed>) = 0 [pid 7108] write(3, "1000", 4 [pid 7096] close(3 [pid 7108] <... write resumed>) = 4 [pid 7108] close(3) = 0 [pid 7108] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7108] write(1, "executing program\n", 18) = 18 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7108] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 221.244525][ T7096] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 221.244540][ T7096] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 221.244554][ T7096] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 221.244576][ T7096] [ 221.244664][ T7096] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 221.562400][ T7096] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7109 attached [pid 7109] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7108] <... clone3 resumed> => {parent_tid=[7109]}, 88) = 7109 [pid 7109] <... rseq resumed>) = 0 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] set_robust_list(0x7fb4715169a0, 24 [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] <... set_robust_list resumed>) = 0 [pid 7108] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], [pid 7108] <... futex resumed>) = 0 [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7109] memfd_create("syzkaller", 0) = 3 [pid 7109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7099] <... write resumed>) = 16777216 [pid 7099] munmap(0x7fb469000000, 138412032) = 0 [pid 7099] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7096] <... close resumed>) = 0 [pid 7096] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7093] <... futex resumed>) = 0 [pid 7093] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7096] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = 1 [pid 7096] openat(AT_FDCWD, ".", O_RDONLY [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7096] <... openat resumed>) = 3 [pid 7096] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7093] <... futex resumed>) = 0 [pid 7096] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7093] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7099] close(3 [pid 7096] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7099] <... close resumed>) = 0 [pid 7099] close(4) = 0 [pid 7099] mkdir("./file0", 0777) = 0 [pid 7099] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7096] <... ioctl resumed>) = 0 [pid 7096] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7093] <... futex resumed>) = 0 [pid 7093] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7096] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7096] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7093] <... futex resumed>) = 0 [pid 7093] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 221.735654][ T7099] loop1: detected capacity change from 0 to 32768 [ 221.779314][ T7099] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 221.795528][ T7099] CPU: 0 UID: 0 PID: 7099 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 221.795561][ T7099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 221.795575][ T7099] Call Trace: [ 221.795583][ T7099] [pid 7096] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 221.795593][ T7099] dump_stack_lvl+0x189/0x250 [ 221.795624][ T7099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.795649][ T7099] ? __pfx__printk+0x10/0x10 [ 221.795675][ T7099] ? kernfs_root+0x1c/0x230 [ 221.795708][ T7099] ? kernfs_path_from_node+0x250/0x290 [ 221.795730][ T7099] ? kernfs_path_from_node+0x2f/0x290 [ 221.795753][ T7099] sysfs_create_dir_ns+0x259/0x280 [ 221.795775][ T7099] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 221.795798][ T7099] ? do_raw_spin_unlock+0x122/0x240 [ 221.795824][ T7099] kobject_add_internal+0x59f/0xb40 [ 221.795851][ T7099] kobject_init_and_add+0x125/0x190 [ 221.795876][ T7099] ? __pfx_kobject_init_and_add+0x10/0x10 [ 221.795899][ T7099] ? __raw_spin_lock_init+0x45/0x100 [ 221.795924][ T7099] ? __init_swait_queue_head+0xa9/0x150 [ 221.795950][ T7099] gfs2_sys_fs_add+0x234/0x450 [ 221.795972][ T7099] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 221.795995][ T7099] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 221.796028][ T7099] gfs2_fill_super+0x13c0/0x20d0 [ 221.796060][ T7099] ? __pfx_gfs2_fill_super+0x10/0x10 [ 221.796087][ T7099] ? sb_set_blocksize+0x104/0x180 [ 221.796117][ T7099] ? setup_bdev_super+0x4c1/0x5b0 [ 221.796145][ T7099] get_tree_bdev_flags+0x40b/0x4d0 [ 221.796173][ T7099] ? __pfx_gfs2_fill_super+0x10/0x10 [ 221.796198][ T7099] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 221.796230][ T7099] gfs2_get_tree+0x51/0x1e0 [ 221.796256][ T7099] vfs_get_tree+0x8f/0x2b0 [ 221.796285][ T7099] do_new_mount+0x2a2/0xa30 [ 221.796316][ T7099] ? ns_capable+0x8a/0xf0 [ 221.796334][ T7099] ? __pfx_do_new_mount+0x10/0x10 [ 221.796362][ T7099] ? path_mount+0x61c/0xfe0 [ 221.796389][ T7099] ? user_path_at+0x44/0x60 [ 221.796416][ T7099] __se_sys_mount+0x317/0x410 [ 221.796448][ T7099] ? __pfx___se_sys_mount+0x10/0x10 [ 221.796476][ T7099] ? rcu_is_watching+0x15/0xb0 [ 221.796499][ T7099] ? __x64_sys_mount+0x20/0xc0 [ 221.796529][ T7099] do_syscall_64+0xfa/0x3b0 [ 221.796549][ T7099] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.796569][ T7099] ? clear_bhb_loop+0x60/0xb0 [ 221.796592][ T7099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.796612][ T7099] RIP: 0033:0x7fb47156b94a [ 221.796629][ T7099] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 221.796647][ T7099] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 221.796669][ T7099] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 221.796692][ T7099] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 221.796707][ T7099] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 221.796722][ T7099] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 221.796736][ T7099] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 221.796757][ T7099] [ 221.797754][ T7099] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7107] <... write resumed>) = 16777216 [pid 7107] munmap(0x7fb469000000, 138412032 [pid 7099] <... mount resumed>) = -1 EEXIST (File exists) [pid 7099] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7099] ioctl(3, LOOP_CLR_FD) = 0 [ 222.208443][ T7099] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7099] close(3 [pid 7093] exit_group(0) = ? [pid 7096] <... write resumed>) = ? [pid 7107] <... munmap resumed>) = 0 [pid 7096] +++ exited with 0 +++ [pid 7093] +++ exited with 0 +++ [pid 7107] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7093, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=79 /* 0.79 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7107] <... openat resumed>) = 4 [pid 7107] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./62/file0") = 0 [pid 5870] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./62/binderfs") = 0 [pid 5870] umount2("./62/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./62/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8876032, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./62/cpuset.effective_mems" [pid 7107] <... ioctl resumed>) = 0 [pid 7107] close(3) = 0 [pid 7107] close(4) = 0 [pid 7107] mkdir("./file0", 0777) = 0 [pid 7107] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7099] <... close resumed>) = 0 [pid 7099] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7098] <... futex resumed>) = 0 [pid 7099] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7098] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7098] <... futex resumed>) = 0 [pid 7099] openat(AT_FDCWD, ".", O_RDONLY [pid 7098] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7099] <... openat resumed>) = 3 [pid 7099] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7098] <... futex resumed>) = 0 [pid 7099] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7098] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7098] <... futex resumed>) = 0 [pid 7099] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 222.311239][ T7107] loop2: detected capacity change from 0 to 32768 [pid 7098] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] <... write resumed>) = 16777216 [ 222.369759][ T7107] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 222.386019][ T7107] CPU: 0 UID: 0 PID: 7107 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 222.386052][ T7107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 222.386065][ T7107] Call Trace: [ 222.386073][ T7107] [ 222.386083][ T7107] dump_stack_lvl+0x189/0x250 [ 222.386115][ T7107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.386140][ T7107] ? __pfx__printk+0x10/0x10 [ 222.386167][ T7107] ? kernfs_root+0x1c/0x230 [ 222.386192][ T7107] ? kernfs_path_from_node+0x250/0x290 [ 222.386215][ T7107] ? kernfs_path_from_node+0x2f/0x290 [ 222.386240][ T7107] sysfs_create_dir_ns+0x259/0x280 [ 222.386263][ T7107] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 222.386286][ T7107] ? do_raw_spin_unlock+0x122/0x240 [ 222.386314][ T7107] kobject_add_internal+0x59f/0xb40 [pid 7109] munmap(0x7fb469000000, 138412032 [pid 7098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7098] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7098] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7114]}, 88) = 7114 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7098] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7098] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7114 attached [pid 7114] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7114] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 222.386343][ T7107] kobject_init_and_add+0x125/0x190 [ 222.386368][ T7107] ? __pfx_kobject_init_and_add+0x10/0x10 [ 222.386392][ T7107] ? __raw_spin_lock_init+0x45/0x100 [ 222.386418][ T7107] ? __init_swait_queue_head+0xa9/0x150 [ 222.386443][ T7107] gfs2_sys_fs_add+0x234/0x450 [ 222.386465][ T7107] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 222.386489][ T7107] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 222.386523][ T7107] gfs2_fill_super+0x13c0/0x20d0 [ 222.386557][ T7107] ? __pfx_gfs2_fill_super+0x10/0x10 [ 222.386587][ T7107] ? sb_set_blocksize+0x104/0x180 [pid 7114] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7109] <... munmap resumed>) = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7109] ioctl(4, LOOP_SET_FD, 3 [pid 7114] <... openat resumed>) = 4 [pid 7099] <... ioctl resumed>) = 0 [pid 7098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... unlink resumed>) = 0 [pid 7098] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7114] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... mmap resumed>) = 0x7fb4714b4000 [pid 7114] <... futex resumed>) = 0 [pid 7098] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7114] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7098] <... mprotect resumed>) = 0 [pid 7098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7115]}, 88) = 7115 [ 222.386617][ T7107] ? setup_bdev_super+0x4c1/0x5b0 [ 222.386647][ T7107] get_tree_bdev_flags+0x40b/0x4d0 [ 222.386675][ T7107] ? __pfx_gfs2_fill_super+0x10/0x10 [ 222.386701][ T7107] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 222.386735][ T7107] gfs2_get_tree+0x51/0x1e0 [ 222.386763][ T7107] vfs_get_tree+0x8f/0x2b0 [ 222.386793][ T7107] do_new_mount+0x2a2/0xa30 [ 222.386833][ T7107] ? ns_capable+0x8a/0xf0 [ 222.386853][ T7107] ? __pfx_do_new_mount+0x10/0x10 [ 222.386882][ T7107] ? path_mount+0x61c/0xfe0 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7098] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 222.386910][ T7107] ? user_path_at+0x44/0x60 [ 222.386938][ T7107] __se_sys_mount+0x317/0x410 [ 222.386972][ T7107] ? __pfx___se_sys_mount+0x10/0x10 [ 222.387002][ T7107] ? rcu_is_watching+0x15/0xb0 [ 222.387026][ T7107] ? __x64_sys_mount+0x20/0xc0 [ 222.387058][ T7107] do_syscall_64+0xfa/0x3b0 [ 222.387080][ T7107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.387100][ T7107] ? clear_bhb_loop+0x60/0xb0 [ 222.387123][ T7107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.387144][ T7107] RIP: 0033:0x7fb47156b94a [pid 7098] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7109] <... ioctl resumed>) = 0 [pid 7109] close(3) = 0 [pid 7109] close(4) = 0 [pid 7109] mkdir("./file0", 0777) = 0 [pid 7109] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7099] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 222.387163][ T7107] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 222.387181][ T7107] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 222.387204][ T7107] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 222.387220][ T7107] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 222.387236][ T7107] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7099] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] getdents64(3, ./strace-static-x86_64: Process 7115 attached 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7115] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 5870] close(3 [pid 7115] set_robust_list(0x7fb4714d49a0, 24 [pid 5870] <... close resumed>) = 0 [pid 7115] <... set_robust_list resumed>) = 0 [pid 7115] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] rmdir("./62" [pid 7115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... rmdir resumed>) = 0 [ 222.387251][ T7107] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 222.387265][ T7107] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 222.387286][ T7107] [ 222.387308][ T7107] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 222.527969][ T7109] loop0: detected capacity change from 0 to 32768 [ 222.558900][ T7107] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7115] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7107] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] mkdir("./63", 0777) = 0 [ 222.717154][ T7109] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 222.726204][ T7109] CPU: 0 UID: 0 PID: 7109 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 222.726235][ T7109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 222.726248][ T7109] Call Trace: [ 222.726255][ T7109] [ 222.726264][ T7109] dump_stack_lvl+0x189/0x250 [ 222.726293][ T7109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.726318][ T7109] ? __pfx__printk+0x10/0x10 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7107] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7107] ioctl(3, LOOP_CLR_FD) = 0 [pid 7107] close(3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7118 [ 222.726344][ T7109] ? kernfs_root+0x1c/0x230 [ 222.726367][ T7109] ? kernfs_path_from_node+0x250/0x290 [ 222.726389][ T7109] ? kernfs_path_from_node+0x2f/0x290 [ 222.726413][ T7109] sysfs_create_dir_ns+0x259/0x280 [ 222.726437][ T7109] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 222.726460][ T7109] ? do_raw_spin_unlock+0x122/0x240 [ 222.726488][ T7109] kobject_add_internal+0x59f/0xb40 [ 222.726517][ T7109] kobject_init_and_add+0x125/0x190 [ 222.726542][ T7109] ? __pfx_kobject_init_and_add+0x10/0x10 [ 222.726566][ T7109] ? __raw_spin_lock_init+0x45/0x100 [ 222.726592][ T7109] ? __init_swait_queue_head+0xa9/0x150 [ 222.726617][ T7109] gfs2_sys_fs_add+0x234/0x450 [ 222.726637][ T7109] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 222.726658][ T7109] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 222.726688][ T7109] gfs2_fill_super+0x13c0/0x20d0 [ 222.726721][ T7109] ? __pfx_gfs2_fill_super+0x10/0x10 [ 222.726748][ T7109] ? sb_set_blocksize+0x104/0x180 [ 222.726784][ T7109] ? setup_bdev_super+0x4c1/0x5b0 [ 222.726811][ T7109] get_tree_bdev_flags+0x40b/0x4d0 [pid 7098] exit_group(0 [pid 7114] <... futex resumed>) = ? [pid 7099] <... futex resumed>) = ? [pid 7098] <... exit_group resumed>) = ? [pid 7114] +++ exited with 0 +++ [pid 7099] +++ exited with 0 +++ [pid 7115] <... write resumed>) = ? ./strace-static-x86_64: Process 7118 attached [pid 7118] set_robust_list(0x55558d547760, 24 [pid 7115] +++ exited with 0 +++ [pid 7098] +++ exited with 0 +++ [pid 7118] <... set_robust_list resumed>) = 0 [pid 7118] chdir("./63") = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7098, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=65 /* 0.65 s */} --- [pid 7118] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7118] <... prctl resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7118] setpgid(0, 0) = 0 [pid 7118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7118] write(3, "1000", 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7118] <... write resumed>) = 4 [pid 5868] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7118] close(3 [pid 5868] <... openat resumed>) = 3 [pid 7118] <... close resumed>) = 0 [pid 7118] symlink("/dev/binderfs", "./binderfs" [pid 5868] newfstatat(3, "", [pid 7118] <... symlink resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 222.726839][ T7109] ? __pfx_gfs2_fill_super+0x10/0x10 [ 222.726865][ T7109] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 222.726896][ T7109] gfs2_get_tree+0x51/0x1e0 [ 222.726922][ T7109] vfs_get_tree+0x8f/0x2b0 [ 222.726951][ T7109] do_new_mount+0x2a2/0xa30 [ 222.726983][ T7109] ? ns_capable+0x8a/0xf0 [ 222.727003][ T7109] ? __pfx_do_new_mount+0x10/0x10 [ 222.727033][ T7109] ? path_mount+0x61c/0xfe0 [ 222.727060][ T7109] ? user_path_at+0x44/0x60 [ 222.727086][ T7109] __se_sys_mount+0x317/0x410 [pid 7118] write(1, "executing program\n", 18executing program [pid 7107] <... close resumed>) = 0 [pid 5868] getdents64(3, [pid 7118] <... write resumed>) = 18 [pid 7107] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = 1 [pid 7106] <... futex resumed>) = 0 [pid 5868] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7118] <... futex resumed>) = 0 [pid 7107] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7118] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./64/file0", [pid 7118] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7107] openat(AT_FDCWD, ".", O_RDONLY [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7107] <... openat resumed>) = 3 [pid 5868] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7107] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7118] <... mmap resumed>) = 0x7fb4714f6000 [pid 7107] <... futex resumed>) = 1 [pid 7106] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 7118] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7106] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(4, "", [pid 7118] <... mprotect resumed>) = 0 [pid 7107] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7106] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(4, [pid 7118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7119]}, 88) = 7119 [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] getdents64(4, [pid 7118] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... ioctl resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7118] <... futex resumed>) = 0 [pid 7107] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(4 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7107] <... futex resumed>) = 1 [pid 7106] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7107] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 222.727118][ T7109] ? __pfx___se_sys_mount+0x10/0x10 [ 222.727145][ T7109] ? rcu_is_watching+0x15/0xb0 [ 222.727168][ T7109] ? __x64_sys_mount+0x20/0xc0 [ 222.727198][ T7109] do_syscall_64+0xfa/0x3b0 [ 222.727220][ T7109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.727241][ T7109] ? clear_bhb_loop+0x60/0xb0 [ 222.727264][ T7109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.727285][ T7109] RIP: 0033:0x7fb47156b94a [pid 5868] rmdir("./64/file0" [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7107] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7107] <... openat resumed>) = 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./64/binderfs" [pid 7107] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... unlink resumed>) = 0 [pid 7107] <... futex resumed>) = 1 [pid 7106] <... futex resumed>) = 0 [pid 5868] umount2("./64/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7107] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7106] <... futex resumed>) = 0 [ 222.727304][ T7109] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 222.727320][ T7109] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 222.727341][ T7109] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 222.727356][ T7109] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 222.727369][ T7109] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 222.727383][ T7109] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5868] newfstatat(AT_FDCWD, "./64/cpuset.effective_mems", executing program [pid 7107] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7106] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=1650688, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./64/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./64") = 0 [pid 5868] mkdir("./65", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7120 ./strace-static-x86_64: Process 7120 attached [pid 7120] set_robust_list(0x55558d547760, 24) = 0 [pid 7120] chdir("./65") = 0 [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7120] setpgid(0, 0) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7120] write(3, "1000", 4) = 4 [pid 7120] close(3) = 0 [pid 7120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7120] write(1, "executing program\n", 18) = 18 [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7120] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 7119 attached [], 8) = 0 [pid 7109] <... mount resumed>) = -1 EEXIST (File exists) [pid 7120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7119] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7119] set_robust_list(0x7fb4715169a0, 24 [pid 7109] <... openat resumed>) = 3 [pid 7119] <... set_robust_list resumed>) = 0 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] ioctl(3, LOOP_CLR_FD [pid 7119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7119] memfd_create("syzkaller", 0 [pid 7109] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7121 attached [pid 7119] <... memfd_create resumed>) = 3 [pid 7109] close(3 [pid 7121] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7120] <... clone3 resumed> => {parent_tid=[7121]}, 88) = 7121 [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7121] <... rseq resumed>) = 0 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], [pid 7119] <... mmap resumed>) = 0x7fb469000000 [pid 7121] set_robust_list(0x7fb4715169a0, 24 [pid 7120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7121] <... set_robust_list resumed>) = 0 [pid 7120] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], [pid 7120] <... futex resumed>) = 0 [pid 7121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7121] memfd_create("syzkaller", 0) = 3 [ 222.727397][ T7109] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 222.727417][ T7109] [ 222.727441][ T7109] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 223.044393][ T7109] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7109] <... close resumed>) = 0 [pid 7109] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7108] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7109] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7109] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7108] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] <... ioctl resumed>) = 0 [pid 7109] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7108] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7109] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] <... futex resumed>) = 0 [pid 7108] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] <... futex resumed>) = 1 [pid 7109] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7108] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7108] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7106] exit_group(0 [pid 7107] <... write resumed>) = ? [pid 7106] <... exit_group resumed>) = ? [pid 7107] +++ exited with 0 +++ [pid 7106] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7106, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=84 /* 0.84 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./61/file0") = 0 [pid 5869] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./61/binderfs") = 0 [pid 5869] umount2("./61/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./61/cpuset.effective_mems", [pid 7119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=9580544, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./61/cpuset.effective_mems" [pid 7121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./61") = 0 [pid 5869] mkdir("./62", 0777executing program ) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7122 attached , child_tidptr=0x55558d547750) = 7122 [pid 7122] set_robust_list(0x55558d547760, 24) = 0 [pid 7122] chdir("./62") = 0 [pid 7122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7122] setpgid(0, 0) = 0 [pid 7122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7122] write(3, "1000", 4) = 4 [pid 7122] close(3) = 0 [pid 7122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7122] write(1, "executing program\n", 18) = 18 [pid 7122] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7122] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7123]}, 88) = 7123 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7122] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7123 attached [pid 7122] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7123] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7123] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7123] memfd_create("syzkaller", 0) = 3 [pid 7123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7108] exit_group(0) = ? [pid 7121] <... write resumed>) = 16777216 [pid 7109] <... write resumed>) = ? [pid 7109] +++ exited with 0 +++ [pid 7108] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7108, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=83 /* 0.83 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./63/file0" [pid 7119] <... write resumed>) = 16777216 [pid 5867] <... rmdir resumed>) = 0 [pid 7121] munmap(0x7fb469000000, 138412032 [pid 7119] munmap(0x7fb469000000, 138412032 [pid 5867] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./63/binderfs") = 0 [pid 5867] umount2("./63/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./63/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6823936, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./63/cpuset.effective_mems" [pid 7121] <... munmap resumed>) = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7121] ioctl(4, LOOP_SET_FD, 3 [pid 7119] <... munmap resumed>) = 0 [pid 7121] <... ioctl resumed>) = 0 [pid 5867] <... unlink resumed>) = 0 [pid 7121] close(3 [pid 7119] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] getdents64(3, [pid 7119] <... openat resumed>) = 4 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7119] ioctl(4, LOOP_SET_FD, 3 [pid 5867] close(3 [pid 7121] <... close resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5867] rmdir("./63" [pid 7121] close(4) = 0 [pid 7121] mkdir("./file0", 0777) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 7121] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5867] mkdir("./64", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7125 [pid 7119] <... ioctl resumed>) = 0 [pid 7119] close(3) = 0 [pid 7119] close(4) = 0 [pid 7119] mkdir("./file0", 0777) = 0 [pid 7119] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade,"./strace-static-x86_64: Process 7125 attached [ 223.708225][ T7121] loop1: detected capacity change from 0 to 32768 [ 223.723398][ T7119] loop3: detected capacity change from 0 to 32768 [ 223.756709][ T7121] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 223.765300][ T7119] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 223.766242][ T7121] CPU: 0 UID: 0 PID: 7121 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 223.766275][ T7121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 223.766292][ T7121] Call Trace: [ 223.766301][ T7121] [ 223.766311][ T7121] dump_stack_lvl+0x189/0x250 [ 223.766349][ T7121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.766377][ T7121] ? __pfx__printk+0x10/0x10 [ 223.766407][ T7121] ? kernfs_root+0x1c/0x230 [ 223.766434][ T7121] ? kernfs_path_from_node+0x250/0x290 [ 223.766459][ T7121] ? kernfs_path_from_node+0x2f/0x290 [ 223.766485][ T7121] sysfs_create_dir_ns+0x259/0x280 [ 223.766512][ T7121] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 223.766538][ T7121] ? do_raw_spin_unlock+0x122/0x240 [ 223.766571][ T7121] kobject_add_internal+0x59f/0xb40 [pid 7125] set_robust_list(0x55558d547760, 24) = 0 [pid 7125] chdir("./64") = 0 [pid 7125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7125] setpgid(0, 0) = 0 [pid 7125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7125] write(3, "1000", 4) = 4 [pid 7125] close(3) = 0 executing program [pid 7125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7125] write(1, "executing program\n", 18) = 18 [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7125] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 223.766602][ T7121] kobject_init_and_add+0x125/0x190 [ 223.766630][ T7121] ? __pfx_kobject_init_and_add+0x10/0x10 [ 223.766657][ T7121] ? __raw_spin_lock_init+0x45/0x100 [ 223.766696][ T7121] ? __init_swait_queue_head+0xa9/0x150 [ 223.766725][ T7121] gfs2_sys_fs_add+0x234/0x450 [ 223.766750][ T7121] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 223.766777][ T7121] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 223.766814][ T7121] gfs2_fill_super+0x13c0/0x20d0 [ 223.766854][ T7121] ? __pfx_gfs2_fill_super+0x10/0x10 [ 223.766887][ T7121] ? sb_set_blocksize+0x104/0x180 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7129]}, 88) = 7129 ./strace-static-x86_64: Process 7129 attached [pid 7125] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... rseq resumed>) = 0 [pid 7125] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] set_robust_list(0x7fb4715169a0, 24 [pid 7125] <... futex resumed>) = 0 [pid 7129] <... set_robust_list resumed>) = 0 [ 223.766925][ T7121] ? setup_bdev_super+0x4c1/0x5b0 [ 223.766959][ T7121] get_tree_bdev_flags+0x40b/0x4d0 [ 223.766989][ T7121] ? __pfx_gfs2_fill_super+0x10/0x10 [ 223.767020][ T7121] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 223.767057][ T7121] gfs2_get_tree+0x51/0x1e0 [ 223.767088][ T7121] vfs_get_tree+0x8f/0x2b0 [ 223.767131][ T7121] do_new_mount+0x2a2/0xa30 [ 223.767167][ T7121] ? ns_capable+0x8a/0xf0 [ 223.767187][ T7121] ? __pfx_do_new_mount+0x10/0x10 [ 223.767219][ T7121] ? path_mount+0x61c/0xfe0 [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7129] memfd_create("syzkaller", 0) = 3 [pid 7129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 223.767248][ T7121] ? user_path_at+0x44/0x60 [ 223.767278][ T7121] __se_sys_mount+0x317/0x410 [ 223.767315][ T7121] ? __pfx___se_sys_mount+0x10/0x10 [ 223.767346][ T7121] ? rcu_is_watching+0x15/0xb0 [ 223.767371][ T7121] ? __x64_sys_mount+0x20/0xc0 [ 223.767406][ T7121] do_syscall_64+0xfa/0x3b0 [ 223.767427][ T7121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.767450][ T7121] ? clear_bhb_loop+0x60/0xb0 [ 223.767475][ T7121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.767496][ T7121] RIP: 0033:0x7fb47156b94a [ 223.767518][ T7121] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 223.767537][ T7121] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 223.767563][ T7121] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 223.767581][ T7121] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 223.767598][ T7121] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 223.767615][ T7121] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 223.767630][ T7121] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 223.767653][ T7121] [ 223.767683][ T7121] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 223.791496][ T7119] CPU: 1 UID: 0 PID: 7119 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 7121] <... mount resumed>) = -1 EEXIST (File exists) [pid 7121] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 223.791535][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 223.791549][ T7119] Call Trace: [ 223.791558][ T7119] [ 223.791568][ T7119] dump_stack_lvl+0x189/0x250 [ 223.791603][ T7119] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.791648][ T7119] ? __pfx__printk+0x10/0x10 [ 223.791678][ T7119] ? kernfs_root+0x1c/0x230 [ 223.791707][ T7119] ? kernfs_path_from_node+0x250/0x290 [ 223.791733][ T7119] ? kernfs_path_from_node+0x2f/0x290 [ 223.791762][ T7119] sysfs_create_dir_ns+0x259/0x280 [pid 7121] ioctl(3, LOOP_CLR_FD) = 0 [ 223.791789][ T7119] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 223.791816][ T7119] ? do_raw_spin_unlock+0x122/0x240 [ 223.791849][ T7119] kobject_add_internal+0x59f/0xb40 [ 223.791882][ T7119] kobject_init_and_add+0x125/0x190 [ 223.791911][ T7119] ? __pfx_kobject_init_and_add+0x10/0x10 [ 223.791937][ T7119] ? __raw_spin_lock_init+0x45/0x100 [ 223.791966][ T7119] ? __init_swait_queue_head+0xa9/0x150 [ 223.791995][ T7119] gfs2_sys_fs_add+0x234/0x450 [ 223.792020][ T7119] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 223.792048][ T7119] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 223.792086][ T7119] gfs2_fill_super+0x13c0/0x20d0 [ 223.792126][ T7119] ? __pfx_gfs2_fill_super+0x10/0x10 [ 223.792159][ T7119] ? sb_set_blocksize+0x104/0x180 [ 223.792192][ T7119] ? setup_bdev_super+0x4c1/0x5b0 [ 223.792226][ T7119] get_tree_bdev_flags+0x40b/0x4d0 [ 223.792258][ T7119] ? __pfx_gfs2_fill_super+0x10/0x10 [ 223.792287][ T7119] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 223.792325][ T7119] gfs2_get_tree+0x51/0x1e0 [ 223.792357][ T7119] vfs_get_tree+0x8f/0x2b0 [ 223.792389][ T7119] do_new_mount+0x2a2/0xa30 [ 223.792435][ T7119] ? ns_capable+0x8a/0xf0 [ 223.792459][ T7119] ? __pfx_do_new_mount+0x10/0x10 [ 223.792492][ T7119] ? path_mount+0x61c/0xfe0 [ 223.792523][ T7119] ? user_path_at+0x44/0x60 [ 223.792555][ T7119] __se_sys_mount+0x317/0x410 [ 223.792593][ T7119] ? __pfx___se_sys_mount+0x10/0x10 [ 223.792626][ T7119] ? rcu_is_watching+0x15/0xb0 [ 223.792651][ T7119] ? __x64_sys_mount+0x20/0xc0 [ 223.792687][ T7119] do_syscall_64+0xfa/0x3b0 [ 223.792713][ T7119] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.792734][ T7119] ? clear_bhb_loop+0x60/0xb0 [ 223.792760][ T7119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.792784][ T7119] RIP: 0033:0x7fb47156b94a [ 223.792805][ T7119] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 223.792825][ T7119] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 223.792850][ T7119] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 7121] close(3 [pid 7129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7121] <... close resumed>) = 0 [pid 7121] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 223.792868][ T7119] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 223.792886][ T7119] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 223.792903][ T7119] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 223.792919][ T7119] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 223.792943][ T7119] [ 223.792967][ T7119] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7121] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... futex resumed>) = 0 [pid 7120] <... futex resumed>) = 1 [pid 7121] openat(AT_FDCWD, ".", O_RDONLY [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] <... openat resumed>) = 3 [pid 7121] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] <... futex resumed>) = 0 [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7120] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... mount resumed>) = -1 EEXIST (File exists) [pid 7119] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7119] ioctl(3, LOOP_CLR_FD) = 0 [pid 7121] <... ioctl resumed>) = 0 [pid 7119] close(3 [pid 7121] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7121] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7120] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... openat resumed>) = 4 [pid 7120] <... futex resumed>) = 0 [pid 7121] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] <... futex resumed>) = 0 [pid 7120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7121] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7120] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 223.838823][ T7121] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 223.980843][ T7119] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7120] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7119] <... close resumed>) = 0 [pid 7119] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7119] openat(AT_FDCWD, ".", O_RDONLY [pid 7118] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... openat resumed>) = 3 [pid 7118] <... futex resumed>) = 0 [pid 7119] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... futex resumed>) = 0 [pid 7118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7119] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7118] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... write resumed>) = 16777216 [pid 7118] <... futex resumed>) = 0 [pid 7129] munmap(0x7fb469000000, 138412032 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... ioctl resumed>) = 0 [pid 7119] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7119] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] <... write resumed>) = 16777216 [pid 7119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7118] <... futex resumed>) = 0 [pid 7119] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] <... openat resumed>) = 4 [pid 7119] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7118] <... futex resumed>) = 0 [pid 7119] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7118] <... futex resumed>) = 0 [pid 7119] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7118] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] munmap(0x7fb469000000, 138412032 [pid 7129] <... munmap resumed>) = 0 [pid 7129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7129] ioctl(4, LOOP_SET_FD, 3 [pid 7118] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7129] <... ioctl resumed>) = 0 [pid 7129] close(3) = 0 [pid 7129] close(4) = 0 [pid 7129] mkdir("./file0", 0777) = 0 [ 224.681109][ T7129] loop0: detected capacity change from 0 to 32768 [pid 7129] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7123] <... munmap resumed>) = 0 [pid 7123] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 224.727393][ T7129] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 224.745724][ T7129] CPU: 1 UID: 0 PID: 7129 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 224.745756][ T7129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 224.745770][ T7129] Call Trace: [ 224.745778][ T7129] [ 224.745787][ T7129] dump_stack_lvl+0x189/0x250 [ 224.745826][ T7129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.745851][ T7129] ? __pfx__printk+0x10/0x10 [ 224.745878][ T7129] ? kernfs_root+0x1c/0x230 [ 224.745904][ T7129] ? kernfs_path_from_node+0x250/0x290 [ 224.745926][ T7129] ? kernfs_path_from_node+0x2f/0x290 [ 224.745950][ T7129] sysfs_create_dir_ns+0x259/0x280 [ 224.745973][ T7129] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 224.745996][ T7129] ? do_raw_spin_unlock+0x122/0x240 [ 224.746024][ T7129] kobject_add_internal+0x59f/0xb40 [pid 7123] ioctl(4, LOOP_SET_FD, 3 [pid 7120] exit_group(0) = ? [pid 7121] <... write resumed>) = ? [pid 7121] +++ exited with 0 +++ [pid 7120] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7120, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=71 /* 0.71 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7123] <... ioctl resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 224.746054][ T7129] kobject_init_and_add+0x125/0x190 [ 224.746079][ T7129] ? __pfx_kobject_init_and_add+0x10/0x10 [ 224.746102][ T7129] ? __raw_spin_lock_init+0x45/0x100 [ 224.746140][ T7129] ? __init_swait_queue_head+0xa9/0x150 [ 224.746166][ T7129] gfs2_sys_fs_add+0x234/0x450 [ 224.746188][ T7129] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 224.746212][ T7129] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 224.746246][ T7129] gfs2_fill_super+0x13c0/0x20d0 [ 224.746284][ T7129] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7123] close(3 [pid 5868] close(4 [pid 7123] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7123] close(4 [pid 5868] rmdir("./65/file0" [pid 7123] <... close resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7123] mkdir("./file0", 0777) = 0 [pid 5868] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7123] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./65/binderfs") = 0 [pid 5868] umount2("./65/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./65/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9814016, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 224.746311][ T7129] ? sb_set_blocksize+0x104/0x180 [ 224.746341][ T7129] ? setup_bdev_super+0x4c1/0x5b0 [ 224.746370][ T7129] get_tree_bdev_flags+0x40b/0x4d0 [ 224.746398][ T7129] ? __pfx_gfs2_fill_super+0x10/0x10 [ 224.746424][ T7129] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 224.746456][ T7129] gfs2_get_tree+0x51/0x1e0 [ 224.746483][ T7129] vfs_get_tree+0x8f/0x2b0 [ 224.746512][ T7129] do_new_mount+0x2a2/0xa30 [ 224.746542][ T7129] ? ns_capable+0x8a/0xf0 [ 224.746562][ T7129] ? __pfx_do_new_mount+0x10/0x10 [ 224.746590][ T7129] ? path_mount+0x61c/0xfe0 [ 224.746617][ T7129] ? user_path_at+0x44/0x60 [ 224.746643][ T7129] __se_sys_mount+0x317/0x410 [ 224.746683][ T7129] ? __pfx___se_sys_mount+0x10/0x10 [ 224.746712][ T7129] ? rcu_is_watching+0x15/0xb0 [ 224.746735][ T7129] ? __x64_sys_mount+0x20/0xc0 [ 224.746784][ T7129] do_syscall_64+0xfa/0x3b0 [ 224.746805][ T7129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.746826][ T7129] ? clear_bhb_loop+0x60/0xb0 [ 224.746849][ T7129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 5868] unlink("./65/cpuset.effective_mems" [pid 7118] exit_group(0) = ? [ 224.746869][ T7129] RIP: 0033:0x7fb47156b94a [ 224.746887][ T7129] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 224.746907][ T7129] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 224.746928][ T7129] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 224.746944][ T7129] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [ 224.746960][ T7129] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 224.746975][ T7129] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 224.746988][ T7129] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 224.747010][ T7129] [ 224.747476][ T7129] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 224.748950][ T7123] loop2: detected capacity change from 0 to 32768 [pid 5868] rmdir("./65") = 0 [pid 5868] mkdir("./66", 0777 [pid 7119] <... write resumed>) = ? [pid 5868] <... mkdir resumed>) = 0 [ 224.803337][ T7129] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 225.086271][ T7123] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7119] +++ exited with 0 +++ [pid 7118] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7118, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=92 /* 0.92 s */} --- [pid 5870] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7129] <... mount resumed>) = -1 EEXIST (File exists) [pid 7129] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7129] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 3 [pid 7129] ioctl(3, LOOP_CLR_FD [pid 5870] newfstatat(3, "", [pid 7129] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7129] close(3 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 225.124118][ T7123] CPU: 0 UID: 0 PID: 7123 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 225.124151][ T7123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.124165][ T7123] Call Trace: [ 225.124174][ T7123] [ 225.124183][ T7123] dump_stack_lvl+0x189/0x250 [ 225.124215][ T7123] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.124239][ T7123] ? __pfx__printk+0x10/0x10 [ 225.124267][ T7123] ? kernfs_root+0x1c/0x230 [pid 7129] <... close resumed>) = 0 [pid 5870] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 7129] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7129] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7125] <... futex resumed>) = 0 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7129] openat(AT_FDCWD, ".", O_RDONLY [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7129] <... openat resumed>) = 3 [pid 5868] close(3) = 0 [ 225.124293][ T7123] ? kernfs_path_from_node+0x250/0x290 [ 225.124323][ T7123] ? kernfs_path_from_node+0x2f/0x290 [ 225.124348][ T7123] sysfs_create_dir_ns+0x259/0x280 [ 225.124370][ T7123] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 225.124393][ T7123] ? do_raw_spin_unlock+0x122/0x240 [ 225.124421][ T7123] kobject_add_internal+0x59f/0xb40 [ 225.124449][ T7123] kobject_init_and_add+0x125/0x190 [ 225.124475][ T7123] ? __pfx_kobject_init_and_add+0x10/0x10 [ 225.124498][ T7123] ? __raw_spin_lock_init+0x45/0x100 [ 225.124524][ T7123] ? __init_swait_queue_head+0xa9/0x150 [ 225.124550][ T7123] gfs2_sys_fs_add+0x234/0x450 [ 225.124572][ T7123] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 225.124596][ T7123] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 225.124648][ T7123] gfs2_fill_super+0x13c0/0x20d0 [ 225.124683][ T7123] ? __pfx_gfs2_fill_super+0x10/0x10 [ 225.124712][ T7123] ? sb_set_blocksize+0x104/0x180 [ 225.124744][ T7123] ? setup_bdev_super+0x4c1/0x5b0 [ 225.124774][ T7123] get_tree_bdev_flags+0x40b/0x4d0 [ 225.124802][ T7123] ? __pfx_gfs2_fill_super+0x10/0x10 [ 225.124828][ T7123] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 225.124862][ T7123] gfs2_get_tree+0x51/0x1e0 [ 225.124890][ T7123] vfs_get_tree+0x8f/0x2b0 [ 225.124918][ T7123] do_new_mount+0x2a2/0xa30 [ 225.124951][ T7123] ? ns_capable+0x8a/0xf0 [ 225.124970][ T7123] ? __pfx_do_new_mount+0x10/0x10 [ 225.124999][ T7123] ? path_mount+0x61c/0xfe0 [ 225.125026][ T7123] ? user_path_at+0x44/0x60 [ 225.125054][ T7123] __se_sys_mount+0x317/0x410 [ 225.125087][ T7123] ? __pfx___se_sys_mount+0x10/0x10 [ 225.125118][ T7123] ? rcu_is_watching+0x15/0xb0 [ 225.125144][ T7123] ? __x64_sys_mount+0x20/0xc0 [ 225.125174][ T7123] do_syscall_64+0xfa/0x3b0 [ 225.125195][ T7123] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.125216][ T7123] ? clear_bhb_loop+0x60/0xb0 [ 225.125239][ T7123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.125259][ T7123] RIP: 0033:0x7fb47156b94a [ 225.125277][ T7123] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7129] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7129] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 225.125295][ T7123] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 225.125318][ T7123] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 225.125333][ T7123] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 225.125349][ T7123] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 225.125364][ T7123] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 225.125378][ T7123] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 225.125401][ T7123] [pid 7125] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7134 attached [pid 5870] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7134 [pid 7134] set_robust_list(0x55558d547760, 24) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 7134] chdir("./66" [pid 7129] <... ioctl resumed>) = 0 [pid 7123] <... mount resumed>) = -1 EEXIST (File exists) [pid 7129] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7123] <... openat resumed>) = 3 [pid 5870] getdents64(4, [pid 7134] <... chdir resumed>) = 0 [pid 7129] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7125] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7129] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] ioctl(3, LOOP_CLR_FD [pid 7134] <... prctl resumed>) = 0 [pid 7134] setpgid(0, 0) = 0 [pid 7134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7123] <... ioctl resumed>) = 0 [pid 7134] write(3, "1000", 4) = 4 [pid 7134] close(3) = 0 [pid 7134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7129] <... openat resumed>) = 4 [pid 7123] close(3 [pid 5870] getdents64(4, executing program [pid 7134] write(1, "executing program\n", 18) = 18 [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7134] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7134] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7135 attached [pid 7135] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7134] <... clone3 resumed> => {parent_tid=[7135]}, 88) = 7135 [pid 7135] <... rseq resumed>) = 0 [pid 7134] rt_sigprocmask(SIG_SETMASK, [], [pid 7135] set_robust_list(0x7fb4715169a0, 24 [pid 7134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7135] <... set_robust_list resumed>) = 0 [pid 7134] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] rt_sigprocmask(SIG_SETMASK, [], [pid 7134] <... futex resumed>) = 0 [pid 7135] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 225.430926][ T7123] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 225.446010][ T7123] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7135] memfd_create("syzkaller", 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7135] <... memfd_create resumed>) = 3 [pid 7135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5870] close(4) = 0 [pid 5870] rmdir("./63/file0") = 0 [pid 5870] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] <... futex resumed>) = 1 [pid 7125] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./63/binderfs", [pid 7129] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7125] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7125] <... futex resumed>) = 0 [pid 5870] unlink("./63/binderfs" [pid 7129] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7125] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... unlink resumed>) = 0 [pid 5870] umount2("./63/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./63/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4493312, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./63/cpuset.effective_mems" [pid 7125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./63") = 0 [pid 5870] mkdir("./64", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 7135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7136 attached [pid 7136] set_robust_list(0x55558d547760, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7136 [pid 7136] <... set_robust_list resumed>) = 0 [pid 7136] chdir("./64") = 0 [pid 7136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7136] setpgid(0, 0) = 0 [pid 7136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7136] write(3, "1000", 4) = 4 [pid 7136] close(3) = 0 [pid 7136] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7136] write(1, "executing program\n", 18) = 18 [pid 7136] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7136] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7137]}, 88) = 7137 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7136] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7137 attached [pid 7136] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7137] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7137] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7137] memfd_create("syzkaller", 0) = 3 [pid 7137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7123] <... close resumed>) = 0 [pid 7123] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7122] <... futex resumed>) = 0 [pid 7123] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7122] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7122] <... futex resumed>) = 0 [pid 7123] openat(AT_FDCWD, ".", O_RDONLY [pid 7122] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] <... openat resumed>) = 3 [pid 7123] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7122] <... futex resumed>) = 0 [pid 7123] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7122] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7122] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7122] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7138 attached => {parent_tid=[7138]}, 88) = 7138 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7122] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7122] <... futex resumed>) = 0 [pid 7138] <... rseq resumed>) = 0 [pid 7122] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7138] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7125] exit_group(0) = ? [pid 7129] <... write resumed>) = ? [pid 7129] +++ exited with 0 +++ [pid 7125] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7125, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=77 /* 0.77 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, [pid 7122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7122] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7122] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7139]}, 88) = 7139 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7122] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7139 attached [pid 7122] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7139] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7135] <... write resumed>) = 16777216 [pid 7139] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7135] munmap(0x7fb469000000, 138412032 [pid 7139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7139] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7139] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7122] <... futex resumed>) = 0 [pid 7139] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7135] <... munmap resumed>) = 0 [pid 7135] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7135] close(3) = 0 [pid 7135] close(4) = 0 [pid 7135] mkdir("./file0", 0777 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7135] <... mkdir resumed>) = 0 [pid 5867] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./64/file0", [pid 7135] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./64/file0") = 0 [pid 5867] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./64/binderfs") = 0 [pid 5867] umount2("./64/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./64/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10997696, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./64/cpuset.effective_mems" [pid 7123] <... ioctl resumed>) = 0 [pid 7123] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7123] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7138] <... openat resumed>) = 4 [pid 7138] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] exit_group(0 [pid 7139] <... futex resumed>) = ? [pid 7138] <... futex resumed>) = ? [pid 7123] <... futex resumed>) = ? [pid 7122] <... exit_group resumed>) = ? [pid 7139] +++ exited with 0 +++ [pid 7138] +++ exited with 0 +++ [pid 7123] +++ exited with 0 +++ [pid 7122] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7122, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=40 /* 0.40 s */} --- [ 225.902350][ T7135] loop1: detected capacity change from 0 to 32768 [ 225.921959][ T7135] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 225.943877][ T7135] CPU: 0 UID: 0 PID: 7135 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 225.943910][ T7135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 225.943924][ T7135] Call Trace: [ 225.943932][ T7135] [ 225.943941][ T7135] dump_stack_lvl+0x189/0x250 [ 225.943971][ T7135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.943995][ T7135] ? __pfx__printk+0x10/0x10 [ 225.944021][ T7135] ? kernfs_root+0x1c/0x230 [ 225.944045][ T7135] ? kernfs_path_from_node+0x250/0x290 [ 225.944067][ T7135] ? kernfs_path_from_node+0x2f/0x290 [ 225.944091][ T7135] sysfs_create_dir_ns+0x259/0x280 [ 225.944113][ T7135] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 225.944135][ T7135] ? do_raw_spin_unlock+0x122/0x240 [ 225.944162][ T7135] kobject_add_internal+0x59f/0xb40 [ 225.944190][ T7135] kobject_init_and_add+0x125/0x190 [ 225.944214][ T7135] ? __pfx_kobject_init_and_add+0x10/0x10 [ 225.944237][ T7135] ? __raw_spin_lock_init+0x45/0x100 [ 225.944261][ T7135] ? __init_swait_queue_head+0xa9/0x150 [ 225.944287][ T7135] gfs2_sys_fs_add+0x234/0x450 [ 225.944309][ T7135] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 225.944332][ T7135] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 225.944364][ T7135] gfs2_fill_super+0x13c0/0x20d0 [ 225.944399][ T7135] ? __pfx_gfs2_fill_super+0x10/0x10 [ 225.944426][ T7135] ? sb_set_blocksize+0x104/0x180 [ 225.944455][ T7135] ? setup_bdev_super+0x4c1/0x5b0 [ 225.944490][ T7135] get_tree_bdev_flags+0x40b/0x4d0 [ 225.944516][ T7135] ? __pfx_gfs2_fill_super+0x10/0x10 [ 225.944542][ T7135] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 225.944574][ T7135] gfs2_get_tree+0x51/0x1e0 [ 225.944600][ T7135] vfs_get_tree+0x8f/0x2b0 [ 225.944628][ T7135] do_new_mount+0x2a2/0xa30 [ 225.944658][ T7135] ? ns_capable+0x8a/0xf0 [ 225.944677][ T7135] ? __pfx_do_new_mount+0x10/0x10 [ 225.944705][ T7135] ? path_mount+0x61c/0xfe0 [ 225.944732][ T7135] ? user_path_at+0x44/0x60 [ 225.944757][ T7135] __se_sys_mount+0x317/0x410 [ 225.944790][ T7135] ? __pfx___se_sys_mount+0x10/0x10 [ 225.944819][ T7135] ? rcu_is_watching+0x15/0xb0 [ 225.944841][ T7135] ? __x64_sys_mount+0x20/0xc0 [ 225.944871][ T7135] do_syscall_64+0xfa/0x3b0 [ 225.944893][ T7135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.944912][ T7135] ? clear_bhb_loop+0x60/0xb0 [ 225.944934][ T7135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.944953][ T7135] RIP: 0033:0x7fb47156b94a [ 225.944971][ T7135] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 225.944989][ T7135] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 225.945011][ T7135] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 225.945027][ T7135] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 225.945042][ T7135] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 225.945057][ T7135] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 225.945071][ T7135] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 225.945092][ T7135] [pid 5869] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./62/file0") = 0 [pid 5869] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./62/binderfs") = 0 [pid 5869] umount2("./62/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./62/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./62/cpuset.effective_mems") = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./62") = 0 [pid 5869] mkdir("./63", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7142 attached [pid 7142] set_robust_list(0x55558d547760, 24) = 0 [pid 7142] chdir("./63") = 0 [pid 7142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7142] setpgid(0, 0) = 0 [pid 7142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7142] write(3, "1000", 4 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7142 [pid 7142] <... write resumed>) = 4 [pid 7142] close(3) = 0 [pid 7142] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7142] write(1, "executing program\n", 18) = 18 [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7142] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7142] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [ 225.945113][ T7135] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 226.261036][ T7135] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3 [pid 7142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7143]}, 88) = 7143 [pid 7142] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7143 attached NULL, 8) = 0 [pid 7142] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] <... close resumed>) = 0 [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] rmdir("./64" [pid 7143] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7135] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] <... rmdir resumed>) = 0 [pid 7143] <... rseq resumed>) = 0 [pid 5867] mkdir("./65", 0777 [pid 7143] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7143] memfd_create("syzkaller", 0 [pid 5867] <... mkdir resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 7143] <... memfd_create resumed>) = 3 [pid 7143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7135] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7135] <... openat resumed>) = 3 [pid 7135] ioctl(3, LOOP_CLR_FD) = 0 [pid 7135] close(3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7144 ./strace-static-x86_64: Process 7144 attached [pid 7144] set_robust_list(0x55558d547760, 24) = 0 [pid 7144] chdir("./65") = 0 [pid 7144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7144] setpgid(0, 0) = 0 [pid 7144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7144] write(3, "1000", 4) = 4 [pid 7144] close(3) = 0 [pid 7144] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7144] write(1, "executing program\n", 18) = 18 [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7144] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7145]}, 88) = 7145 [pid 7144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7144] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7145 attached [pid 7145] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7145] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7145] memfd_create("syzkaller", 0) = 3 [pid 7145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7135] <... close resumed>) = 0 [pid 7145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7135] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7134] <... futex resumed>) = 0 [pid 7135] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7134] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7134] <... futex resumed>) = 0 [pid 7135] openat(AT_FDCWD, ".", O_RDONLY [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7135] <... openat resumed>) = 3 [pid 7135] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7134] <... futex resumed>) = 0 [pid 7135] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7134] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7134] <... futex resumed>) = 0 [pid 7135] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7137] <... write resumed>) = 16777216 [pid 7137] munmap(0x7fb469000000, 138412032 [pid 7135] <... ioctl resumed>) = 0 [pid 7135] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7134] <... futex resumed>) = 0 [pid 7135] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7134] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7135] <... openat resumed>) = 4 [pid 7135] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7134] <... futex resumed>) = 0 [pid 7135] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7134] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7134] <... futex resumed>) = 0 [pid 7135] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7134] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7137] <... munmap resumed>) = 0 [pid 7137] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7137] ioctl(4, LOOP_SET_FD, 3 [pid 7143] <... write resumed>) = 16777216 [pid 7143] munmap(0x7fb469000000, 138412032 [pid 7137] <... ioctl resumed>) = 0 [pid 7137] close(3) = 0 [pid 7137] close(4) = 0 [pid 7137] mkdir("./file0", 0777) = 0 [ 226.734771][ T7137] loop3: detected capacity change from 0 to 32768 [ 226.784155][ T7137] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 226.800714][ T7137] CPU: 1 UID: 0 PID: 7137 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 226.800747][ T7137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.800761][ T7137] Call Trace: [ 226.800769][ T7137] [pid 7137] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7143] <... munmap resumed>) = 0 [pid 7143] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 226.800779][ T7137] dump_stack_lvl+0x189/0x250 [ 226.800812][ T7137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.800837][ T7137] ? __pfx__printk+0x10/0x10 [ 226.800864][ T7137] ? kernfs_root+0x1c/0x230 [ 226.800889][ T7137] ? kernfs_path_from_node+0x250/0x290 [ 226.800912][ T7137] ? kernfs_path_from_node+0x2f/0x290 [ 226.800937][ T7137] sysfs_create_dir_ns+0x259/0x280 [ 226.800961][ T7137] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 226.800984][ T7137] ? do_raw_spin_unlock+0x122/0x240 [ 226.801012][ T7137] kobject_add_internal+0x59f/0xb40 [pid 7143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7143] close(3) = 0 [pid 7143] close(4) = 0 [pid 7143] mkdir("./file0", 0777) = 0 [ 226.801041][ T7137] kobject_init_and_add+0x125/0x190 [ 226.801067][ T7137] ? __pfx_kobject_init_and_add+0x10/0x10 [ 226.801090][ T7137] ? __raw_spin_lock_init+0x45/0x100 [ 226.801116][ T7137] ? __init_swait_queue_head+0xa9/0x150 [ 226.801150][ T7137] gfs2_sys_fs_add+0x234/0x450 [ 226.801173][ T7137] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 226.801197][ T7137] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 226.801232][ T7137] gfs2_fill_super+0x13c0/0x20d0 [ 226.801268][ T7137] ? __pfx_gfs2_fill_super+0x10/0x10 [ 226.801297][ T7137] ? sb_set_blocksize+0x104/0x180 [ 226.801327][ T7137] ? setup_bdev_super+0x4c1/0x5b0 [ 226.801357][ T7137] get_tree_bdev_flags+0x40b/0x4d0 [ 226.801387][ T7137] ? __pfx_gfs2_fill_super+0x10/0x10 [ 226.801414][ T7137] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 226.801448][ T7137] gfs2_get_tree+0x51/0x1e0 [ 226.801476][ T7137] vfs_get_tree+0x8f/0x2b0 [ 226.801506][ T7137] do_new_mount+0x2a2/0xa30 [ 226.801589][ T7137] ? ns_capable+0x8a/0xf0 [ 226.801610][ T7137] ? __pfx_do_new_mount+0x10/0x10 [ 226.801640][ T7137] ? path_mount+0x61c/0xfe0 [ 226.801669][ T7137] ? user_path_at+0x44/0x60 [ 226.801696][ T7137] __se_sys_mount+0x317/0x410 [ 226.801731][ T7137] ? __pfx___se_sys_mount+0x10/0x10 [ 226.801760][ T7137] ? rcu_is_watching+0x15/0xb0 [ 226.801785][ T7137] ? __x64_sys_mount+0x20/0xc0 [ 226.801816][ T7137] do_syscall_64+0xfa/0x3b0 [ 226.801838][ T7137] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.801859][ T7137] ? clear_bhb_loop+0x60/0xb0 [ 226.801882][ T7137] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.801902][ T7137] RIP: 0033:0x7fb47156b94a [pid 7143] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7145] <... write resumed>) = 16777216 [ 226.801920][ T7137] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 226.801939][ T7137] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 226.801961][ T7137] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 226.801977][ T7137] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 7145] munmap(0x7fb469000000, 138412032) = 0 [pid 7137] <... mount resumed>) = -1 EEXIST (File exists) [pid 7137] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7137] ioctl(3, LOOP_CLR_FD) = 0 [pid 7137] close(3) = 0 [pid 7137] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7137] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7136] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7136] <... futex resumed>) = 0 [pid 7137] openat(AT_FDCWD, ".", O_RDONLY [pid 7136] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7145] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7137] <... openat resumed>) = 3 [pid 7145] <... openat resumed>) = 4 [ 226.801992][ T7137] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 226.802007][ T7137] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 226.802021][ T7137] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 226.802041][ T7137] [ 226.802128][ T7137] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 226.865902][ T7143] loop2: detected capacity change from 0 to 32768 [ 226.867124][ T7137] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7137] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] ioctl(4, LOOP_SET_FD, 3 [pid 7137] <... futex resumed>) = 1 [pid 7136] <... futex resumed>) = 0 [pid 7137] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7136] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.917713][ T7143] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 227.134687][ T7145] loop0: detected capacity change from 0 to 32768 [ 227.146799][ T7143] CPU: 0 UID: 0 PID: 7143 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 227.146828][ T7143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 227.146841][ T7143] Call Trace: [ 227.146849][ T7143] [ 227.146859][ T7143] dump_stack_lvl+0x189/0x250 [pid 7136] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7145] <... ioctl resumed>) = 0 [pid 7145] close(3) = 0 [pid 7145] close(4) = 0 [pid 7145] mkdir("./file0", 0777) = 0 [pid 7145] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7136] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7136] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7136] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7150 attached => {parent_tid=[7150]}, 88) = 7150 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], [pid 7150] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7136] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7150] <... rseq resumed>) = 0 [pid 7150] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 227.146890][ T7143] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.146913][ T7143] ? __pfx__printk+0x10/0x10 [ 227.146938][ T7143] ? kernfs_root+0x1c/0x230 [ 227.146961][ T7143] ? kernfs_path_from_node+0x250/0x290 [ 227.146982][ T7143] ? kernfs_path_from_node+0x2f/0x290 [ 227.147005][ T7143] sysfs_create_dir_ns+0x259/0x280 [ 227.147027][ T7143] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 227.147048][ T7143] ? do_raw_spin_unlock+0x122/0x240 [ 227.147075][ T7143] kobject_add_internal+0x59f/0xb40 [ 227.147102][ T7143] kobject_init_and_add+0x125/0x190 [pid 7150] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7134] exit_group(0) = ? [pid 7135] <... write resumed>) = ? [pid 7136] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7135] +++ exited with 0 +++ [pid 7134] +++ exited with 0 +++ [pid 7136] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7134, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=49 /* 0.49 s */} --- [pid 7136] <... futex resumed>) = 0 [pid 7136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7136] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7136] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7136] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} [ 227.147126][ T7143] ? __pfx_kobject_init_and_add+0x10/0x10 [ 227.147148][ T7143] ? __raw_spin_lock_init+0x45/0x100 [ 227.147172][ T7143] ? __init_swait_queue_head+0xa9/0x150 [ 227.147198][ T7143] gfs2_sys_fs_add+0x234/0x450 [ 227.147220][ T7143] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 227.147243][ T7143] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 227.147277][ T7143] gfs2_fill_super+0x13c0/0x20d0 [ 227.147309][ T7143] ? __pfx_gfs2_fill_super+0x10/0x10 [ 227.147336][ T7143] ? sb_set_blocksize+0x104/0x180 [ 227.147365][ T7143] ? setup_bdev_super+0x4c1/0x5b0 [pid 5868] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7153 attached ) = 3 [pid 7136] <... clone3 resumed> => {parent_tid=[7153]}, 88) = 7153 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] newfstatat(3, "", [pid 7136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7136] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 7136] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [ 227.147393][ T7143] get_tree_bdev_flags+0x40b/0x4d0 [ 227.147420][ T7143] ? __pfx_gfs2_fill_super+0x10/0x10 [ 227.147456][ T7143] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 227.147489][ T7143] gfs2_get_tree+0x51/0x1e0 [ 227.147518][ T7143] vfs_get_tree+0x8f/0x2b0 [ 227.147546][ T7143] do_new_mount+0x2a2/0xa30 [ 227.147578][ T7143] ? ns_capable+0x8a/0xf0 [ 227.147598][ T7143] ? __pfx_do_new_mount+0x10/0x10 [ 227.147627][ T7143] ? path_mount+0x61c/0xfe0 [ 227.147655][ T7143] ? user_path_at+0x44/0x60 [pid 7136] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7153] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7153] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7153] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7153] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7153] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./66/file0") = 0 [pid 5868] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./66/binderfs", [pid 7136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./66/binderfs") = 0 [pid 5868] umount2("./66/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./66/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10162112, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 227.147683][ T7143] __se_sys_mount+0x317/0x410 [ 227.147717][ T7143] ? __pfx___se_sys_mount+0x10/0x10 [ 227.147746][ T7143] ? rcu_is_watching+0x15/0xb0 [ 227.147769][ T7143] ? __x64_sys_mount+0x20/0xc0 [ 227.147800][ T7143] do_syscall_64+0xfa/0x3b0 [ 227.147821][ T7143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.147842][ T7143] ? clear_bhb_loop+0x60/0xb0 [ 227.147865][ T7143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.147886][ T7143] RIP: 0033:0x7fb47156b94a [ 227.147904][ T7143] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 227.147922][ T7143] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 227.147945][ T7143] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 227.147961][ T7143] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 227.147976][ T7143] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 227.147990][ T7143] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 227.148004][ T7143] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 227.148026][ T7143] [ 227.148224][ T7143] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 227.275260][ T7145] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 227.276154][ T7143] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 227.281174][ T7145] CPU: 1 UID: 0 PID: 7145 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 227.281207][ T7145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 227.281224][ T7145] Call Trace: [ 227.281233][ T7145] [ 227.281244][ T7145] dump_stack_lvl+0x189/0x250 [ 227.281283][ T7145] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.281311][ T7145] ? __pfx__printk+0x10/0x10 [ 227.281349][ T7145] ? kernfs_root+0x1c/0x230 [ 227.281377][ T7145] ? kernfs_path_from_node+0x250/0x290 [pid 5868] unlink("./66/cpuset.effective_mems" [pid 7143] <... mount resumed>) = -1 EEXIST (File exists) [pid 7143] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7143] ioctl(3, LOOP_CLR_FD) = 0 [ 227.281403][ T7145] ? kernfs_path_from_node+0x2f/0x290 [ 227.281430][ T7145] sysfs_create_dir_ns+0x259/0x280 [ 227.281457][ T7145] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 227.281483][ T7145] ? do_raw_spin_unlock+0x122/0x240 [ 227.281516][ T7145] kobject_add_internal+0x59f/0xb40 [ 227.281548][ T7145] kobject_init_and_add+0x125/0x190 [ 227.281576][ T7145] ? __pfx_kobject_init_and_add+0x10/0x10 [ 227.281602][ T7145] ? __raw_spin_lock_init+0x45/0x100 [ 227.281632][ T7145] ? __init_swait_queue_head+0xa9/0x150 [pid 7143] close(3 [pid 7136] exit_group(0 [pid 7153] <... futex resumed>) = ? [pid 7136] <... exit_group resumed>) = ? [pid 7153] +++ exited with 0 +++ [ 227.281662][ T7145] gfs2_sys_fs_add+0x234/0x450 [ 227.281687][ T7145] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 227.281714][ T7145] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 227.281751][ T7145] gfs2_fill_super+0x13c0/0x20d0 [ 227.281790][ T7145] ? __pfx_gfs2_fill_super+0x10/0x10 [ 227.281822][ T7145] ? sb_set_blocksize+0x104/0x180 [ 227.281857][ T7145] ? setup_bdev_super+0x4c1/0x5b0 [ 227.281889][ T7145] get_tree_bdev_flags+0x40b/0x4d0 [ 227.281922][ T7145] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./66") = 0 [pid 5868] mkdir("./67", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [ 227.281951][ T7145] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 227.281990][ T7145] gfs2_get_tree+0x51/0x1e0 [ 227.282020][ T7145] vfs_get_tree+0x8f/0x2b0 [ 227.282053][ T7145] do_new_mount+0x2a2/0xa30 [ 227.282088][ T7145] ? ns_capable+0x8a/0xf0 [ 227.282110][ T7145] ? __pfx_do_new_mount+0x10/0x10 [ 227.282143][ T7145] ? path_mount+0x61c/0xfe0 [ 227.282175][ T7145] ? user_path_at+0x44/0x60 [ 227.282205][ T7145] __se_sys_mount+0x317/0x410 [ 227.282243][ T7145] ? __pfx___se_sys_mount+0x10/0x10 [ 227.282276][ T7145] ? rcu_is_watching+0x15/0xb0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7154 attached [pid 7154] set_robust_list(0x55558d547760, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7154 [pid 7154] <... set_robust_list resumed>) = 0 [pid 7154] chdir("./67") = 0 [pid 7154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7154] setpgid(0, 0) = 0 [pid 7154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7154] write(3, "1000", 4) = 4 [pid 7154] close(3) = 0 [pid 7154] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7154] write(1, "executing program\n", 18) = 18 [pid 7154] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7154] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7154] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7155]}, 88) = 7155 ./strace-static-x86_64: Process 7155 attached [ 227.282303][ T7145] ? __x64_sys_mount+0x20/0xc0 [ 227.282345][ T7145] do_syscall_64+0xfa/0x3b0 [ 227.282370][ T7145] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.282394][ T7145] ? clear_bhb_loop+0x60/0xb0 [ 227.282419][ T7145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.282442][ T7145] RIP: 0033:0x7fb47156b94a [pid 7154] rt_sigprocmask(SIG_SETMASK, [], [pid 7155] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7155] <... rseq resumed>) = 0 [pid 7154] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7155] set_robust_list(0x7fb4715169a0, 24 [pid 7154] <... futex resumed>) = 0 [pid 7155] <... set_robust_list resumed>) = 0 [pid 7154] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7155] memfd_create("syzkaller", 0) = 3 [pid 7155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 227.282463][ T7145] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 227.282484][ T7145] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 227.282510][ T7145] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 227.282530][ T7145] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 227.282547][ T7145] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 227.282571][ T7145] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7137] <... ioctl resumed>) = ? [pid 7137] +++ exited with 0 +++ [pid 7150] <... openat resumed>) = ? [pid 7150] +++ exited with 0 +++ [pid 7136] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7136, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=41 /* 0.41 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7145] <... mount resumed>) = -1 EEXIST (File exists) [pid 7145] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7143] <... close resumed>) = 0 [pid 7145] <... openat resumed>) = 3 [pid 7143] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] ioctl(3, LOOP_CLR_FD [pid 7143] <... futex resumed>) = 1 [pid 7142] <... futex resumed>) = 0 [pid 7145] <... ioctl resumed>) = 0 [pid 7143] openat(AT_FDCWD, ".", O_RDONLY [pid 7142] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] close(3 [pid 7143] <... openat resumed>) = 3 [pid 7142] <... futex resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7143] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7142] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7143] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 227.282587][ T7145] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 227.282612][ T7145] [ 227.311341][ T7145] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 227.806778][ T7145] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7142] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7143] <... ioctl resumed>) = 0 [pid 5870] getdents64(4, [pid 7143] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7143] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7142] <... futex resumed>) = 0 [pid 5870] close(4) = 0 [pid 7142] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] rmdir("./64/file0" [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7143] <... futex resumed>) = 0 [pid 7143] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5870] <... rmdir resumed>) = 0 [pid 7143] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7143] <... futex resumed>) = 1 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7142] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./64/binderfs", [pid 7142] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7142] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] unlink("./64/binderfs" [pid 7143] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5870] <... unlink resumed>) = 0 [pid 5870] umount2("./64/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./64/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./64/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./64") = 0 [pid 5870] mkdir("./65", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7156 ./strace-static-x86_64: Process 7156 attached [pid 7156] set_robust_list(0x55558d547760, 24) = 0 [pid 7156] chdir("./65") = 0 [pid 7156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7156] setpgid(0, 0) = 0 [pid 7156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7156] write(3, "1000", 4) = 4 [pid 7156] close(3) = 0 [pid 7156] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7156] write(1, "executing program\n", 18) = 18 [pid 7156] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7156] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7157]}, 88) = 7157 [pid 7156] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7157 attached NULL, 8) = 0 [pid 7156] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7157] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7145] <... close resumed>) = 0 [pid 7145] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7144] <... futex resumed>) = 0 [pid 7145] openat(AT_FDCWD, ".", O_RDONLY [pid 7144] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... openat resumed>) = 3 [pid 7144] <... futex resumed>) = 0 [pid 7145] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7145] <... futex resumed>) = 0 [pid 7144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7145] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7144] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7157] <... rseq resumed>) = 0 [pid 7157] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7157] memfd_create("syzkaller", 0 [pid 7145] <... ioctl resumed>) = 0 [pid 7145] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7144] <... futex resumed>) = 0 [pid 7145] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7144] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... openat resumed>) = 4 [pid 7144] <... futex resumed>) = 0 [pid 7145] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7145] <... futex resumed>) = 0 [pid 7144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7145] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7144] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7142] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7157] <... memfd_create resumed>) = 3 [pid 7157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7144] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7144] exit_group(0) = ? [pid 7145] <... write resumed>) = ? [pid 7142] exit_group(0) = ? [pid 7145] +++ exited with 0 +++ [pid 7144] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7144, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=86 /* 0.86 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7143] <... write resumed>) = ? [pid 5867] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./65/file0" [pid 7143] +++ exited with 0 +++ [pid 7142] +++ exited with 0 +++ [pid 5867] <... rmdir resumed>) = 0 [pid 5867] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7142, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=85 /* 0.85 s */} --- [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5867] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./65/binderfs") = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5867] umount2("./65/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./65/cpuset.effective_mems", [pid 5869] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5867] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=3956672, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5867] unlink("./65/cpuset.effective_mems" [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./63/file0", [pid 7155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./63/file0") = 0 [pid 5869] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./63/binderfs") = 0 [pid 5869] umount2("./63/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./63/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10870784, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./63/cpuset.effective_mems" [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./65") = 0 [pid 5867] mkdir("./66", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7158 ./strace-static-x86_64: Process 7158 attached [pid 7158] set_robust_list(0x55558d547760, 24) = 0 [pid 7158] chdir("./66") = 0 [pid 7158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7158] setpgid(0, 0) = 0 [pid 7158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7158] write(3, "1000", 4) = 4 [pid 7158] close(3) = 0 [pid 7158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7158] write(1, "executing program\n", 18executing program ) = 18 [pid 7158] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7158] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7158] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7159]}, 88) = 7159 ./strace-static-x86_64: Process 7159 attached [pid 7159] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7158] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... unlink resumed>) = 0 [pid 7159] <... rseq resumed>) = 0 [pid 7159] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7159] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./63" [pid 7158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7158] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... futex resumed>) = 0 [pid 7158] <... futex resumed>) = 1 [pid 7159] memfd_create("syzkaller", 0 [pid 7158] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7159] <... memfd_create resumed>) = 3 [pid 7159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5869] mkdir("./64", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7160 ./strace-static-x86_64: Process 7160 attached [pid 7160] set_robust_list(0x55558d547760, 24 [pid 7157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7160] <... set_robust_list resumed>) = 0 [pid 7160] chdir("./64") = 0 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7160] setpgid(0, 0) = 0 [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7160] write(3, "1000", 4) = 4 [pid 7160] close(3) = 0 [pid 7160] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7160] write(1, "executing program\n", 18) = 18 [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7160] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7161 attached => {parent_tid=[7161]}, 88) = 7161 [pid 7161] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 7161] <... rseq resumed>) = 0 [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7161] set_robust_list(0x7fb4715169a0, 24 [pid 7160] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... set_robust_list resumed>) = 0 [pid 7160] <... futex resumed>) = 0 [pid 7161] rt_sigprocmask(SIG_SETMASK, [], [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7161] memfd_create("syzkaller", 0) = 3 [pid 7161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7155] <... write resumed>) = 16777216 [pid 7155] munmap(0x7fb469000000, 138412032) = 0 [pid 7155] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7155] close(3) = 0 [pid 7155] close(4) = 0 [pid 7155] mkdir("./file0", 0777) = 0 [ 228.486406][ T7155] loop1: detected capacity change from 0 to 32768 [ 228.519597][ T7155] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 228.545383][ T7155] CPU: 1 UID: 0 PID: 7155 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 228.545417][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.545431][ T7155] Call Trace: [ 228.545439][ T7155] [ 228.545448][ T7155] dump_stack_lvl+0x189/0x250 [ 228.545478][ T7155] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.545502][ T7155] ? __pfx__printk+0x10/0x10 [ 228.545528][ T7155] ? kernfs_root+0x1c/0x230 [ 228.545552][ T7155] ? kernfs_path_from_node+0x250/0x290 [ 228.545573][ T7155] ? kernfs_path_from_node+0x2f/0x290 [ 228.545597][ T7155] sysfs_create_dir_ns+0x259/0x280 [ 228.545620][ T7155] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 228.545641][ T7155] ? do_raw_spin_unlock+0x122/0x240 [ 228.545667][ T7155] kobject_add_internal+0x59f/0xb40 [ 228.545695][ T7155] kobject_init_and_add+0x125/0x190 [ 228.545720][ T7155] ? __pfx_kobject_init_and_add+0x10/0x10 [ 228.545742][ T7155] ? __raw_spin_lock_init+0x45/0x100 [ 228.545768][ T7155] ? __init_swait_queue_head+0xa9/0x150 [ 228.545793][ T7155] gfs2_sys_fs_add+0x234/0x450 [ 228.545814][ T7155] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 228.545837][ T7155] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 228.545869][ T7155] gfs2_fill_super+0x13c0/0x20d0 [ 228.545900][ T7155] ? __pfx_gfs2_fill_super+0x10/0x10 [ 228.545927][ T7155] ? sb_set_blocksize+0x104/0x180 [ 228.545956][ T7155] ? setup_bdev_super+0x4c1/0x5b0 [ 228.545986][ T7155] get_tree_bdev_flags+0x40b/0x4d0 [ 228.546024][ T7155] ? __pfx_gfs2_fill_super+0x10/0x10 [ 228.546049][ T7155] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 228.546083][ T7155] gfs2_get_tree+0x51/0x1e0 [ 228.546111][ T7155] vfs_get_tree+0x8f/0x2b0 [ 228.546141][ T7155] do_new_mount+0x2a2/0xa30 [ 228.546173][ T7155] ? ns_capable+0x8a/0xf0 [ 228.546193][ T7155] ? __pfx_do_new_mount+0x10/0x10 [ 228.546223][ T7155] ? path_mount+0x61c/0xfe0 [ 228.546252][ T7155] ? user_path_at+0x44/0x60 [ 228.546280][ T7155] __se_sys_mount+0x317/0x410 [ 228.546314][ T7155] ? __pfx___se_sys_mount+0x10/0x10 [ 228.546344][ T7155] ? rcu_is_watching+0x15/0xb0 [ 228.546369][ T7155] ? __x64_sys_mount+0x20/0xc0 [ 228.546401][ T7155] do_syscall_64+0xfa/0x3b0 [ 228.546423][ T7155] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.546444][ T7155] ? clear_bhb_loop+0x60/0xb0 [ 228.546468][ T7155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.546488][ T7155] RIP: 0033:0x7fb47156b94a [ 228.546507][ T7155] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 228.546526][ T7155] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 228.546548][ T7155] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 228.546565][ T7155] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 228.546580][ T7155] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 228.546596][ T7155] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 228.546610][ T7155] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7155] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7157] <... write resumed>) = 16777216 [pid 7157] munmap(0x7fb469000000, 138412032 [pid 7161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7157] <... munmap resumed>) = 0 [pid 7157] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7157] ioctl(4, LOOP_SET_FD, 3 [pid 7155] <... mount resumed>) = -1 EEXIST (File exists) [pid 7155] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7157] <... ioctl resumed>) = 0 [pid 7155] ioctl(3, LOOP_CLR_FD) = 0 [pid 7155] close(3 [pid 7157] close(3) = 0 [pid 7157] close(4) = 0 [pid 7157] mkdir("./file0", 0777) = 0 [ 228.546631][ T7155] [ 228.546653][ T7155] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 228.863875][ T7155] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 228.868186][ T7157] loop3: detected capacity change from 0 to 32768 [ 228.929712][ T7157] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 228.968828][ T7157] CPU: 0 UID: 0 PID: 7157 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 228.968860][ T7157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 228.968874][ T7157] Call Trace: [ 228.968882][ T7157] [ 228.968891][ T7157] dump_stack_lvl+0x189/0x250 [ 228.968924][ T7157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.968949][ T7157] ? __pfx__printk+0x10/0x10 [ 228.968976][ T7157] ? kernfs_root+0x1c/0x230 [ 228.969002][ T7157] ? kernfs_path_from_node+0x250/0x290 [ 228.969025][ T7157] ? kernfs_path_from_node+0x2f/0x290 [ 228.969050][ T7157] sysfs_create_dir_ns+0x259/0x280 [ 228.969074][ T7157] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 228.969097][ T7157] ? do_raw_spin_unlock+0x122/0x240 [ 228.969125][ T7157] kobject_add_internal+0x59f/0xb40 [ 228.969154][ T7157] kobject_init_and_add+0x125/0x190 [ 228.969179][ T7157] ? __pfx_kobject_init_and_add+0x10/0x10 [ 228.969212][ T7157] ? __raw_spin_lock_init+0x45/0x100 [pid 7157] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7155] <... close resumed>) = 0 [pid 7155] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 228.969238][ T7157] ? __init_swait_queue_head+0xa9/0x150 [ 228.969264][ T7157] gfs2_sys_fs_add+0x234/0x450 [ 228.969287][ T7157] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 228.969311][ T7157] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 228.969345][ T7157] gfs2_fill_super+0x13c0/0x20d0 [ 228.969381][ T7157] ? __pfx_gfs2_fill_super+0x10/0x10 [ 228.969409][ T7157] ? sb_set_blocksize+0x104/0x180 [ 228.969439][ T7157] ? setup_bdev_super+0x4c1/0x5b0 [ 228.969469][ T7157] get_tree_bdev_flags+0x40b/0x4d0 [ 228.969498][ T7157] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7155] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7159] <... write resumed>) = 16777216 [pid 7159] munmap(0x7fb469000000, 138412032 [pid 7161] <... write resumed>) = 16777216 [ 228.969524][ T7157] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 228.969558][ T7157] gfs2_get_tree+0x51/0x1e0 [ 228.969586][ T7157] vfs_get_tree+0x8f/0x2b0 [ 228.969616][ T7157] do_new_mount+0x2a2/0xa30 [ 228.969648][ T7157] ? ns_capable+0x8a/0xf0 [ 228.969669][ T7157] ? __pfx_do_new_mount+0x10/0x10 [ 228.969698][ T7157] ? path_mount+0x61c/0xfe0 [ 228.969727][ T7157] ? user_path_at+0x44/0x60 [ 228.969753][ T7157] __se_sys_mount+0x317/0x410 [ 228.969788][ T7157] ? __pfx___se_sys_mount+0x10/0x10 [pid 7161] munmap(0x7fb469000000, 138412032 [pid 7154] <... futex resumed>) = 0 [pid 7154] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7155] <... futex resumed>) = 0 [pid 7154] <... futex resumed>) = 1 [pid 7155] openat(AT_FDCWD, ".", O_RDONLY [pid 7154] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7155] <... openat resumed>) = 3 [pid 7155] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7154] <... futex resumed>) = 0 [pid 7154] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7154] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 228.969818][ T7157] ? rcu_is_watching+0x15/0xb0 [ 228.969842][ T7157] ? __x64_sys_mount+0x20/0xc0 [ 228.969874][ T7157] do_syscall_64+0xfa/0x3b0 [ 228.969896][ T7157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.969916][ T7157] ? clear_bhb_loop+0x60/0xb0 [ 228.969939][ T7157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.969960][ T7157] RIP: 0033:0x7fb47156b94a [pid 7155] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7154] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7154] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7166 attached [pid 7166] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7154] <... clone3 resumed> => {parent_tid=[7166]}, 88) = 7166 [pid 7166] <... rseq resumed>) = 0 [pid 7154] rt_sigprocmask(SIG_SETMASK, [], [pid 7166] set_robust_list(0x7fb4714f59a0, 24 [pid 7154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7154] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7154] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7166] <... set_robust_list resumed>) = 0 [pid 7166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7166] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7159] <... munmap resumed>) = 0 [pid 7159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 228.969977][ T7157] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 228.969996][ T7157] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 228.970018][ T7157] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 228.970034][ T7157] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 228.970049][ T7157] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 228.970064][ T7157] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 228.970077][ T7157] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7159] ioctl(4, LOOP_SET_FD, 3 [pid 7161] <... munmap resumed>) = 0 [pid 7159] <... ioctl resumed>) = 0 [pid 7161] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7161] ioctl(4, LOOP_SET_FD, 3 [pid 7159] close(3 [pid 7154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7159] <... close resumed>) = 0 [pid 7159] close(4) = 0 [pid 7159] mkdir("./file0", 0777 [pid 7166] <... openat resumed>) = 4 [pid 7161] <... ioctl resumed>) = 0 [pid 7157] <... mount resumed>) = -1 EEXIST (File exists) [pid 7155] <... ioctl resumed>) = 0 [pid 7154] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7166] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] close(3 [pid 7159] <... mkdir resumed>) = 0 [pid 7157] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7155] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] <... futex resumed>) = 0 [pid 7166] <... futex resumed>) = 0 [pid 7161] <... close resumed>) = 0 [pid 7159] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7157] <... openat resumed>) = 3 [pid 7155] <... futex resumed>) = 0 [pid 7154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7166] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7161] close(4 [pid 7157] ioctl(3, LOOP_CLR_FD [pid 7155] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7154] <... mmap resumed>) = 0x7fb4714b4000 [pid 7161] <... close resumed>) = 0 [pid 7157] <... ioctl resumed>) = 0 [pid 7154] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7161] mkdir("./file0", 0777 [pid 7157] close(3 [pid 7154] <... mprotect resumed>) = 0 [pid 7161] <... mkdir resumed>) = 0 [pid 7154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7167]}, 88) = 7167 ./strace-static-x86_64: Process 7167 attached [pid 7154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7161] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7154] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7154] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7167] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7167] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 228.970098][ T7157] [ 228.970120][ T7157] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 229.258994][ T7159] loop0: detected capacity change from 0 to 32768 [ 229.270689][ T7157] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 229.292512][ T7161] loop2: detected capacity change from 0 to 32768 [ 229.358143][ T7161] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 229.385420][ T7159] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 229.392867][ T7159] CPU: 0 UID: 0 PID: 7159 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 229.392896][ T7159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 229.392910][ T7159] Call Trace: [ 229.392919][ T7159] [ 229.392928][ T7159] dump_stack_lvl+0x189/0x250 [ 229.392966][ T7159] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.392990][ T7159] ? __pfx__printk+0x10/0x10 [ 229.393016][ T7159] ? kernfs_root+0x1c/0x230 [ 229.393041][ T7159] ? kernfs_path_from_node+0x250/0x290 [ 229.393062][ T7159] ? kernfs_path_from_node+0x2f/0x290 [ 229.393086][ T7159] sysfs_create_dir_ns+0x259/0x280 [ 229.393109][ T7159] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 229.393131][ T7159] ? do_raw_spin_unlock+0x122/0x240 [ 229.393160][ T7159] kobject_add_internal+0x59f/0xb40 [ 229.393188][ T7159] kobject_init_and_add+0x125/0x190 [ 229.393212][ T7159] ? __pfx_kobject_init_and_add+0x10/0x10 [ 229.393235][ T7159] ? __raw_spin_lock_init+0x45/0x100 [ 229.393259][ T7159] ? __init_swait_queue_head+0xa9/0x150 [ 229.393285][ T7159] gfs2_sys_fs_add+0x234/0x450 [ 229.393307][ T7159] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 229.393331][ T7159] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 229.393381][ T7159] gfs2_fill_super+0x13c0/0x20d0 [ 229.393416][ T7159] ? __pfx_gfs2_fill_super+0x10/0x10 [ 229.393445][ T7159] ? sb_set_blocksize+0x104/0x180 [ 229.393475][ T7159] ? setup_bdev_super+0x4c1/0x5b0 [ 229.393504][ T7159] get_tree_bdev_flags+0x40b/0x4d0 [ 229.393533][ T7159] ? __pfx_gfs2_fill_super+0x10/0x10 [ 229.393560][ T7159] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 229.393594][ T7159] gfs2_get_tree+0x51/0x1e0 [ 229.393620][ T7159] vfs_get_tree+0x8f/0x2b0 [pid 7167] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7157] <... close resumed>) = 0 [pid 7154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7157] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7157] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7159] <... mount resumed>) = -1 EEXIST (File exists) [pid 7159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7159] ioctl(3, LOOP_CLR_FD) = 0 [pid 7159] close(3) = 0 [pid 7159] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7159] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] <... futex resumed>) = 0 [ 229.393648][ T7159] do_new_mount+0x2a2/0xa30 [ 229.393680][ T7159] ? ns_capable+0x8a/0xf0 [ 229.393699][ T7159] ? __pfx_do_new_mount+0x10/0x10 [ 229.393729][ T7159] ? path_mount+0x61c/0xfe0 [ 229.393756][ T7159] ? user_path_at+0x44/0x60 [ 229.393784][ T7159] __se_sys_mount+0x317/0x410 [ 229.393824][ T7159] ? __pfx___se_sys_mount+0x10/0x10 [ 229.393854][ T7159] ? rcu_is_watching+0x15/0xb0 [ 229.393877][ T7159] ? __x64_sys_mount+0x20/0xc0 [ 229.393909][ T7159] do_syscall_64+0xfa/0x3b0 [ 229.393932][ T7159] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.394017][ T7159] ? clear_bhb_loop+0x60/0xb0 [ 229.394049][ T7159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.394069][ T7159] RIP: 0033:0x7fb47156b94a [ 229.394088][ T7159] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 229.394106][ T7159] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 7158] <... futex resumed>) = 0 [pid 7156] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7158] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] <... futex resumed>) = 0 [pid 7156] <... futex resumed>) = 1 [pid 7159] <... futex resumed>) = 0 [pid 7158] <... futex resumed>) = 1 [pid 7157] openat(AT_FDCWD, ".", O_RDONLY [pid 7156] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] openat(AT_FDCWD, ".", O_RDONLY [pid 7158] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7157] <... openat resumed>) = 3 [pid 7159] <... openat resumed>) = 3 [pid 7157] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] <... futex resumed>) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7159] <... futex resumed>) = 1 [pid 7158] <... futex resumed>) = 0 [pid 7157] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7156] <... futex resumed>) = 0 [pid 7159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7158] <... futex resumed>) = 0 [pid 7157] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7156] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 229.394129][ T7159] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 229.394146][ T7159] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 229.394160][ T7159] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 229.394175][ T7159] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 229.394188][ T7159] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 229.394211][ T7159] [pid 7158] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7156] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7156] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7158] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] <... mmap resumed>) = 0x7fb4714d5000 [pid 7158] <... futex resumed>) = 0 [pid 7156] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7156] <... mprotect resumed>) = 0 [pid 7158] <... mmap resumed>) = 0x7fb4714d5000 [pid 7156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7158] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7158] <... mprotect resumed>) = 0 [pid 7156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7172 attached [pid 7158] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7172] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7158] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7156] <... clone3 resumed> => {parent_tid=[7172]}, 88) = 7172 [pid 7172] <... rseq resumed>) = 0 [pid 7158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} [pid 7156] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7173 attached [ 229.394236][ T7159] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 229.512607][ T7161] CPU: 1 UID: 0 PID: 7161 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 229.512645][ T7161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 229.512662][ T7161] Call Trace: [ 229.512672][ T7161] [ 229.512682][ T7161] dump_stack_lvl+0x189/0x250 [ 229.512719][ T7161] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.512748][ T7161] ? __pfx__printk+0x10/0x10 [pid 7172] set_robust_list(0x7fb4714f59a0, 24 [pid 7156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7173] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7172] <... set_robust_list resumed>) = 0 [pid 7158] <... clone3 resumed> => {parent_tid=[7173]}, 88) = 7173 [pid 7156] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7173] <... rseq resumed>) = 0 [pid 7172] rt_sigprocmask(SIG_SETMASK, [], [pid 7158] rt_sigprocmask(SIG_SETMASK, [], [pid 7156] <... futex resumed>) = 0 [pid 7173] set_robust_list(0x7fb4714f59a0, 24 [pid 7172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7156] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7173] <... set_robust_list resumed>) = 0 [pid 7172] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7158] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7173] rt_sigprocmask(SIG_SETMASK, [], [pid 7158] <... futex resumed>) = 0 [pid 7173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7158] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7173] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7154] exit_group(0 [pid 7166] <... futex resumed>) = ? [pid 7166] +++ exited with 0 +++ [pid 7154] <... exit_group resumed>) = ? [pid 7167] <... write resumed>) = ? [pid 7167] +++ exited with 0 +++ [ 229.512779][ T7161] ? kernfs_root+0x1c/0x230 [ 229.512809][ T7161] ? kernfs_path_from_node+0x250/0x290 [ 229.512834][ T7161] ? kernfs_path_from_node+0x2f/0x290 [ 229.512862][ T7161] sysfs_create_dir_ns+0x259/0x280 [ 229.512888][ T7161] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 229.512914][ T7161] ? do_raw_spin_unlock+0x122/0x240 [ 229.512958][ T7161] kobject_add_internal+0x59f/0xb40 [ 229.512990][ T7161] kobject_init_and_add+0x125/0x190 [ 229.513019][ T7161] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 7155] <... futex resumed>) = ? [pid 7158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7156] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7158] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7158] <... futex resumed>) = 0 [pid 7156] <... futex resumed>) = 0 [pid 7158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7158] <... mmap resumed>) = 0x7fb4714b4000 [pid 7156] <... mmap resumed>) = 0x7fb4714b4000 [pid 7158] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7156] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7158] <... mprotect resumed>) = 0 [pid 7156] <... mprotect resumed>) = 0 [pid 7158] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7158] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} [pid 7156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} [pid 7158] <... clone3 resumed> => {parent_tid=[7175]}, 88) = 7175 [pid 7156] <... clone3 resumed> => {parent_tid=[7174]}, 88) = 7174 [pid 7158] rt_sigprocmask(SIG_SETMASK, [], [pid 7156] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7175 attached [pid 7158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7155] +++ exited with 0 +++ [pid 7154] +++ exited with 0 +++ [pid 7175] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7158] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7175] <... rseq resumed>) = 0 [pid 7158] <... futex resumed>) = 0 [pid 7156] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] set_robust_list(0x7fb4714d49a0, 24 [pid 7158] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7156] <... futex resumed>) = 0 [pid 7175] <... set_robust_list resumed>) = 0 [pid 7156] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7175] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7175] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7158] <... futex resumed>) = 0 [pid 7175] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7154, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=89 /* 0.89 s */} --- [pid 5868] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [ 229.513045][ T7161] ? __raw_spin_lock_init+0x45/0x100 [ 229.513074][ T7161] ? __init_swait_queue_head+0xa9/0x150 [ 229.513104][ T7161] gfs2_sys_fs_add+0x234/0x450 [ 229.513130][ T7161] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 229.513158][ T7161] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 229.513196][ T7161] gfs2_fill_super+0x13c0/0x20d0 [ 229.513235][ T7161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 229.513268][ T7161] ? sb_set_blocksize+0x104/0x180 [ 229.513302][ T7161] ? setup_bdev_super+0x4c1/0x5b0 [pid 5868] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./67/file0") = 0 [pid 5868] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./67/binderfs") = 0 [pid 5868] umount2("./67/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./67/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9953216, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./67/cpuset.effective_mems" [pid 7156] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 229.513336][ T7161] get_tree_bdev_flags+0x40b/0x4d0 [ 229.513369][ T7161] ? __pfx_gfs2_fill_super+0x10/0x10 [ 229.513398][ T7161] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 229.513435][ T7161] gfs2_get_tree+0x51/0x1e0 [ 229.513468][ T7161] vfs_get_tree+0x8f/0x2b0 [ 229.513499][ T7161] do_new_mount+0x2a2/0xa30 [ 229.513538][ T7161] ? ns_capable+0x8a/0xf0 [ 229.513559][ T7161] ? __pfx_do_new_mount+0x10/0x10 [ 229.513593][ T7161] ? path_mount+0x61c/0xfe0 [ 229.513624][ T7161] ? user_path_at+0x44/0x60 [ 229.513656][ T7161] __se_sys_mount+0x317/0x410 [ 229.513693][ T7161] ? __pfx___se_sys_mount+0x10/0x10 [ 229.513727][ T7161] ? rcu_is_watching+0x15/0xb0 [ 229.513753][ T7161] ? __x64_sys_mount+0x20/0xc0 [ 229.513789][ T7161] do_syscall_64+0xfa/0x3b0 [ 229.513812][ T7161] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.513837][ T7161] ? clear_bhb_loop+0x60/0xb0 [ 229.513863][ T7161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.513884][ T7161] RIP: 0033:0x7fb47156b94a [pid 7158] exit_group(0 [pid 7175] <... futex resumed>) = ? [pid 7158] <... exit_group resumed>) = ? [pid 7175] +++ exited with 0 +++ [ 229.513906][ T7161] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 229.513926][ T7161] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 229.513959][ T7161] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 229.513978][ T7161] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 229.513996][ T7161] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7156] exit_group(0) = ? [pid 5868] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 7174 attached [pid 5868] getdents64(3, [pid 7174] +++ exited with 0 +++ [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./67") = 0 [pid 5868] mkdir("./68", 0777 [pid 7161] <... mount resumed>) = -1 EEXIST (File exists) [pid 7159] <... ioctl resumed>) = ? [pid 7157] <... ioctl resumed>) = ? [pid 7172] <... openat resumed>) = ? [pid 7161] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7159] +++ exited with 0 +++ [pid 7161] ioctl(3, LOOP_CLR_FD [pid 7157] +++ exited with 0 +++ [pid 7161] <... ioctl resumed>) = 0 [pid 7161] close(3 [pid 7173] <... openat resumed>) = ? [pid 7172] +++ exited with 0 +++ [pid 7156] +++ exited with 0 +++ [pid 5868] <... mkdir resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7156, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=58 /* 0.58 s */} --- [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7176 [pid 5870] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7176 attached [pid 7176] set_robust_list(0x55558d547760, 24 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7176] <... set_robust_list resumed>) = 0 [pid 7176] chdir("./68" [ 229.514015][ T7161] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 229.514032][ T7161] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 229.514057][ T7161] [ 229.514082][ T7161] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 229.527906][ T7159] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 230.044797][ T7161] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7176] <... chdir resumed>) = 0 [pid 7173] +++ exited with 0 +++ [pid 7158] +++ exited with 0 +++ [pid 5870] <... openat resumed>) = 3 [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7158, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=38 /* 0.38 s */} --- [pid 7176] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] newfstatat(3, "", [pid 5867] restart_syscall(<... resuming interrupted clone ...> [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7176] <... prctl resumed>) = 0 [pid 7176] setpgid(0, 0 [pid 5870] getdents64(3, [pid 7176] <... setpgid resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7176] <... openat resumed>) = 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7176] write(3, "1000", 4 [pid 5870] newfstatat(AT_FDCWD, "./65/file0", [pid 7176] <... write resumed>) = 4 [pid 7176] close(3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7176] <... close resumed>) = 0 [pid 5870] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7176] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... restart_syscall resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY executing program [pid 7176] <... symlink resumed>) = 0 [pid 7176] write(1, "executing program\n", 18 [pid 5870] <... openat resumed>) = 4 [pid 5867] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7176] <... write resumed>) = 18 [pid 5870] newfstatat(4, "", [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7176] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7176] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] <... openat resumed>) = 3 [pid 7176] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5870] getdents64(4, [pid 7176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5867] newfstatat(3, "", [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] close(4 [pid 5867] getdents64(3, [pid 7176] <... mmap resumed>) = 0x7fb4714f6000 [pid 5870] <... close resumed>) = 0 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7176] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 5870] rmdir("./65/file0" [pid 5867] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... rmdir resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] newfstatat(AT_FDCWD, "./66/file0", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] newfstatat(AT_FDCWD, "./65/binderfs", [pid 5867] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7176] <... mprotect resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] unlink("./65/binderfs" [pid 5867] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... unlink resumed>) = 0 [pid 5870] umount2("./65/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] <... openat resumed>) = 4 [pid 7176] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5867] newfstatat(4, "", [pid 7176] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5867] getdents64(4, ./strace-static-x86_64: Process 7177 attached [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7177] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7176] <... clone3 resumed> => {parent_tid=[7177]}, 88) = 7177 [pid 5867] getdents64(4, [pid 7177] <... rseq resumed>) = 0 [pid 7176] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7177] set_robust_list(0x7fb4715169a0, 24 [pid 7176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] close(4 [pid 7177] <... set_robust_list resumed>) = 0 [pid 7176] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(AT_FDCWD, "./65/cpuset.effective_mems", [pid 7177] rt_sigprocmask(SIG_SETMASK, [], [pid 7176] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] <... close resumed>) = 0 [pid 7177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] unlink("./65/cpuset.effective_mems" [pid 5867] rmdir("./66/file0" [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 5870] close(3 [pid 7177] memfd_create("syzkaller", 0 [pid 5870] <... close resumed>) = 0 [pid 5867] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7177] <... memfd_create resumed>) = 3 [pid 5870] rmdir("./65" [pid 7177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7177] <... mmap resumed>) = 0x7fb469000000 [pid 5870] mkdir("./66", 0777 [pid 5867] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5867] unlink("./66/binderfs" [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] <... unlink resumed>) = 0 [pid 5870] close(3 [pid 5867] umount2("./66/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7178 attached [pid 5867] newfstatat(AT_FDCWD, "./66/cpuset.effective_mems", [pid 7178] set_robust_list(0x55558d547760, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7178 [pid 5867] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7178] <... set_robust_list resumed>) = 0 [pid 5867] unlink("./66/cpuset.effective_mems" [pid 7178] chdir("./66" [pid 5867] <... unlink resumed>) = 0 [pid 7178] <... chdir resumed>) = 0 [pid 5867] getdents64(3, [pid 7178] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7178] <... prctl resumed>) = 0 [pid 5867] close(3 [pid 7178] setpgid(0, 0 [pid 5867] <... close resumed>) = 0 [pid 7178] <... setpgid resumed>) = 0 [pid 5867] rmdir("./66" [pid 7178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] <... rmdir resumed>) = 0 [pid 5867] mkdir("./67", 0777 [pid 7178] <... openat resumed>) = 3 [pid 5867] <... mkdir resumed>) = 0 [pid 7178] write(3, "1000", 4 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7178] <... write resumed>) = 4 [pid 5867] <... openat resumed>) = 3 [pid 7178] close(3 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 7178] <... close resumed>) = 0 [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7178] symlink("/dev/binderfs", "./binderfs" [pid 5867] close(3) = 0 executing program [pid 7178] <... symlink resumed>) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7178] write(1, "executing program\n", 18) = 18 [pid 7178] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7179 attached ) = 0 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7179 [pid 7179] set_robust_list(0x55558d547760, 24) = 0 [pid 7178] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7179] chdir("./67") = 0 [pid 7178] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7179] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7179] <... prctl resumed>) = 0 [pid 7178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7179] setpgid(0, 0 [pid 7178] <... mmap resumed>) = 0x7fb4714f6000 [pid 7179] <... setpgid resumed>) = 0 [pid 7178] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7178] <... mprotect resumed>) = 0 [pid 7179] <... openat resumed>) = 3 [pid 7178] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7179] write(3, "1000", 4 [pid 7178] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7179] <... write resumed>) = 4 [pid 7178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7179] close(3) = 0 [pid 7178] <... clone3 resumed> => {parent_tid=[7180]}, 88) = 7180 [pid 7178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7178] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7180 attached [pid 7178] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7180] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7180] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7180] memfd_create("syzkaller", 0 [pid 7179] symlink("/dev/binderfs", "./binderfs" [pid 7180] <... memfd_create resumed>) = 3 [pid 7180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 executing program [pid 7179] <... symlink resumed>) = 0 [pid 7179] write(1, "executing program\n", 18) = 18 [pid 7179] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7179] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7179] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7181 attached => {parent_tid=[7181]}, 88) = 7181 [pid 7161] <... close resumed>) = 0 [pid 7179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7179] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7181] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7179] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7181] <... rseq resumed>) = 0 [pid 7161] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7181] rt_sigprocmask(SIG_SETMASK, [], [pid 7161] <... futex resumed>) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7161] openat(AT_FDCWD, ".", O_RDONLY [pid 7160] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] memfd_create("syzkaller", 0 [pid 7161] <... openat resumed>) = 3 [pid 7160] <... futex resumed>) = 0 [pid 7161] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7161] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7160] <... futex resumed>) = 0 [pid 7161] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... memfd_create resumed>) = 3 [pid 7181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7161] <... ioctl resumed>) = 0 [pid 7161] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7161] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] <... openat resumed>) = 4 [pid 7161] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7160] exit_group(0) = ? [pid 7161] <... write resumed>) = ? [pid 7161] +++ exited with 0 +++ [pid 7160] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7160, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=97 /* 0.97 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 7180] <... write resumed>) = 16777216 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7180] munmap(0x7fb469000000, 138412032 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./64/file0") = 0 [pid 5869] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./64/binderfs") = 0 [pid 5869] umount2("./64/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./64/cpuset.effective_mems", [pid 7177] <... write resumed>) = 16777216 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=5107712, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./64/cpuset.effective_mems" [pid 7177] munmap(0x7fb469000000, 138412032 [pid 7180] <... munmap resumed>) = 0 [pid 7180] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7180] close(3) = 0 [pid 7180] close(4) = 0 [pid 7180] mkdir("./file0", 0777) = 0 [ 230.649494][ T7180] loop3: detected capacity change from 0 to 32768 [ 230.683097][ T7180] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7180] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7177] <... munmap resumed>) = 0 [pid 7177] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7177] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./64") = 0 [pid 5869] mkdir("./65", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 230.702007][ T7180] CPU: 0 UID: 0 PID: 7180 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 230.702041][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 230.702056][ T7180] Call Trace: [ 230.702064][ T7180] [ 230.702074][ T7180] dump_stack_lvl+0x189/0x250 [ 230.702106][ T7180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.702131][ T7180] ? __pfx__printk+0x10/0x10 [ 230.702158][ T7180] ? kernfs_root+0x1c/0x230 [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7184 attached , child_tidptr=0x55558d547750) = 7184 [pid 7184] set_robust_list(0x55558d547760, 24 [pid 7177] <... ioctl resumed>) = 0 [pid 7184] <... set_robust_list resumed>) = 0 [pid 7177] close(3 [pid 7184] chdir("./65" [pid 7177] <... close resumed>) = 0 [pid 7184] <... chdir resumed>) = 0 [pid 7177] close(4 [pid 7184] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7177] <... close resumed>) = 0 [pid 7184] <... prctl resumed>) = 0 [pid 7177] mkdir("./file0", 0777 [pid 7184] setpgid(0, 0 [pid 7177] <... mkdir resumed>) = 0 [ 230.702184][ T7180] ? kernfs_path_from_node+0x250/0x290 [ 230.702207][ T7180] ? kernfs_path_from_node+0x2f/0x290 [ 230.702231][ T7180] sysfs_create_dir_ns+0x259/0x280 [ 230.702255][ T7180] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 230.702277][ T7180] ? do_raw_spin_unlock+0x122/0x240 [ 230.702305][ T7180] kobject_add_internal+0x59f/0xb40 [ 230.702334][ T7180] kobject_init_and_add+0x125/0x190 [ 230.702360][ T7180] ? __pfx_kobject_init_and_add+0x10/0x10 [ 230.702383][ T7180] ? __raw_spin_lock_init+0x45/0x100 [ 230.702409][ T7180] ? __init_swait_queue_head+0xa9/0x150 [ 230.702436][ T7180] gfs2_sys_fs_add+0x234/0x450 [ 230.702458][ T7180] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 230.702483][ T7180] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 230.702517][ T7180] gfs2_fill_super+0x13c0/0x20d0 [ 230.702552][ T7180] ? __pfx_gfs2_fill_super+0x10/0x10 [ 230.702581][ T7180] ? sb_set_blocksize+0x104/0x180 [ 230.702643][ T7180] ? setup_bdev_super+0x4c1/0x5b0 [ 230.702674][ T7180] get_tree_bdev_flags+0x40b/0x4d0 [ 230.702703][ T7180] ? __pfx_gfs2_fill_super+0x10/0x10 [ 230.702730][ T7180] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 230.702764][ T7180] gfs2_get_tree+0x51/0x1e0 [ 230.702799][ T7180] vfs_get_tree+0x8f/0x2b0 [ 230.702829][ T7180] do_new_mount+0x2a2/0xa30 [ 230.702861][ T7180] ? ns_capable+0x8a/0xf0 [ 230.702881][ T7180] ? __pfx_do_new_mount+0x10/0x10 [ 230.702911][ T7180] ? path_mount+0x61c/0xfe0 [ 230.702939][ T7180] ? user_path_at+0x44/0x60 [ 230.702966][ T7180] __se_sys_mount+0x317/0x410 [ 230.703001][ T7180] ? __pfx___se_sys_mount+0x10/0x10 executing program [pid 7184] <... setpgid resumed>) = 0 [pid 7177] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7184] write(3, "1000", 4) = 4 [pid 7184] close(3) = 0 [pid 7184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7184] write(1, "executing program\n", 18) = 18 [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7184] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7184] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7187]}, 88) = 7187 [pid 7184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7184] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7187 attached [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7187] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7187] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7187] memfd_create("syzkaller", 0) = 3 [pid 7187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 230.703031][ T7180] ? rcu_is_watching+0x15/0xb0 [ 230.703055][ T7180] ? __x64_sys_mount+0x20/0xc0 [ 230.703087][ T7180] do_syscall_64+0xfa/0x3b0 [ 230.703109][ T7180] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.703129][ T7180] ? clear_bhb_loop+0x60/0xb0 [ 230.703153][ T7180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.703174][ T7180] RIP: 0033:0x7fb47156b94a [pid 7181] <... write resumed>) = 16777216 [ 230.703192][ T7180] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 230.703210][ T7180] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 230.703234][ T7180] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 230.703249][ T7180] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 230.703265][ T7180] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 230.703279][ T7180] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 230.703293][ T7180] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 230.703314][ T7180] [ 230.703336][ T7180] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 230.721007][ T7177] loop1: detected capacity change from 0 to 32768 [ 230.725483][ T7180] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 230.919625][ T7177] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7181] munmap(0x7fb469000000, 138412032) = 0 [pid 7181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 231.043390][ T7177] CPU: 0 UID: 0 PID: 7177 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 231.043421][ T7177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.043435][ T7177] Call Trace: [ 231.043443][ T7177] [ 231.043453][ T7177] dump_stack_lvl+0x189/0x250 [ 231.043484][ T7177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.043509][ T7177] ? __pfx__printk+0x10/0x10 [ 231.043535][ T7177] ? kernfs_root+0x1c/0x230 [ 231.043560][ T7177] ? kernfs_path_from_node+0x250/0x290 [ 231.043583][ T7177] ? kernfs_path_from_node+0x2f/0x290 [pid 7181] ioctl(4, LOOP_SET_FD, 3 [pid 7180] <... mount resumed>) = -1 EEXIST (File exists) [pid 7180] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7180] ioctl(3, LOOP_CLR_FD) = 0 [pid 7180] close(3 [pid 7181] <... ioctl resumed>) = 0 [ 231.043608][ T7177] sysfs_create_dir_ns+0x259/0x280 [ 231.043632][ T7177] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 231.043655][ T7177] ? do_raw_spin_unlock+0x122/0x240 [ 231.043682][ T7177] kobject_add_internal+0x59f/0xb40 [ 231.043712][ T7177] kobject_init_and_add+0x125/0x190 [ 231.043737][ T7177] ? __pfx_kobject_init_and_add+0x10/0x10 [ 231.043761][ T7177] ? __raw_spin_lock_init+0x45/0x100 [ 231.043787][ T7177] ? __init_swait_queue_head+0xa9/0x150 [ 231.043813][ T7177] gfs2_sys_fs_add+0x234/0x450 [ 231.043834][ T7177] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 231.043858][ T7177] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 231.043892][ T7177] gfs2_fill_super+0x13c0/0x20d0 [ 231.043926][ T7177] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.043956][ T7177] ? sb_set_blocksize+0x104/0x180 [ 231.043986][ T7177] ? setup_bdev_super+0x4c1/0x5b0 [ 231.044025][ T7177] get_tree_bdev_flags+0x40b/0x4d0 [ 231.044051][ T7177] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.044078][ T7177] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 231.044111][ T7177] gfs2_get_tree+0x51/0x1e0 [ 231.044138][ T7177] vfs_get_tree+0x8f/0x2b0 [ 231.044167][ T7177] do_new_mount+0x2a2/0xa30 [ 231.044199][ T7177] ? ns_capable+0x8a/0xf0 [ 231.044219][ T7177] ? __pfx_do_new_mount+0x10/0x10 [ 231.044248][ T7177] ? path_mount+0x61c/0xfe0 [ 231.044275][ T7177] ? user_path_at+0x44/0x60 [ 231.044304][ T7177] __se_sys_mount+0x317/0x410 [ 231.044338][ T7177] ? __pfx___se_sys_mount+0x10/0x10 [ 231.044368][ T7177] ? rcu_is_watching+0x15/0xb0 [ 231.044391][ T7177] ? __x64_sys_mount+0x20/0xc0 [ 231.044423][ T7177] do_syscall_64+0xfa/0x3b0 [pid 7181] close(3 [pid 7187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7181] <... close resumed>) = 0 [pid 7180] <... close resumed>) = 0 [pid 7181] close(4) = 0 [pid 7181] mkdir("./file0", 0777) = 0 [pid 7181] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7180] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7178] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7180] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7180] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7178] <... futex resumed>) = 0 [pid 7180] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 231.044445][ T7177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.044466][ T7177] ? clear_bhb_loop+0x60/0xb0 [ 231.044487][ T7177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.044508][ T7177] RIP: 0033:0x7fb47156b94a [ 231.044526][ T7177] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 231.044544][ T7177] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 7178] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7178] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7178] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7188]}, 88) = 7188 ./strace-static-x86_64: Process 7188 attached [pid 7178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7178] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [ 231.044566][ T7177] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 231.044582][ T7177] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 231.044597][ T7177] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 231.044613][ T7177] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 231.044626][ T7177] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 231.044647][ T7177] [pid 7188] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7188] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7177] <... mount resumed>) = -1 EEXIST (File exists) [pid 7177] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7177] ioctl(3, LOOP_CLR_FD) = 0 [pid 7177] close(3) = 0 [pid 7177] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7177] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7176] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7176] <... futex resumed>) = 0 [pid 7177] openat(AT_FDCWD, ".", O_RDONLY [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7177] <... openat resumed>) = 3 [pid 7177] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7177] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7176] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7176] <... futex resumed>) = 0 [pid 7177] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 231.044668][ T7177] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 231.094222][ T7181] loop0: detected capacity change from 0 to 32768 [ 231.097738][ T7177] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7178] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7178] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7178] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 7191 attached => {parent_tid=[7191]}, 88) = 7191 [pid 7178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7178] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7191] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7191] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7191] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7191] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7178] <... futex resumed>) = 0 [pid 7191] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] <... ioctl resumed>) = 0 [pid 7177] <... ioctl resumed>) = 0 [pid 7177] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7176] <... futex resumed>) = 0 [pid 7177] <... futex resumed>) = 1 [pid 7176] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7176] <... futex resumed>) = 0 [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] <... futex resumed>) = 0 [pid 7177] <... openat resumed>) = 4 [pid 7180] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7177] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7188] <... openat resumed>) = 4 [pid 7177] <... futex resumed>) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7177] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7176] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7176] <... futex resumed>) = 0 [pid 7177] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7176] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7188] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7178] exit_group(0 [pid 7188] <... futex resumed>) = ? [pid 7178] <... exit_group resumed>) = ? [pid 7188] +++ exited with 0 +++ [pid 7191] <... futex resumed>) = ? [pid 7180] <... futex resumed>) = ? [pid 7191] +++ exited with 0 +++ [pid 7180] +++ exited with 0 +++ [pid 7178] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7178, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=50 /* 0.50 s */} --- [ 231.399512][ T7181] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 231.427355][ T7181] CPU: 1 UID: 0 PID: 7181 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 231.427406][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.427420][ T7181] Call Trace: [ 231.427428][ T7181] [ 231.427438][ T7181] dump_stack_lvl+0x189/0x250 [ 231.427471][ T7181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.427497][ T7181] ? __pfx__printk+0x10/0x10 [ 231.427524][ T7181] ? kernfs_root+0x1c/0x230 [ 231.427550][ T7181] ? kernfs_path_from_node+0x250/0x290 [ 231.427573][ T7181] ? kernfs_path_from_node+0x2f/0x290 [ 231.427598][ T7181] sysfs_create_dir_ns+0x259/0x280 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 231.427631][ T7181] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 231.427655][ T7181] ? do_raw_spin_unlock+0x122/0x240 [ 231.427683][ T7181] kobject_add_internal+0x59f/0xb40 [ 231.427712][ T7181] kobject_init_and_add+0x125/0x190 [ 231.427738][ T7181] ? __pfx_kobject_init_and_add+0x10/0x10 [ 231.427762][ T7181] ? __raw_spin_lock_init+0x45/0x100 [ 231.427788][ T7181] ? __init_swait_queue_head+0xa9/0x150 [ 231.427814][ T7181] gfs2_sys_fs_add+0x234/0x450 [ 231.427836][ T7181] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 231.427861][ T7181] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 231.427895][ T7181] gfs2_fill_super+0x13c0/0x20d0 [ 231.427931][ T7181] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.427960][ T7181] ? sb_set_blocksize+0x104/0x180 [ 231.427990][ T7181] ? setup_bdev_super+0x4c1/0x5b0 [ 231.428028][ T7181] get_tree_bdev_flags+0x40b/0x4d0 [ 231.428057][ T7181] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.428083][ T7181] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 231.428118][ T7181] gfs2_get_tree+0x51/0x1e0 [ 231.428146][ T7181] vfs_get_tree+0x8f/0x2b0 [ 231.428175][ T7181] do_new_mount+0x2a2/0xa30 [ 231.428207][ T7181] ? ns_capable+0x8a/0xf0 [ 231.428227][ T7181] ? __pfx_do_new_mount+0x10/0x10 [ 231.428256][ T7181] ? path_mount+0x61c/0xfe0 [ 231.428284][ T7181] ? user_path_at+0x44/0x60 [ 231.428312][ T7181] __se_sys_mount+0x317/0x410 [ 231.428347][ T7181] ? __pfx___se_sys_mount+0x10/0x10 [ 231.428376][ T7181] ? rcu_is_watching+0x15/0xb0 [ 231.428401][ T7181] ? __x64_sys_mount+0x20/0xc0 [ 231.428433][ T7181] do_syscall_64+0xfa/0x3b0 [ 231.428455][ T7181] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.428476][ T7181] ? clear_bhb_loop+0x60/0xb0 [ 231.428499][ T7181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.428520][ T7181] RIP: 0033:0x7fb47156b94a [ 231.428538][ T7181] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 231.428557][ T7181] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 5870] newfstatat(AT_FDCWD, "./66/file0", [pid 7187] <... write resumed>) = 16777216 [pid 7176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 231.428579][ T7181] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 231.428595][ T7181] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 231.428610][ T7181] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 231.428625][ T7181] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 231.428638][ T7181] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 231.428659][ T7181] [ 231.695234][ T7181] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7187] munmap(0x7fb469000000, 138412032 [pid 5870] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./66/file0") = 0 [pid 5870] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./66/binderfs") = 0 [pid 5870] umount2("./66/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./66/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./66/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./66") = 0 [pid 5870] mkdir("./67", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7192 attached [pid 7192] set_robust_list(0x55558d547760, 24) = 0 [pid 7192] chdir("./67" [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7192 [pid 7192] <... chdir resumed>) = 0 [pid 7192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7192] setpgid(0, 0) = 0 [pid 7192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7192] write(3, "1000", 4 [pid 7187] <... munmap resumed>) = 0 [pid 7192] <... write resumed>) = 4 [pid 7192] close(3) = 0 [pid 7177] <... write resumed>) = 16777152 [pid 7192] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7192] write(1, "executing program\n", 18) = 18 [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7192] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7187] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7187] <... openat resumed>) = 4 ./strace-static-x86_64: Process 7193 attached [pid 7192] <... clone3 resumed> => {parent_tid=[7193]}, 88) = 7193 [pid 7187] ioctl(4, LOOP_SET_FD, 3 [pid 7192] rt_sigprocmask(SIG_SETMASK, [], [pid 7177] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7177] <... futex resumed>) = 0 [pid 7176] exit_group(0 [pid 7192] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7176] <... exit_group resumed>) = ? [pid 7192] <... futex resumed>) = 0 [pid 7177] +++ exited with 0 +++ [pid 7176] +++ exited with 0 +++ [pid 7193] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7181] <... mount resumed>) = -1 EEXIST (File exists) [pid 7193] <... rseq resumed>) = 0 [pid 7181] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7176, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=97 /* 0.97 s */} --- [pid 7181] <... openat resumed>) = 3 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7181] ioctl(3, LOOP_CLR_FD [pid 7193] set_robust_list(0x7fb4715169a0, 24 [pid 7181] <... ioctl resumed>) = 0 [pid 7193] <... set_robust_list resumed>) = 0 [pid 7181] close(3 [pid 7193] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... restart_syscall resumed>) = 0 [pid 7193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7193] memfd_create("syzkaller", 0 [pid 5868] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7193] <... memfd_create resumed>) = 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] getdents64(3, [pid 7193] <... mmap resumed>) = 0x7fb469000000 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./68/file0") = 0 [pid 5868] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./68/binderfs") = 0 [pid 5868] umount2("./68/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./68/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=16777152, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 231.862306][ T7181] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 231.869495][ T7187] loop2: detected capacity change from 0 to 32768 [pid 5868] unlink("./68/cpuset.effective_mems" [pid 7187] <... ioctl resumed>) = 0 [pid 7187] close(3) = 0 [pid 7187] close(4) = 0 [pid 7187] mkdir("./file0", 0777) = 0 [ 231.972158][ T7187] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 231.979684][ T7187] CPU: 1 UID: 0 PID: 7187 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 231.979715][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 231.979730][ T7187] Call Trace: [ 231.979738][ T7187] [ 231.979747][ T7187] dump_stack_lvl+0x189/0x250 [ 231.979779][ T7187] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.979804][ T7187] ? __pfx__printk+0x10/0x10 [ 231.979830][ T7187] ? kernfs_root+0x1c/0x230 [ 231.979855][ T7187] ? kernfs_path_from_node+0x250/0x290 [ 231.979877][ T7187] ? kernfs_path_from_node+0x2f/0x290 [ 231.979902][ T7187] sysfs_create_dir_ns+0x259/0x280 [ 231.979926][ T7187] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 231.979948][ T7187] ? do_raw_spin_unlock+0x122/0x240 [ 231.979984][ T7187] kobject_add_internal+0x59f/0xb40 [ 231.980014][ T7187] kobject_init_and_add+0x125/0x190 [ 231.980039][ T7187] ? __pfx_kobject_init_and_add+0x10/0x10 [ 231.980062][ T7187] ? __raw_spin_lock_init+0x45/0x100 [ 231.980088][ T7187] ? __init_swait_queue_head+0xa9/0x150 [ 231.980114][ T7187] gfs2_sys_fs_add+0x234/0x450 [ 231.980136][ T7187] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 231.980160][ T7187] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 231.980195][ T7187] gfs2_fill_super+0x13c0/0x20d0 [ 231.980230][ T7187] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.980258][ T7187] ? sb_set_blocksize+0x104/0x180 [ 231.980288][ T7187] ? setup_bdev_super+0x4c1/0x5b0 [ 231.980318][ T7187] get_tree_bdev_flags+0x40b/0x4d0 [ 231.980347][ T7187] ? __pfx_gfs2_fill_super+0x10/0x10 [ 231.980373][ T7187] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 231.980407][ T7187] gfs2_get_tree+0x51/0x1e0 [ 231.980434][ T7187] vfs_get_tree+0x8f/0x2b0 [ 231.980463][ T7187] do_new_mount+0x2a2/0xa30 [ 231.980495][ T7187] ? ns_capable+0x8a/0xf0 [ 231.980515][ T7187] ? __pfx_do_new_mount+0x10/0x10 [ 231.980544][ T7187] ? path_mount+0x61c/0xfe0 [ 231.980572][ T7187] ? user_path_at+0x44/0x60 [pid 7187] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7181] <... close resumed>) = 0 [pid 7181] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7179] <... futex resumed>) = 0 [pid 7181] openat(AT_FDCWD, ".", O_RDONLY [pid 7179] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... openat resumed>) = 3 [pid 7179] <... futex resumed>) = 0 [pid 7181] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... futex resumed>) = 0 [pid 7179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7181] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7179] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 231.980599][ T7187] __se_sys_mount+0x317/0x410 [ 231.980632][ T7187] ? __pfx___se_sys_mount+0x10/0x10 [ 231.980662][ T7187] ? rcu_is_watching+0x15/0xb0 [ 231.980687][ T7187] ? __x64_sys_mount+0x20/0xc0 [ 231.980717][ T7187] do_syscall_64+0xfa/0x3b0 [ 231.980739][ T7187] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.980759][ T7187] ? clear_bhb_loop+0x60/0xb0 [ 231.980783][ T7187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.980803][ T7187] RIP: 0033:0x7fb47156b94a [pid 7179] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7179] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7179] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [ 231.980820][ T7187] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 231.980839][ T7187] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 231.980862][ T7187] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 231.980878][ T7187] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 231.980893][ T7187] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7196]}, 88) = 7196 ./strace-static-x86_64: Process 7196 attached [pid 7179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7179] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7179] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7196] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7196] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7196] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7179] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7179] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7179] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7179] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 7197 attached [pid 7197] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7179] <... clone3 resumed> => {parent_tid=[7197]}, 88) = 7197 [pid 7197] <... rseq resumed>) = 0 [pid 7179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7179] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7179] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7197] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7197] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7197] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] <... futex resumed>) = 0 [pid 7197] <... futex resumed>) = 1 [pid 7197] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] getdents64(3, [pid 7196] <... openat resumed>) = 4 [pid 7187] <... mount resumed>) = -1 EEXIST (File exists) [pid 7181] <... ioctl resumed>) = 0 [pid 7196] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7181] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] exit_group(0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7197] <... futex resumed>) = ? [pid 7196] <... futex resumed>) = ? [pid 7187] <... openat resumed>) = 3 [pid 7181] <... futex resumed>) = ? [pid 7179] <... exit_group resumed>) = ? [pid 5868] close(3 [pid 7197] +++ exited with 0 +++ [pid 7196] +++ exited with 0 +++ [pid 7187] ioctl(3, LOOP_CLR_FD [pid 7181] +++ exited with 0 +++ [pid 7179] +++ exited with 0 +++ [pid 5868] <... close resumed>) = 0 [pid 7187] <... ioctl resumed>) = 0 [ 231.980908][ T7187] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 231.980922][ T7187] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 231.980943][ T7187] [ 231.980974][ T7187] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 232.300653][ T7187] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7187] close(3 [pid 5868] rmdir("./68" [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7179, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", [pid 5868] <... rmdir resumed>) = 0 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4 [pid 5868] mkdir("./69", 0777 [pid 5867] <... close resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5867] rmdir("./67/file0") = 0 [pid 5867] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... openat resumed>) = 3 [pid 5867] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5867] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5867] unlink("./67/binderfs") = 0 [pid 5867] umount2("./67/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./67/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./67/cpuset.effective_mems") = 0 [pid 5868] close(3 [pid 5867] getdents64(3, [pid 5868] <... close resumed>) = 0 [pid 7193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./67") = 0 [pid 5867] mkdir("./68", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7198 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7199 ./strace-static-x86_64: Process 7198 attached ./strace-static-x86_64: Process 7199 attached [pid 7199] set_robust_list(0x55558d547760, 24) = 0 [pid 7199] chdir("./68" [pid 7198] set_robust_list(0x55558d547760, 24) = 0 [pid 7199] <... chdir resumed>) = 0 [pid 7199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7198] chdir("./69" [pid 7199] setpgid(0, 0) = 0 [pid 7199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7199] write(3, "1000", 4) = 4 [pid 7199] close(3) = 0 [pid 7199] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7198] <... chdir resumed>) = 0 [pid 7198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7198] setpgid(0, 0) = 0 [pid 7199] write(1, "executing program\n", 18) = 18 [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7199] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7198] <... openat resumed>) = 3 [pid 7198] write(3, "1000", 4) = 4 [pid 7198] close(3 [pid 7199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7198] <... close resumed>) = 0 [pid 7199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7198] symlink("/dev/binderfs", "./binderfs" [pid 7199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7199] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7199] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7198] <... symlink resumed>) = 0 [pid 7199] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}executing program [pid 7198] write(1, "executing program\n", 18./strace-static-x86_64: Process 7200 attached ) = 18 [pid 7199] <... clone3 resumed> => {parent_tid=[7200]}, 88) = 7200 [pid 7200] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7198] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7200] <... rseq resumed>) = 0 [pid 7198] <... futex resumed>) = 0 [pid 7200] set_robust_list(0x7fb4715169a0, 24 [pid 7198] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7200] <... set_robust_list resumed>) = 0 [pid 7198] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7199] rt_sigprocmask(SIG_SETMASK, [], [pid 7198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7199] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7200] memfd_create("syzkaller", 0 [pid 7198] <... mmap resumed>) = 0x7fb4714f6000 [pid 7200] <... memfd_create resumed>) = 3 [pid 7198] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7198] <... mprotect resumed>) = 0 [pid 7200] <... mmap resumed>) = 0x7fb469000000 [pid 7198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7201 attached => {parent_tid=[7201]}, 88) = 7201 [pid 7198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7198] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7198] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7201] <... rseq resumed>) = 0 [pid 7201] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7201] memfd_create("syzkaller", 0) = 3 [pid 7201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7187] <... close resumed>) = 0 [pid 7187] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7184] <... futex resumed>) = 0 [pid 7184] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] <... futex resumed>) = 0 [pid 7184] <... futex resumed>) = 1 [pid 7187] openat(AT_FDCWD, ".", O_RDONLY [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7187] <... openat resumed>) = 3 [pid 7187] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7184] <... futex resumed>) = 0 [pid 7184] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] <... futex resumed>) = 0 [pid 7184] <... futex resumed>) = 1 [pid 7187] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7187] <... ioctl resumed>) = 0 [pid 7187] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7184] <... futex resumed>) = 0 [pid 7184] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] <... futex resumed>) = 0 [pid 7184] <... futex resumed>) = 1 [pid 7187] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7187] <... openat resumed>) = 4 [pid 7187] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7184] <... futex resumed>) = 0 [pid 7187] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7184] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7184] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7193] <... write resumed>) = 16777216 [pid 7193] munmap(0x7fb469000000, 138412032) = 0 [pid 7193] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7193] close(3) = 0 [pid 7193] close(4) = 0 [pid 7193] mkdir("./file0", 0777) = 0 [ 232.677463][ T7193] loop3: detected capacity change from 0 to 32768 [ 232.703411][ T7193] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 232.746978][ T7193] CPU: 1 UID: 0 PID: 7193 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 232.747010][ T7193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 232.747023][ T7193] Call Trace: [ 232.747031][ T7193] [ 232.747040][ T7193] dump_stack_lvl+0x189/0x250 [ 232.747089][ T7193] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.747113][ T7193] ? __pfx__printk+0x10/0x10 [ 232.747139][ T7193] ? kernfs_root+0x1c/0x230 [pid 7193] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 232.747164][ T7193] ? kernfs_path_from_node+0x250/0x290 [ 232.747185][ T7193] ? kernfs_path_from_node+0x2f/0x290 [ 232.747209][ T7193] sysfs_create_dir_ns+0x259/0x280 [ 232.747232][ T7193] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 232.747254][ T7193] ? do_raw_spin_unlock+0x122/0x240 [ 232.747281][ T7193] kobject_add_internal+0x59f/0xb40 [ 232.747309][ T7193] kobject_init_and_add+0x125/0x190 [ 232.747333][ T7193] ? __pfx_kobject_init_and_add+0x10/0x10 [ 232.747356][ T7193] ? __raw_spin_lock_init+0x45/0x100 [ 232.747381][ T7193] ? __init_swait_queue_head+0xa9/0x150 [ 232.747406][ T7193] gfs2_sys_fs_add+0x234/0x450 [ 232.747428][ T7193] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 232.747451][ T7193] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 232.747484][ T7193] gfs2_fill_super+0x13c0/0x20d0 [ 232.747518][ T7193] ? __pfx_gfs2_fill_super+0x10/0x10 [ 232.747545][ T7193] ? sb_set_blocksize+0x104/0x180 [ 232.747573][ T7193] ? setup_bdev_super+0x4c1/0x5b0 [ 232.747603][ T7193] get_tree_bdev_flags+0x40b/0x4d0 [ 232.747630][ T7193] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7184] exit_group(0) = ? [pid 7187] <... write resumed>) = ? [ 232.747655][ T7193] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 232.747687][ T7193] gfs2_get_tree+0x51/0x1e0 [ 232.747714][ T7193] vfs_get_tree+0x8f/0x2b0 [ 232.747742][ T7193] do_new_mount+0x2a2/0xa30 [ 232.747773][ T7193] ? ns_capable+0x8a/0xf0 [ 232.747792][ T7193] ? __pfx_do_new_mount+0x10/0x10 [ 232.747819][ T7193] ? path_mount+0x61c/0xfe0 [ 232.747852][ T7193] ? user_path_at+0x44/0x60 [ 232.747878][ T7193] __se_sys_mount+0x317/0x410 [ 232.747911][ T7193] ? __pfx___se_sys_mount+0x10/0x10 [pid 7187] +++ exited with 0 +++ [pid 7184] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7184, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=83 /* 0.83 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 232.747939][ T7193] ? rcu_is_watching+0x15/0xb0 [ 232.747962][ T7193] ? __x64_sys_mount+0x20/0xc0 [ 232.747992][ T7193] do_syscall_64+0xfa/0x3b0 [ 232.748018][ T7193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.748038][ T7193] ? clear_bhb_loop+0x60/0xb0 [ 232.748060][ T7193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.748080][ T7193] RIP: 0033:0x7fb47156b94a [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./65/file0") = 0 [pid 5869] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./65/binderfs") = 0 [pid 5869] umount2("./65/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./65/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8159232, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 232.748097][ T7193] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 232.748115][ T7193] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 232.748137][ T7193] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 232.748153][ T7193] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 232.748168][ T7193] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 232.748184][ T7193] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5869] unlink("./65/cpuset.effective_mems" [pid 7193] <... mount resumed>) = -1 EEXIST (File exists) [pid 7193] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7193] ioctl(3, LOOP_CLR_FD) = 0 [pid 7193] close(3 [pid 7201] <... write resumed>) = 16777216 [ 232.748197][ T7193] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 232.748219][ T7193] [ 232.750751][ T7193] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 233.072746][ T7193] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7201] munmap(0x7fb469000000, 138412032 [pid 5869] <... unlink resumed>) = 0 [pid 7193] <... close resumed>) = 0 [pid 7193] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(3, [pid 7193] <... futex resumed>) = 1 [pid 7193] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./65" [pid 7192] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7192] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7193] <... futex resumed>) = 0 [pid 7201] <... munmap resumed>) = 0 [pid 5869] mkdir("./66", 0777 [pid 7193] openat(AT_FDCWD, ".", O_RDONLY [pid 7201] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7193] <... openat resumed>) = 3 [pid 7201] <... openat resumed>) = 4 [pid 7193] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] ioctl(4, LOOP_SET_FD, 3 [pid 7193] <... futex resumed>) = 1 [pid 7192] <... futex resumed>) = 0 [pid 7193] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7192] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... mkdir resumed>) = 0 [pid 7201] <... ioctl resumed>) = 0 [pid 7200] <... write resumed>) = 16777216 [pid 7193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7201] close(3 [pid 7200] munmap(0x7fb469000000, 138412032 [pid 7193] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7201] <... close resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7201] close(4) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7201] mkdir("./file0", 0777 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 7201] <... mkdir resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7201] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7193] <... ioctl resumed>) = 0 [pid 7193] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7192] <... futex resumed>) = 0 [pid 7193] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7192] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7204 attached [pid 7193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7192] <... futex resumed>) = 0 [pid 7193] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7204] set_robust_list(0x55558d547760, 24 [pid 7193] <... openat resumed>) = 4 [pid 7204] <... set_robust_list resumed>) = 0 [pid 7193] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7204 [pid 7204] chdir("./66" [pid 7193] <... futex resumed>) = 1 [pid 7192] <... futex resumed>) = 0 [pid 7204] <... chdir resumed>) = 0 [pid 7193] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7192] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.209592][ T7201] loop1: detected capacity change from 0 to 32768 [ 233.233487][ T7201] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 233.252428][ T7201] CPU: 0 UID: 0 PID: 7201 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 233.252461][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 233.252475][ T7201] Call Trace: [ 233.252483][ T7201] [ 233.252500][ T7201] dump_stack_lvl+0x189/0x250 [ 233.252533][ T7201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.252557][ T7201] ? __pfx__printk+0x10/0x10 [ 233.252596][ T7201] ? kernfs_root+0x1c/0x230 [ 233.252621][ T7201] ? kernfs_path_from_node+0x250/0x290 [ 233.252642][ T7201] ? kernfs_path_from_node+0x2f/0x290 [ 233.252666][ T7201] sysfs_create_dir_ns+0x259/0x280 [ 233.252688][ T7201] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 233.252710][ T7201] ? do_raw_spin_unlock+0x122/0x240 [ 233.252737][ T7201] kobject_add_internal+0x59f/0xb40 [ 233.252765][ T7201] kobject_init_and_add+0x125/0x190 [ 233.252789][ T7201] ? __pfx_kobject_init_and_add+0x10/0x10 [ 233.252812][ T7201] ? __raw_spin_lock_init+0x45/0x100 [ 233.252836][ T7201] ? __init_swait_queue_head+0xa9/0x150 [ 233.252861][ T7201] gfs2_sys_fs_add+0x234/0x450 [pid 7192] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7204] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7200] <... munmap resumed>) = 0 [pid 7204] <... prctl resumed>) = 0 [pid 7204] setpgid(0, 0) = 0 [pid 7204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7204] write(3, "1000", 4) = 4 [pid 7204] close(3) = 0 [pid 7204] symlink("/dev/binderfs", "./binderfs" [pid 7200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 233.252882][ T7201] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 233.252905][ T7201] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 233.252938][ T7201] gfs2_fill_super+0x13c0/0x20d0 [ 233.252972][ T7201] ? __pfx_gfs2_fill_super+0x10/0x10 [ 233.253000][ T7201] ? sb_set_blocksize+0x104/0x180 [ 233.253028][ T7201] ? setup_bdev_super+0x4c1/0x5b0 [ 233.253056][ T7201] get_tree_bdev_flags+0x40b/0x4d0 [ 233.253084][ T7201] ? __pfx_gfs2_fill_super+0x10/0x10 [ 233.253109][ T7201] ? __pfx_get_tree_bdev_flags+0x10/0x10 [pid 7200] ioctl(4, LOOP_SET_FD, 3executing program [pid 7204] <... symlink resumed>) = 0 [pid 7204] write(1, "executing program\n", 18) = 18 [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7204] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7207]}, 88) = 7207 [pid 7204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7204] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7200] <... ioctl resumed>) = 0 [pid 7200] close(3) = 0 [pid 7200] close(4) = 0 [pid 7200] mkdir("./file0", 0777) = 0 [ 233.253142][ T7201] gfs2_get_tree+0x51/0x1e0 [ 233.253168][ T7201] vfs_get_tree+0x8f/0x2b0 [ 233.253196][ T7201] do_new_mount+0x2a2/0xa30 [ 233.253228][ T7201] ? ns_capable+0x8a/0xf0 [ 233.253248][ T7201] ? __pfx_do_new_mount+0x10/0x10 [ 233.253275][ T7201] ? path_mount+0x61c/0xfe0 [ 233.253302][ T7201] ? user_path_at+0x44/0x60 [ 233.253328][ T7201] __se_sys_mount+0x317/0x410 [ 233.253361][ T7201] ? __pfx___se_sys_mount+0x10/0x10 [ 233.253389][ T7201] ? rcu_is_watching+0x15/0xb0 [ 233.253413][ T7201] ? __x64_sys_mount+0x20/0xc0 [ 233.253443][ T7201] do_syscall_64+0xfa/0x3b0 [ 233.253463][ T7201] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.253483][ T7201] ? clear_bhb_loop+0x60/0xb0 [ 233.253510][ T7201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.253530][ T7201] RIP: 0033:0x7fb47156b94a [ 233.253547][ T7201] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7200] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7192] exit_group(0) = ? [pid 7193] <... write resumed>) = ? [ 233.253564][ T7201] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 233.253585][ T7201] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 233.253600][ T7201] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 233.253615][ T7201] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 233.253629][ T7201] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 233.253642][ T7201] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 233.253663][ T7201] [pid 7193] +++ exited with 0 +++ [pid 7192] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7192, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=83 /* 0.83 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 7207 attached [pid 7201] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7201] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 233.253682][ T7201] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 233.350642][ T7200] loop0: detected capacity change from 0 to 32768 [ 233.373917][ T7201] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 233.584708][ T7200] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 233.592650][ T7200] CPU: 0 UID: 0 PID: 7200 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./67/file0") = 0 [pid 5870] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./67/binderfs") = 0 [pid 5870] umount2("./67/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7207] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 5870] newfstatat(AT_FDCWD, "./67/cpuset.effective_mems", [pid 7207] <... rseq resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=9416704, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7207] set_robust_list(0x7fb4715169a0, 24 [pid 5870] unlink("./67/cpuset.effective_mems" [pid 7207] <... set_robust_list resumed>) = 0 [pid 7207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7207] memfd_create("syzkaller", 0) = 3 [pid 7207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 233.592678][ T7200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 233.592691][ T7200] Call Trace: [ 233.592699][ T7200] [ 233.592707][ T7200] dump_stack_lvl+0x189/0x250 [ 233.592752][ T7200] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.592777][ T7200] ? __pfx__printk+0x10/0x10 [ 233.592803][ T7200] ? kernfs_root+0x1c/0x230 [ 233.592827][ T7200] ? kernfs_path_from_node+0x250/0x290 [ 233.592851][ T7200] ? kernfs_path_from_node+0x2f/0x290 [ 233.592876][ T7200] sysfs_create_dir_ns+0x259/0x280 [pid 7201] <... openat resumed>) = 3 [pid 7201] ioctl(3, LOOP_CLR_FD) = 0 [pid 7201] close(3) = 0 [pid 7201] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7198] <... futex resumed>) = 0 [pid 7201] openat(AT_FDCWD, ".", O_RDONLY [pid 7198] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] <... openat resumed>) = 3 [pid 7198] <... futex resumed>) = 0 [pid 7201] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7198] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] <... futex resumed>) = 0 [pid 7198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7201] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7198] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.592900][ T7200] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 233.592922][ T7200] ? do_raw_spin_unlock+0x122/0x240 [ 233.592949][ T7200] kobject_add_internal+0x59f/0xb40 [ 233.592975][ T7200] kobject_init_and_add+0x125/0x190 [ 233.592998][ T7200] ? __pfx_kobject_init_and_add+0x10/0x10 [ 233.593021][ T7200] ? __raw_spin_lock_init+0x45/0x100 [ 233.593045][ T7200] ? __init_swait_queue_head+0xa9/0x150 [ 233.593069][ T7200] gfs2_sys_fs_add+0x234/0x450 [ 233.593090][ T7200] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 233.593112][ T7200] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 7198] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 233.593146][ T7200] gfs2_fill_super+0x13c0/0x20d0 [ 233.593178][ T7200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 233.593207][ T7200] ? sb_set_blocksize+0x104/0x180 [ 233.593238][ T7200] ? setup_bdev_super+0x4c1/0x5b0 [ 233.593269][ T7200] get_tree_bdev_flags+0x40b/0x4d0 [ 233.593299][ T7200] ? __pfx_gfs2_fill_super+0x10/0x10 [ 233.593324][ T7200] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 233.593357][ T7200] gfs2_get_tree+0x51/0x1e0 [ 233.593383][ T7200] vfs_get_tree+0x8f/0x2b0 [ 233.593411][ T7200] do_new_mount+0x2a2/0xa30 [pid 7198] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7198] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7210]}, 88) = 7210 [pid 7198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7198] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7210 attached [pid 7210] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7210] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 233.593443][ T7200] ? ns_capable+0x8a/0xf0 [ 233.593462][ T7200] ? __pfx_do_new_mount+0x10/0x10 [ 233.593491][ T7200] ? path_mount+0x61c/0xfe0 [ 233.593518][ T7200] ? user_path_at+0x44/0x60 [ 233.593545][ T7200] __se_sys_mount+0x317/0x410 [ 233.593576][ T7200] ? __pfx___se_sys_mount+0x10/0x10 [ 233.593605][ T7200] ? rcu_is_watching+0x15/0xb0 [ 233.593629][ T7200] ? __x64_sys_mount+0x20/0xc0 [ 233.593660][ T7200] do_syscall_64+0xfa/0x3b0 [ 233.593682][ T7200] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7210] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7198] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7198] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7198] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 7211 attached [pid 7211] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7198] <... clone3 resumed> => {parent_tid=[7211]}, 88) = 7211 [pid 7211] <... rseq resumed>) = 0 [pid 7198] rt_sigprocmask(SIG_SETMASK, [], [pid 7211] set_robust_list(0x7fb4714d49a0, 24 [pid 7198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7211] <... set_robust_list resumed>) = 0 [pid 7198] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] rt_sigprocmask(SIG_SETMASK, [], [pid 7198] <... futex resumed>) = 0 [pid 7211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7198] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7211] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7211] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7198] <... futex resumed>) = 0 [ 233.593703][ T7200] ? clear_bhb_loop+0x60/0xb0 [ 233.593738][ T7200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.593760][ T7200] RIP: 0033:0x7fb47156b94a [ 233.593778][ T7200] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 233.593796][ T7200] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 233.593818][ T7200] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 7211] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] <... openat resumed>) = 4 [pid 7201] <... ioctl resumed>) = 0 [pid 7210] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... futex resumed>) = 0 [pid 7201] <... futex resumed>) = 0 [pid 7210] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7201] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7198] exit_group(0 [pid 7211] <... futex resumed>) = ? [pid 7210] <... futex resumed>) = ? [pid 7201] <... futex resumed>) = ? [pid 7198] <... exit_group resumed>) = ? [pid 7211] +++ exited with 0 +++ [pid 7210] +++ exited with 0 +++ [pid 7201] +++ exited with 0 +++ [pid 7198] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7198, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=55 /* 0.55 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [ 233.593835][ T7200] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 233.593849][ T7200] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 233.593865][ T7200] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 233.593880][ T7200] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 233.593902][ T7200] [ 233.593955][ T7200] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5868] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5870] <... unlink resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./69/file0") = 0 [pid 5868] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./69/binderfs") = 0 [pid 5868] umount2("./69/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./69/cpuset.effective_mems", [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7200] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] <... close resumed>) = 0 [pid 5868] unlink("./69/cpuset.effective_mems" [pid 7200] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] rmdir("./67" [pid 5868] <... unlink resumed>) = 0 [pid 7200] <... openat resumed>) = 3 [pid 5870] <... rmdir resumed>) = 0 [pid 5868] getdents64(3, [pid 5870] mkdir("./68", 0777 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./69" [pid 7200] ioctl(3, LOOP_CLR_FD [pid 5870] <... mkdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7200] <... ioctl resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] mkdir("./70", 0777 [pid 7200] close(3 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7212 attached [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5870] close(3 [pid 7212] set_robust_list(0x55558d547760, 24 [pid 5870] <... close resumed>) = 0 [pid 7212] <... set_robust_list resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7212] chdir("./70" [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7212 ./strace-static-x86_64: Process 7213 attached [pid 7212] <... chdir resumed>) = 0 [pid 7212] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7213 [pid 7213] set_robust_list(0x55558d547760, 24 [pid 7212] <... prctl resumed>) = 0 [pid 7212] setpgid(0, 0 [pid 7213] <... set_robust_list resumed>) = 0 [pid 7213] chdir("./68" [pid 7212] <... setpgid resumed>) = 0 [pid 7213] <... chdir resumed>) = 0 [pid 7213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7213] setpgid(0, 0) = 0 [pid 7212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7213] write(3, "1000", 4) = 4 [pid 7213] close(3) = 0 [pid 7213] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7213] write(1, "executing program\n", 18) = 18 [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7213] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7212] write(3, "1000", 4./strace-static-x86_64: Process 7214 attached [pid 7213] <... clone3 resumed> => {parent_tid=[7214]}, 88) = 7214 [pid 7212] <... write resumed>) = 4 [pid 7214] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7213] rt_sigprocmask(SIG_SETMASK, [], [pid 7212] close(3 [pid 7214] <... rseq resumed>) = 0 [pid 7212] <... close resumed>) = 0 [pid 7214] set_robust_list(0x7fb4715169a0, 24 [pid 7212] symlink("/dev/binderfs", "./binderfs" [pid 7214] <... set_robust_list resumed>) = 0 [pid 7213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7214] rt_sigprocmask(SIG_SETMASK, [], [pid 7213] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... symlink resumed>) = 0 [pid 7214] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 7213] <... futex resumed>) = 0 [pid 7212] write(1, "executing program\n", 18 [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7214] memfd_create("syzkaller", 0 [pid 7212] <... write resumed>) = 18 [pid 7214] <... memfd_create resumed>) = 3 [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7212] <... futex resumed>) = 0 [pid 7214] <... mmap resumed>) = 0x7fb469000000 [pid 7212] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7212] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 233.960338][ T7200] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7212] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7212] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7212] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7215 attached => {parent_tid=[7215]}, 88) = 7215 [pid 7215] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7212] rt_sigprocmask(SIG_SETMASK, [], [pid 7215] <... rseq resumed>) = 0 [pid 7212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7215] set_robust_list(0x7fb4715169a0, 24 [pid 7212] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... set_robust_list resumed>) = 0 [pid 7215] rt_sigprocmask(SIG_SETMASK, [], [pid 7212] <... futex resumed>) = 0 [pid 7215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7215] memfd_create("syzkaller", 0) = 3 [pid 7215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7200] <... close resumed>) = 0 [pid 7200] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7199] <... futex resumed>) = 0 [pid 7200] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7199] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7199] <... futex resumed>) = 0 [pid 7200] openat(AT_FDCWD, ".", O_RDONLY [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7200] <... openat resumed>) = 3 [pid 7200] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7199] <... futex resumed>) = 0 [pid 7200] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7199] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7200] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7199] <... futex resumed>) = 0 [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7200] <... ioctl resumed>) = 0 [pid 7200] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7199] <... futex resumed>) = 0 [pid 7200] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7199] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7200] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7200] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7199] <... futex resumed>) = 0 [pid 7200] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7199] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7199] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7207] <... write resumed>) = 16777216 [pid 7207] munmap(0x7fb469000000, 138412032 [pid 7214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7207] <... munmap resumed>) = 0 [pid 7215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7207] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7207] close(3) = 0 [pid 7207] close(4) = 0 [pid 7207] mkdir("./file0", 0777) = 0 [ 234.456857][ T7207] loop2: detected capacity change from 0 to 32768 [pid 7207] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7214] <... write resumed>) = 16777216 [ 234.500956][ T7207] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 234.520144][ T7207] CPU: 0 UID: 0 PID: 7207 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 234.520178][ T7207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.520192][ T7207] Call Trace: [ 234.520200][ T7207] [ 234.520209][ T7207] dump_stack_lvl+0x189/0x250 [ 234.520243][ T7207] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.520268][ T7207] ? __pfx__printk+0x10/0x10 [ 234.520296][ T7207] ? kernfs_root+0x1c/0x230 [ 234.520320][ T7207] ? kernfs_path_from_node+0x250/0x290 [ 234.520340][ T7207] ? kernfs_path_from_node+0x2f/0x290 [ 234.520361][ T7207] sysfs_create_dir_ns+0x259/0x280 [ 234.520385][ T7207] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 234.520406][ T7207] ? do_raw_spin_unlock+0x122/0x240 [ 234.520430][ T7207] kobject_add_internal+0x59f/0xb40 [pid 7214] munmap(0x7fb469000000, 138412032 [pid 7199] exit_group(0) = ? [pid 7200] <... write resumed>) = ? [ 234.520459][ T7207] kobject_init_and_add+0x125/0x190 [ 234.520490][ T7207] ? __pfx_kobject_init_and_add+0x10/0x10 [ 234.520511][ T7207] ? __raw_spin_lock_init+0x45/0x100 [ 234.520534][ T7207] ? __init_swait_queue_head+0xa9/0x150 [ 234.520558][ T7207] gfs2_sys_fs_add+0x234/0x450 [ 234.520579][ T7207] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 234.520601][ T7207] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 234.520642][ T7207] gfs2_fill_super+0x13c0/0x20d0 [ 234.520686][ T7207] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7200] +++ exited with 0 +++ [pid 7199] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7199, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=72 /* 0.72 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 234.520716][ T7207] ? sb_set_blocksize+0x104/0x180 [ 234.520746][ T7207] ? setup_bdev_super+0x4c1/0x5b0 [ 234.520776][ T7207] get_tree_bdev_flags+0x40b/0x4d0 [ 234.520804][ T7207] ? __pfx_gfs2_fill_super+0x10/0x10 [ 234.520833][ T7207] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 234.520867][ T7207] gfs2_get_tree+0x51/0x1e0 [ 234.520895][ T7207] vfs_get_tree+0x8f/0x2b0 [ 234.520925][ T7207] do_new_mount+0x2a2/0xa30 [ 234.520955][ T7207] ? ns_capable+0x8a/0xf0 [ 234.520974][ T7207] ? __pfx_do_new_mount+0x10/0x10 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./68/file0") = 0 [pid 5867] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./68/binderfs") = 0 [pid 5867] umount2("./68/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./68/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7045120, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 234.521002][ T7207] ? path_mount+0x61c/0xfe0 [ 234.521028][ T7207] ? user_path_at+0x44/0x60 [ 234.521054][ T7207] __se_sys_mount+0x317/0x410 [ 234.521087][ T7207] ? __pfx___se_sys_mount+0x10/0x10 [ 234.521114][ T7207] ? rcu_is_watching+0x15/0xb0 [ 234.521135][ T7207] ? __x64_sys_mount+0x20/0xc0 [ 234.521173][ T7207] do_syscall_64+0xfa/0x3b0 [ 234.521194][ T7207] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.521214][ T7207] ? clear_bhb_loop+0x60/0xb0 [ 234.521237][ T7207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.521256][ T7207] RIP: 0033:0x7fb47156b94a [ 234.521274][ T7207] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 234.521292][ T7207] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 234.521313][ T7207] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 234.521329][ T7207] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 5867] unlink("./68/cpuset.effective_mems" [pid 7214] <... munmap resumed>) = 0 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7214] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] close(3 [pid 7214] <... openat resumed>) = 4 [pid 5867] <... close resumed>) = 0 [pid 7214] ioctl(4, LOOP_SET_FD, 3 [pid 5867] rmdir("./68") = 0 [pid 5867] mkdir("./69", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 234.521343][ T7207] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 234.521358][ T7207] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 234.521372][ T7207] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 234.521393][ T7207] [ 234.521497][ T7207] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 234.838687][ T7207] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] close(3 [pid 7214] <... ioctl resumed>) = 0 [pid 7207] <... mount resumed>) = -1 EEXIST (File exists) [pid 7214] close(3) = 0 [pid 7207] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7214] close(4 [pid 7207] <... openat resumed>) = 3 [pid 5867] <... close resumed>) = 0 [pid 7215] <... write resumed>) = 16777216 [pid 7214] <... close resumed>) = 0 [pid 7207] ioctl(3, LOOP_CLR_FD [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7215] munmap(0x7fb469000000, 138412032 [pid 7214] mkdir("./file0", 0777./strace-static-x86_64: Process 7218 attached [pid 7207] <... ioctl resumed>) = 0 [pid 7218] set_robust_list(0x55558d547760, 24 [pid 7214] <... mkdir resumed>) = 0 [pid 7207] close(3 [pid 7214] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7218] <... set_robust_list resumed>) = 0 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7218 [pid 7218] chdir("./69") = 0 [pid 7218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 234.846969][ T7214] loop3: detected capacity change from 0 to 32768 executing program [pid 7218] setpgid(0, 0) = 0 [pid 7218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7218] write(3, "1000", 4) = 4 [pid 7218] close(3) = 0 [pid 7218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7218] write(1, "executing program\n", 18) = 18 [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7218] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7218] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7221 attached => {parent_tid=[7221]}, 88) = 7221 [pid 7218] rt_sigprocmask(SIG_SETMASK, [], [pid 7221] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7218] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7221] <... rseq resumed>) = 0 [pid 7221] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7221] memfd_create("syzkaller", 0) = 3 [pid 7221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 234.882943][ T7214] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 234.924274][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 234.924311][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.924324][ T7214] Call Trace: [ 234.924332][ T7214] [ 234.924341][ T7214] dump_stack_lvl+0x189/0x250 [ 234.924474][ T7214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.924500][ T7214] ? __pfx__printk+0x10/0x10 [ 234.924527][ T7214] ? kernfs_root+0x1c/0x230 [ 234.924552][ T7214] ? kernfs_path_from_node+0x250/0x290 [ 234.924576][ T7214] ? kernfs_path_from_node+0x2f/0x290 [ 234.924599][ T7214] sysfs_create_dir_ns+0x259/0x280 [ 234.924670][ T7214] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 234.924709][ T7214] ? do_raw_spin_unlock+0x122/0x240 [ 234.924738][ T7214] kobject_add_internal+0x59f/0xb40 [ 234.924766][ T7214] kobject_init_and_add+0x125/0x190 [ 234.924806][ T7214] ? __pfx_kobject_init_and_add+0x10/0x10 [ 234.924830][ T7214] ? __raw_spin_lock_init+0x45/0x100 [ 234.924855][ T7214] ? __init_swait_queue_head+0xa9/0x150 [ 234.924879][ T7214] gfs2_sys_fs_add+0x234/0x450 [ 234.924900][ T7214] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 234.924924][ T7214] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 234.924968][ T7214] gfs2_fill_super+0x13c0/0x20d0 [ 234.925002][ T7214] ? __pfx_gfs2_fill_super+0x10/0x10 [ 234.925030][ T7214] ? sb_set_blocksize+0x104/0x180 [ 234.925061][ T7214] ? setup_bdev_super+0x4c1/0x5b0 [ 234.925090][ T7214] get_tree_bdev_flags+0x40b/0x4d0 [ 234.925123][ T7214] ? __pfx_gfs2_fill_super+0x10/0x10 [ 234.925147][ T7214] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 234.925181][ T7214] gfs2_get_tree+0x51/0x1e0 [ 234.925208][ T7214] vfs_get_tree+0x8f/0x2b0 [ 234.925247][ T7214] do_new_mount+0x2a2/0xa30 [ 234.925279][ T7214] ? ns_capable+0x8a/0xf0 [ 234.925299][ T7214] ? __pfx_do_new_mount+0x10/0x10 [ 234.925329][ T7214] ? path_mount+0x61c/0xfe0 [ 234.925427][ T7214] ? user_path_at+0x44/0x60 [ 234.925454][ T7214] __se_sys_mount+0x317/0x410 [ 234.925489][ T7214] ? __pfx___se_sys_mount+0x10/0x10 [ 234.925528][ T7214] ? rcu_is_watching+0x15/0xb0 [ 234.925553][ T7214] ? __x64_sys_mount+0x20/0xc0 [ 234.925585][ T7214] do_syscall_64+0xfa/0x3b0 [ 234.925606][ T7214] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.925627][ T7214] ? clear_bhb_loop+0x60/0xb0 [ 234.925650][ T7214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.925669][ T7214] RIP: 0033:0x7fb47156b94a [ 234.925688][ T7214] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 234.925707][ T7214] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 234.925729][ T7214] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 234.925746][ T7214] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 234.925761][ T7214] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 234.925777][ T7214] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 234.925791][ T7214] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 234.925813][ T7214] [ 235.234732][ T7214] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 235.248825][ T7214] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7215] <... munmap resumed>) = 0 [pid 7207] <... close resumed>) = 0 [pid 7207] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7204] <... futex resumed>) = 0 [pid 7207] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7204] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7204] <... futex resumed>) = 0 [pid 7207] openat(AT_FDCWD, ".", O_RDONLY [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7207] <... openat resumed>) = 3 [pid 7207] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7204] <... futex resumed>) = 0 [pid 7207] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7204] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7204] <... futex resumed>) = 0 [pid 7207] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7215] ioctl(4, LOOP_SET_FD, 3 [pid 7207] <... ioctl resumed>) = 0 [pid 7207] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] <... futex resumed>) = 0 [pid 7207] <... futex resumed>) = 1 [pid 7204] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7207] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7204] <... futex resumed>) = 0 [pid 7214] <... mount resumed>) = -1 EEXIST (File exists) [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7214] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7214] ioctl(3, LOOP_CLR_FD) = 0 [pid 7207] <... openat resumed>) = 4 [pid 7214] close(3) = 0 [pid 7207] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7214] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7207] <... futex resumed>) = 1 [pid 7204] <... futex resumed>) = 0 [pid 7214] <... futex resumed>) = 1 [pid 7214] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] <... futex resumed>) = 0 [pid 7207] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7204] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7215] <... ioctl resumed>) = 0 [pid 7215] close(3) = 0 [pid 7215] close(4) = 0 [pid 7215] mkdir("./file0", 0777) = 0 [ 235.322795][ T7215] loop1: detected capacity change from 0 to 32768 [ 235.399316][ T7215] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 235.415217][ T7215] CPU: 0 UID: 0 PID: 7215 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 235.415250][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 235.415263][ T7215] Call Trace: [ 235.415272][ T7215] [ 235.415282][ T7215] dump_stack_lvl+0x189/0x250 [ 235.415315][ T7215] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.415348][ T7215] ? __pfx__printk+0x10/0x10 [ 235.415376][ T7215] ? kernfs_root+0x1c/0x230 [ 235.415401][ T7215] ? kernfs_path_from_node+0x250/0x290 [ 235.415424][ T7215] ? kernfs_path_from_node+0x2f/0x290 [ 235.415449][ T7215] sysfs_create_dir_ns+0x259/0x280 [ 235.415472][ T7215] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 235.415495][ T7215] ? do_raw_spin_unlock+0x122/0x240 [ 235.415524][ T7215] kobject_add_internal+0x59f/0xb40 [ 235.415553][ T7215] kobject_init_and_add+0x125/0x190 [ 235.415579][ T7215] ? __pfx_kobject_init_and_add+0x10/0x10 [ 235.415603][ T7215] ? __raw_spin_lock_init+0x45/0x100 [ 235.415628][ T7215] ? __init_swait_queue_head+0xa9/0x150 [ 235.415655][ T7215] gfs2_sys_fs_add+0x234/0x450 [ 235.415679][ T7215] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 235.415703][ T7215] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 235.415737][ T7215] gfs2_fill_super+0x13c0/0x20d0 [ 235.415773][ T7215] ? __pfx_gfs2_fill_super+0x10/0x10 [ 235.415802][ T7215] ? sb_set_blocksize+0x104/0x180 [pid 7215] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 235.415833][ T7215] ? setup_bdev_super+0x4c1/0x5b0 [ 235.415863][ T7215] get_tree_bdev_flags+0x40b/0x4d0 [ 235.415892][ T7215] ? __pfx_gfs2_fill_super+0x10/0x10 [ 235.415919][ T7215] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 235.415953][ T7215] gfs2_get_tree+0x51/0x1e0 [ 235.415980][ T7215] vfs_get_tree+0x8f/0x2b0 [ 235.416010][ T7215] do_new_mount+0x2a2/0xa30 [ 235.416042][ T7215] ? ns_capable+0x8a/0xf0 [ 235.416062][ T7215] ? __pfx_do_new_mount+0x10/0x10 [ 235.416091][ T7215] ? path_mount+0x61c/0xfe0 [ 235.416119][ T7215] ? user_path_at+0x44/0x60 [ 235.416147][ T7215] __se_sys_mount+0x317/0x410 [ 235.416181][ T7215] ? __pfx___se_sys_mount+0x10/0x10 [ 235.416211][ T7215] ? rcu_is_watching+0x15/0xb0 [ 235.416235][ T7215] ? __x64_sys_mount+0x20/0xc0 [ 235.416266][ T7215] do_syscall_64+0xfa/0x3b0 [ 235.416288][ T7215] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.416308][ T7215] ? clear_bhb_loop+0x60/0xb0 [ 235.416338][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.416359][ T7215] RIP: 0033:0x7fb47156b94a [pid 7204] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 235.416377][ T7215] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 235.416395][ T7215] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 235.416417][ T7215] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 235.416433][ T7215] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 235.416448][ T7215] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7213] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7214] <... futex resumed>) = 0 [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... mount resumed>) = -1 EEXIST (File exists) [pid 7214] openat(AT_FDCWD, ".", O_RDONLY [pid 7215] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7214] <... openat resumed>) = 3 [pid 7214] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... openat resumed>) = 3 [pid 7214] <... futex resumed>) = 1 [pid 7213] <... futex resumed>) = 0 [pid 7215] ioctl(3, LOOP_CLR_FD [pid 7214] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... ioctl resumed>) = 0 [pid 7214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7213] <... futex resumed>) = 0 [pid 7215] close(3 [pid 7214] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... close resumed>) = 0 [pid 7215] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7212] <... futex resumed>) = 0 [pid 7215] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7212] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7212] <... futex resumed>) = 0 [ 235.416462][ T7215] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 235.416475][ T7215] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 235.416498][ T7215] [ 235.416520][ T7215] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 235.738363][ T7215] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7215] openat(AT_FDCWD, ".", O_RDONLY [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... openat resumed>) = 3 [pid 7215] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7214] <... ioctl resumed>) = 0 [pid 7212] <... futex resumed>) = 0 [pid 7215] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7214] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7213] <... futex resumed>) = 0 [pid 7215] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7214] <... futex resumed>) = 1 [pid 7213] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... futex resumed>) = 0 [pid 7214] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7213] <... futex resumed>) = 0 [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7214] <... openat resumed>) = 4 [pid 7214] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7213] <... futex resumed>) = 0 [pid 7214] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7213] <... futex resumed>) = 0 [pid 7214] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... ioctl resumed>) = 0 [pid 7215] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7212] <... futex resumed>) = 0 [pid 7215] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7212] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7212] <... futex resumed>) = 0 [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... openat resumed>) = 4 [pid 7215] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7215] <... futex resumed>) = 1 [pid 7212] <... futex resumed>) = 0 [pid 7212] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7212] <... futex resumed>) = 0 [pid 7212] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7213] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7213] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7204] exit_group(0) = ? [pid 7207] <... write resumed>) = ? [pid 7207] +++ exited with 0 +++ [pid 7204] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7204, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=92 /* 0.92 s */} --- [pid 7212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./66/file0") = 0 [pid 5869] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./66/binderfs") = 0 [pid 5869] umount2("./66/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./66/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=15028224, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./66/cpuset.effective_mems" [pid 7213] exit_group(0) = ? [pid 7214] <... write resumed>) = ? [pid 7214] +++ exited with 0 +++ [pid 7213] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7213, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=39 /* 0.39 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7221] <... write resumed>) = 16777216 [pid 7221] munmap(0x7fb469000000, 138412032 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5870] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./68/file0") = 0 [pid 5870] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./68/binderfs") = 0 [pid 5870] umount2("./68/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./68/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5459968, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./68/cpuset.effective_mems" [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./66") = 0 [pid 5869] mkdir("./67", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7225 attached , child_tidptr=0x55558d547750) = 7225 [pid 7225] set_robust_list(0x55558d547760, 24) = 0 [pid 7225] chdir("./67") = 0 [pid 7225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7225] setpgid(0, 0) = 0 [pid 7225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7225] write(3, "1000", 4) = 4 [pid 7225] close(3) = 0 [pid 7225] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7225] write(1, "executing program\n", 18) = 18 [pid 7225] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7221] <... munmap resumed>) = 0 [pid 7221] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7225] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5870] <... unlink resumed>) = 0 [pid 7225] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7221] <... openat resumed>) = 4 [pid 7225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7221] ioctl(4, LOOP_SET_FD, 3 [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7225] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7226]}, 88) = 7226 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7225] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./68") = 0 ./strace-static-x86_64: Process 7226 attached [pid 7221] <... ioctl resumed>) = 0 [pid 7212] exit_group(0) = ? [pid 5870] mkdir("./69", 0777) = 0 [pid 7226] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7221] close(3 [pid 7215] <... write resumed>) = ? [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7226] <... rseq resumed>) = 0 [pid 7221] <... close resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7226] set_robust_list(0x7fb4715169a0, 24 [pid 7221] close(4 [pid 7226] <... set_robust_list resumed>) = 0 [pid 7226] rt_sigprocmask(SIG_SETMASK, [], [pid 7221] <... close resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7226] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7227 attached [ 236.203708][ T7221] loop0: detected capacity change from 0 to 32768 [pid 7226] memfd_create("syzkaller", 0 [pid 7227] set_robust_list(0x55558d547760, 24 [pid 7221] mkdir("./file0", 0777 [pid 7215] +++ exited with 0 +++ [pid 7212] +++ exited with 0 +++ [pid 7221] <... mkdir resumed>) = 0 [pid 7227] <... set_robust_list resumed>) = 0 [pid 7226] <... memfd_create resumed>) = 3 [pid 7221] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7227 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7212, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=66 /* 0.66 s */} --- [pid 7227] chdir("./69" [pid 7226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7227] <... chdir resumed>) = 0 [pid 7226] <... mmap resumed>) = 0x7fb469000000 [pid 5868] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7227] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7227] <... prctl resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./70/file0", [pid 7227] setpgid(0, 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7227] <... setpgid resumed>) = 0 [pid 5868] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./70/file0") = 0 [pid 5868] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./70/binderfs") = 0 [pid 5868] umount2("./70/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./70/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=9216000, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./70/cpuset.effective_mems" [pid 7227] <... openat resumed>) = 3 [pid 7227] write(3, "1000", 4) = 4 [pid 7227] close(3) = 0 [pid 7227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7227] write(1, "executing program\n", 18executing program ) = 18 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7227] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [ 236.294593][ T7221] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 236.331231][ T7221] CPU: 0 UID: 0 PID: 7221 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./70") = 0 [pid 5868] mkdir("./71", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 236.331263][ T7221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 236.331278][ T7221] Call Trace: [ 236.331285][ T7221] [ 236.331295][ T7221] dump_stack_lvl+0x189/0x250 [ 236.331326][ T7221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.331350][ T7221] ? __pfx__printk+0x10/0x10 [ 236.331377][ T7221] ? kernfs_root+0x1c/0x230 [ 236.331403][ T7221] ? kernfs_path_from_node+0x250/0x290 [ 236.331426][ T7221] ? kernfs_path_from_node+0x2f/0x290 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7230 [ 236.331451][ T7221] sysfs_create_dir_ns+0x259/0x280 [ 236.331486][ T7221] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 236.331509][ T7221] ? do_raw_spin_unlock+0x122/0x240 [ 236.331537][ T7221] kobject_add_internal+0x59f/0xb40 [ 236.331565][ T7221] kobject_init_and_add+0x125/0x190 [ 236.331591][ T7221] ? __pfx_kobject_init_and_add+0x10/0x10 [ 236.331614][ T7221] ? __raw_spin_lock_init+0x45/0x100 [ 236.331639][ T7221] ? __init_swait_queue_head+0xa9/0x150 [ 236.331665][ T7221] gfs2_sys_fs_add+0x234/0x450 [ 236.331688][ T7221] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 7227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7227] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7231]}, 88) = 7231 [pid 7227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7227] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 236.331713][ T7221] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 236.331748][ T7221] gfs2_fill_super+0x13c0/0x20d0 [ 236.331783][ T7221] ? __pfx_gfs2_fill_super+0x10/0x10 [ 236.331812][ T7221] ? sb_set_blocksize+0x104/0x180 [ 236.331842][ T7221] ? setup_bdev_super+0x4c1/0x5b0 [ 236.331871][ T7221] get_tree_bdev_flags+0x40b/0x4d0 [ 236.331899][ T7221] ? __pfx_gfs2_fill_super+0x10/0x10 [ 236.331926][ T7221] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 236.331958][ T7221] gfs2_get_tree+0x51/0x1e0 [ 236.331986][ T7221] vfs_get_tree+0x8f/0x2b0 [ 236.332016][ T7221] do_new_mount+0x2a2/0xa30 [ 236.332048][ T7221] ? ns_capable+0x8a/0xf0 [ 236.332067][ T7221] ? __pfx_do_new_mount+0x10/0x10 [ 236.332096][ T7221] ? path_mount+0x61c/0xfe0 [ 236.332124][ T7221] ? user_path_at+0x44/0x60 [ 236.332151][ T7221] __se_sys_mount+0x317/0x410 [ 236.332185][ T7221] ? __pfx___se_sys_mount+0x10/0x10 [ 236.332215][ T7221] ? rcu_is_watching+0x15/0xb0 [ 236.332238][ T7221] ? __x64_sys_mount+0x20/0xc0 [ 236.332269][ T7221] do_syscall_64+0xfa/0x3b0 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program ./strace-static-x86_64: Process 7231 attached ./strace-static-x86_64: Process 7230 attached [pid 7231] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7230] set_robust_list(0x55558d547760, 24 [pid 7231] <... rseq resumed>) = 0 [pid 7230] <... set_robust_list resumed>) = 0 [pid 7231] set_robust_list(0x7fb4715169a0, 24 [pid 7230] chdir("./71" [pid 7231] <... set_robust_list resumed>) = 0 [pid 7230] <... chdir resumed>) = 0 [pid 7231] rt_sigprocmask(SIG_SETMASK, [], [pid 7230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7230] <... prctl resumed>) = 0 [pid 7231] memfd_create("syzkaller", 0 [pid 7230] setpgid(0, 0 [pid 7231] <... memfd_create resumed>) = 3 [pid 7230] <... setpgid resumed>) = 0 [pid 7231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7231] <... mmap resumed>) = 0x7fb469000000 [pid 7230] <... openat resumed>) = 3 [pid 7230] write(3, "1000", 4) = 4 [pid 7230] close(3) = 0 [pid 7230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7230] write(1, "executing program\n", 18) = 18 [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7230] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7230] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7232]}, 88) = 7232 [pid 7230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7230] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 236.332292][ T7221] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.332312][ T7221] ? clear_bhb_loop+0x60/0xb0 [ 236.332335][ T7221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.332355][ T7221] RIP: 0033:0x7fb47156b94a [ 236.332373][ T7221] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 236.332392][ T7221] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 236.332414][ T7221] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 236.332430][ T7221] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 236.332445][ T7221] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 236.332460][ T7221] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 236.332481][ T7221] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 236.332503][ T7221] [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7232 attached [pid 7232] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7232] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7221] <... mount resumed>) = -1 EEXIST (File exists) [pid 7232] rt_sigprocmask(SIG_SETMASK, [], [pid 7221] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7221] <... openat resumed>) = 3 [pid 7221] ioctl(3, LOOP_CLR_FD) = 0 [pid 7221] close(3 [pid 7232] memfd_create("syzkaller", 0) = 3 [pid 7232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 236.332526][ T7221] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 236.649373][ T7221] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7221] <... close resumed>) = 0 [pid 7221] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7221] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7218] <... futex resumed>) = 0 [pid 7218] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] <... futex resumed>) = 0 [pid 7218] <... futex resumed>) = 1 [pid 7221] openat(AT_FDCWD, ".", O_RDONLY [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... openat resumed>) = 3 [pid 7221] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7218] <... futex resumed>) = 0 [pid 7221] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7218] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7218] <... futex resumed>) = 0 [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... ioctl resumed>) = 0 [pid 7221] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7218] <... futex resumed>) = 0 [pid 7221] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7218] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] <... futex resumed>) = 0 [pid 7218] <... futex resumed>) = 1 [pid 7221] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... openat resumed>) = 4 [pid 7221] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7218] <... futex resumed>) = 0 [pid 7221] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7218] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7218] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... futex resumed>) = 0 [pid 7221] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7226] <... write resumed>) = 16777216 [pid 7226] munmap(0x7fb469000000, 138412032 [pid 7231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7226] <... munmap resumed>) = 0 [pid 7226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7226] close(3) = 0 [pid 7226] close(4) = 0 [pid 7226] mkdir("./file0", 0777) = 0 [ 237.006451][ T7226] loop2: detected capacity change from 0 to 32768 [ 237.063299][ T7226] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 237.097114][ T7226] CPU: 1 UID: 0 PID: 7226 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 237.097155][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 237.097170][ T7226] Call Trace: [ 237.097178][ T7226] [ 237.097187][ T7226] dump_stack_lvl+0x189/0x250 [ 237.097236][ T7226] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.097276][ T7226] ? __pfx__printk+0x10/0x10 [ 237.097302][ T7226] ? kernfs_root+0x1c/0x230 [ 237.097327][ T7226] ? kernfs_path_from_node+0x250/0x290 [ 237.097349][ T7226] ? kernfs_path_from_node+0x2f/0x290 [ 237.097373][ T7226] sysfs_create_dir_ns+0x259/0x280 [ 237.097396][ T7226] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 237.097419][ T7226] ? do_raw_spin_unlock+0x122/0x240 [ 237.097446][ T7226] kobject_add_internal+0x59f/0xb40 [ 237.097474][ T7226] kobject_init_and_add+0x125/0x190 [ 237.097500][ T7226] ? __pfx_kobject_init_and_add+0x10/0x10 [ 237.097522][ T7226] ? __raw_spin_lock_init+0x45/0x100 [ 237.097548][ T7226] ? __init_swait_queue_head+0xa9/0x150 [ 237.097573][ T7226] gfs2_sys_fs_add+0x234/0x450 [ 237.097595][ T7226] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [pid 7226] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7218] exit_group(0) = ? [pid 7221] <... write resumed>) = ? [ 237.097618][ T7226] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 237.097651][ T7226] gfs2_fill_super+0x13c0/0x20d0 [ 237.097686][ T7226] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.097713][ T7226] ? sb_set_blocksize+0x104/0x180 [ 237.097742][ T7226] ? setup_bdev_super+0x4c1/0x5b0 [ 237.097771][ T7226] get_tree_bdev_flags+0x40b/0x4d0 [ 237.097799][ T7226] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.097825][ T7226] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 237.097858][ T7226] gfs2_get_tree+0x51/0x1e0 [ 237.097884][ T7226] vfs_get_tree+0x8f/0x2b0 [pid 7232] <... write resumed>) = 16777216 [pid 7232] munmap(0x7fb469000000, 138412032 [pid 7221] +++ exited with 0 +++ [pid 7218] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7218, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=82 /* 0.82 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./69/file0") = 0 [pid 5867] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./69/binderfs") = 0 [pid 5867] umount2("./69/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./69/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8187840, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 237.097913][ T7226] do_new_mount+0x2a2/0xa30 [ 237.097944][ T7226] ? ns_capable+0x8a/0xf0 [ 237.097963][ T7226] ? __pfx_do_new_mount+0x10/0x10 [ 237.097991][ T7226] ? path_mount+0x61c/0xfe0 [ 237.098019][ T7226] ? user_path_at+0x44/0x60 [ 237.098046][ T7226] __se_sys_mount+0x317/0x410 [ 237.098079][ T7226] ? __pfx___se_sys_mount+0x10/0x10 [ 237.098107][ T7226] ? rcu_is_watching+0x15/0xb0 [ 237.098130][ T7226] ? __x64_sys_mount+0x20/0xc0 [ 237.098171][ T7226] do_syscall_64+0xfa/0x3b0 [ 237.098211][ T7226] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.098245][ T7226] ? clear_bhb_loop+0x60/0xb0 [ 237.098267][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.098287][ T7226] RIP: 0033:0x7fb47156b94a [ 237.098304][ T7226] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 237.098322][ T7226] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 5867] unlink("./69/cpuset.effective_mems" [pid 7231] <... write resumed>) = 16777216 [pid 7232] <... munmap resumed>) = 0 [ 237.098344][ T7226] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 237.098360][ T7226] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 237.098374][ T7226] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 237.098389][ T7226] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 237.098403][ T7226] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 237.098423][ T7226] [pid 7231] munmap(0x7fb469000000, 138412032 [pid 7232] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7232] ioctl(4, LOOP_SET_FD, 3 [pid 7226] <... mount resumed>) = -1 EEXIST (File exists) [pid 7226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7226] ioctl(3, LOOP_CLR_FD) = 0 [pid 7226] close(3 [pid 7232] <... ioctl resumed>) = 0 [pid 7232] close(3) = 0 [pid 7232] close(4) = 0 [pid 7232] mkdir("./file0", 0777) = 0 [ 237.098465][ T7226] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 237.420044][ T7226] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 237.428898][ T7232] loop1: detected capacity change from 0 to 32768 [ 237.465750][ T7232] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 237.501553][ T7232] CPU: 0 UID: 0 PID: 7232 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 237.501586][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 237.501599][ T7232] Call Trace: [ 237.501607][ T7232] [ 237.501616][ T7232] dump_stack_lvl+0x189/0x250 [ 237.501649][ T7232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.501674][ T7232] ? __pfx__printk+0x10/0x10 [ 237.501700][ T7232] ? kernfs_root+0x1c/0x230 [ 237.501727][ T7232] ? kernfs_path_from_node+0x250/0x290 [ 237.501749][ T7232] ? kernfs_path_from_node+0x2f/0x290 [ 237.501774][ T7232] sysfs_create_dir_ns+0x259/0x280 [ 237.501798][ T7232] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 237.501820][ T7232] ? do_raw_spin_unlock+0x122/0x240 [ 237.501847][ T7232] kobject_add_internal+0x59f/0xb40 [ 237.501877][ T7232] kobject_init_and_add+0x125/0x190 [ 237.501903][ T7232] ? __pfx_kobject_init_and_add+0x10/0x10 [ 237.501926][ T7232] ? __raw_spin_lock_init+0x45/0x100 [ 237.501975][ T7232] ? __init_swait_queue_head+0xa9/0x150 [ 237.502003][ T7232] gfs2_sys_fs_add+0x234/0x450 [ 237.502025][ T7232] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 237.502049][ T7232] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 237.502083][ T7232] gfs2_fill_super+0x13c0/0x20d0 [ 237.502130][ T7232] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.502158][ T7232] ? sb_set_blocksize+0x104/0x180 [ 237.502188][ T7232] ? setup_bdev_super+0x4c1/0x5b0 [ 237.502219][ T7232] get_tree_bdev_flags+0x40b/0x4d0 [ 237.502247][ T7232] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.502273][ T7232] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 237.502306][ T7232] gfs2_get_tree+0x51/0x1e0 [pid 7232] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7231] <... munmap resumed>) = 0 [pid 7226] <... close resumed>) = 0 [pid 5867] <... unlink resumed>) = 0 [pid 7231] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7226] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] <... openat resumed>) = 4 [pid 7231] ioctl(4, LOOP_SET_FD, 3 [pid 7226] <... futex resumed>) = 1 [pid 7226] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3 [pid 7225] <... futex resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 7225] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] rmdir("./69" [pid 7226] <... futex resumed>) = 0 [pid 7225] <... futex resumed>) = 1 [pid 5867] <... rmdir resumed>) = 0 [ 237.502334][ T7232] vfs_get_tree+0x8f/0x2b0 [ 237.502363][ T7232] do_new_mount+0x2a2/0xa30 [ 237.502396][ T7232] ? ns_capable+0x8a/0xf0 [ 237.502416][ T7232] ? __pfx_do_new_mount+0x10/0x10 [ 237.502445][ T7232] ? path_mount+0x61c/0xfe0 [ 237.502474][ T7232] ? user_path_at+0x44/0x60 [ 237.502501][ T7232] __se_sys_mount+0x317/0x410 [ 237.502534][ T7232] ? __pfx___se_sys_mount+0x10/0x10 [ 237.502563][ T7232] ? rcu_is_watching+0x15/0xb0 [ 237.502588][ T7232] ? __x64_sys_mount+0x20/0xc0 [ 237.502629][ T7232] do_syscall_64+0xfa/0x3b0 executing program [pid 7226] openat(AT_FDCWD, ".", O_RDONLY [pid 7225] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] mkdir("./70", 0777 [pid 7226] <... openat resumed>) = 3 [pid 5867] <... mkdir resumed>) = 0 [pid 7226] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7226] <... futex resumed>) = 1 [pid 7225] <... futex resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 7226] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 7226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7225] <... futex resumed>) = 0 [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7226] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7225] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7237 attached [pid 7237] set_robust_list(0x55558d547760, 24) = 0 [pid 7237] chdir("./70") = 0 [pid 7237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7237] setpgid(0, 0) = 0 [pid 7237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7237 [pid 7237] write(3, "1000", 4) = 4 [pid 7237] close(3) = 0 [pid 7237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7237] write(1, "executing program\n", 18) = 18 [pid 7237] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7237] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7238]}, 88) = 7238 [pid 7237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7237] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7231] <... ioctl resumed>) = 0 [pid 7225] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7225] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7225] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7239]}, 88) = 7239 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7225] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] close(3 [pid 7225] <... futex resumed>) = 0 [pid 7231] <... close resumed>) = 0 [pid 7231] close(4) = 0 [ 237.502659][ T7232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.502680][ T7232] ? clear_bhb_loop+0x60/0xb0 [ 237.502703][ T7232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.502724][ T7232] RIP: 0033:0x7fb47156b94a [ 237.502742][ T7232] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 237.502761][ T7232] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 7231] mkdir("./file0", 0777) = 0 [pid 7225] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 237.502784][ T7232] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 237.502800][ T7232] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 237.502815][ T7232] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 237.502831][ T7232] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 237.502845][ T7232] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 237.502867][ T7232] [pid 7231] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7225] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 7239 attached ./strace-static-x86_64: Process 7238 attached [pid 7238] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7239] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7238] <... rseq resumed>) = 0 [pid 7239] <... rseq resumed>) = 0 [pid 7238] set_robust_list(0x7fb4715169a0, 24 [pid 7239] set_robust_list(0x7fb4714f59a0, 24 [pid 7238] <... set_robust_list resumed>) = 0 [pid 7239] <... set_robust_list resumed>) = 0 [pid 7238] rt_sigprocmask(SIG_SETMASK, [], [pid 7239] rt_sigprocmask(SIG_SETMASK, [], [pid 7238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7239] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7238] memfd_create("syzkaller", 0 [pid 7225] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7238] <... memfd_create resumed>) = 3 [pid 7238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 237.502888][ T7232] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 237.680668][ T7231] loop3: detected capacity change from 0 to 32768 [ 237.681549][ T7232] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 237.834612][ T7231] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 237.849798][ T7231] CPU: 1 UID: 0 PID: 7231 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 7225] <... futex resumed>) = 0 [pid 7232] <... mount resumed>) = -1 EEXIST (File exists) [pid 7239] <... openat resumed>) = 4 [pid 7226] <... ioctl resumed>) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7239] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7232] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7226] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7225] <... mmap resumed>) = 0x7fb4714b4000 [pid 7239] <... futex resumed>) = 0 [pid 7232] <... openat resumed>) = 3 [pid 7226] <... futex resumed>) = 0 [pid 7225] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE [pid 7239] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7232] ioctl(3, LOOP_CLR_FD [pid 7226] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... mprotect resumed>) = 0 [pid 7232] <... ioctl resumed>) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7232] close(3 [pid 7225] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0}./strace-static-x86_64: Process 7242 attached [pid 7242] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7225] <... clone3 resumed> => {parent_tid=[7242]}, 88) = 7242 [ 237.849830][ T7231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 237.849845][ T7231] Call Trace: [ 237.849852][ T7231] [ 237.849862][ T7231] dump_stack_lvl+0x189/0x250 [ 237.849893][ T7231] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.849919][ T7231] ? __pfx__printk+0x10/0x10 [ 237.849946][ T7231] ? kernfs_root+0x1c/0x230 [ 237.849971][ T7231] ? kernfs_path_from_node+0x250/0x290 [ 237.849993][ T7231] ? kernfs_path_from_node+0x2f/0x290 [ 237.850017][ T7231] sysfs_create_dir_ns+0x259/0x280 [pid 7242] <... rseq resumed>) = 0 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], [pid 7242] set_robust_list(0x7fb4714d49a0, 24 [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7242] <... set_robust_list resumed>) = 0 [pid 7225] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7242] rt_sigprocmask(SIG_SETMASK, [], [pid 7225] <... futex resumed>) = 0 [pid 7242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7225] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7242] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7225] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 237.850039][ T7231] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 237.850062][ T7231] ? do_raw_spin_unlock+0x122/0x240 [ 237.850099][ T7231] kobject_add_internal+0x59f/0xb40 [ 237.850127][ T7231] kobject_init_and_add+0x125/0x190 [ 237.850153][ T7231] ? __pfx_kobject_init_and_add+0x10/0x10 [ 237.850176][ T7231] ? __raw_spin_lock_init+0x45/0x100 [ 237.850201][ T7231] ? __init_swait_queue_head+0xa9/0x150 [ 237.850228][ T7231] gfs2_sys_fs_add+0x234/0x450 [ 237.850249][ T7231] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 237.850274][ T7231] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 237.850308][ T7231] gfs2_fill_super+0x13c0/0x20d0 [ 237.850343][ T7231] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.850371][ T7231] ? sb_set_blocksize+0x104/0x180 [ 237.850401][ T7231] ? setup_bdev_super+0x4c1/0x5b0 [ 237.850430][ T7231] get_tree_bdev_flags+0x40b/0x4d0 [ 237.850460][ T7231] ? __pfx_gfs2_fill_super+0x10/0x10 [ 237.850487][ T7231] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 237.850521][ T7231] gfs2_get_tree+0x51/0x1e0 [ 237.850547][ T7231] vfs_get_tree+0x8f/0x2b0 [ 237.850576][ T7231] do_new_mount+0x2a2/0xa30 [ 237.850609][ T7231] ? ns_capable+0x8a/0xf0 [ 237.850628][ T7231] ? __pfx_do_new_mount+0x10/0x10 [ 237.850657][ T7231] ? path_mount+0x61c/0xfe0 [ 237.850684][ T7231] ? user_path_at+0x44/0x60 [ 237.850712][ T7231] __se_sys_mount+0x317/0x410 [ 237.850746][ T7231] ? __pfx___se_sys_mount+0x10/0x10 [ 237.850775][ T7231] ? rcu_is_watching+0x15/0xb0 [ 237.850798][ T7231] ? __x64_sys_mount+0x20/0xc0 [ 237.850829][ T7231] do_syscall_64+0xfa/0x3b0 [ 237.850851][ T7231] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.850870][ T7231] ? clear_bhb_loop+0x60/0xb0 [ 237.850893][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.850913][ T7231] RIP: 0033:0x7fb47156b94a [ 237.850931][ T7231] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 237.850951][ T7231] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 237.850973][ T7231] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 237.850988][ T7231] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 237.851004][ T7231] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 237.851019][ T7231] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 237.851034][ T7231] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 237.851055][ T7231] [pid 7231] <... mount resumed>) = -1 EEXIST (File exists) [pid 7232] <... close resumed>) = 0 [pid 7231] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7232] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] <... openat resumed>) = 3 [pid 7231] ioctl(3, LOOP_CLR_FD) = 0 [pid 7232] <... futex resumed>) = 1 [pid 7232] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] close(3 [pid 7230] <... futex resumed>) = 0 [pid 7230] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7232] <... futex resumed>) = 0 [pid 7232] openat(AT_FDCWD, ".", O_RDONLY [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7232] <... openat resumed>) = 3 [pid 7232] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7232] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7230] <... futex resumed>) = 0 [pid 7230] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7232] <... futex resumed>) = 0 [ 237.851083][ T7231] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 238.176107][ T7231] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7232] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 7232] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7230] <... futex resumed>) = 0 [pid 7230] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7232] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7232] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7230] <... futex resumed>) = 0 [pid 7232] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7230] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7230] <... futex resumed>) = 0 [pid 7232] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7230] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7225] exit_group(0 [pid 7239] <... futex resumed>) = ? [pid 7226] <... futex resumed>) = ? [pid 7225] <... exit_group resumed>) = ? [pid 7239] +++ exited with 0 +++ [pid 7226] +++ exited with 0 +++ [pid 7242] <... write resumed>) = ? [pid 7242] +++ exited with 0 +++ [pid 7225] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7225, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=80 /* 0.80 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./67/file0") = 0 [pid 5869] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./67/binderfs" [pid 7231] <... close resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5869] umount2("./67/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./67/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5660608, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./67/cpuset.effective_mems" [pid 7231] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] <... futex resumed>) = 0 [pid 7227] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7231] <... futex resumed>) = 1 [pid 7231] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7231] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] <... futex resumed>) = 0 [pid 7231] <... futex resumed>) = 1 [pid 7227] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7227] <... futex resumed>) = 0 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7231] <... ioctl resumed>) = 0 [pid 7238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7231] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7227] <... futex resumed>) = 0 [pid 7227] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7231] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7231] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] <... futex resumed>) = 0 [pid 7231] <... futex resumed>) = 1 [pid 7227] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7227] <... futex resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 7227] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./67") = 0 [pid 5869] mkdir("./68", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7244 attached , child_tidptr=0x55558d547750) = 7244 [pid 7244] set_robust_list(0x55558d547760, 24) = 0 [pid 7244] chdir("./68") = 0 [pid 7244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7244] setpgid(0, 0) = 0 [pid 7244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7244] write(3, "1000", 4) = 4 [pid 7244] close(3) = 0 [pid 7244] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7244] write(1, "executing program\n", 18) = 18 [pid 7244] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7244] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7245]}, 88) = 7245 [pid 7244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7244] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7245 attached [pid 7245] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7244] <... futex resumed>) = 0 [pid 7244] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7245] <... rseq resumed>) = 0 [pid 7245] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7245] rt_sigprocmask(SIG_SETMASK, [], [pid 7227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7245] memfd_create("syzkaller", 0) = 3 [pid 7245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7230] exit_group(0) = ? [pid 7232] <... write resumed>) = ? [pid 7232] +++ exited with 0 +++ [pid 7230] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7230, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=78 /* 0.78 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./71/file0") = 0 [pid 5868] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./71/binderfs") = 0 [pid 5868] umount2("./71/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./71/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7589824, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./71/cpuset.effective_mems" [pid 7238] <... write resumed>) = 16777216 [pid 7238] munmap(0x7fb469000000, 138412032 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./71") = 0 [pid 5868] mkdir("./72", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7248 attached [pid 7238] <... munmap resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7248 [pid 7248] set_robust_list(0x55558d547760, 24) = 0 [pid 7248] chdir("./72") = 0 [pid 7248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7248] setpgid(0, 0) = 0 [pid 7248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7248] write(3, "1000", 4) = 4 [pid 7248] close(3) = 0 [pid 7248] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7248] write(1, "executing program\n", 18) = 18 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7248] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7248] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7238] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7249 attached [pid 7248] <... clone3 resumed> => {parent_tid=[7249]}, 88) = 7249 [pid 7248] rt_sigprocmask(SIG_SETMASK, [], [pid 7249] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7249] <... rseq resumed>) = 0 [pid 7248] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] set_robust_list(0x7fb4715169a0, 24 [pid 7248] <... futex resumed>) = 0 [pid 7249] <... set_robust_list resumed>) = 0 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7249] memfd_create("syzkaller", 0 [pid 7238] <... ioctl resumed>) = 0 [pid 7249] <... memfd_create resumed>) = 3 [pid 7249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7238] close(3) = 0 [pid 7238] close(4) = 0 [pid 7238] mkdir("./file0", 0777) = 0 [ 238.699286][ T7238] loop0: detected capacity change from 0 to 32768 [ 238.737299][ T7238] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 238.744827][ T7238] CPU: 1 UID: 0 PID: 7238 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 238.744858][ T7238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 238.744872][ T7238] Call Trace: [ 238.744882][ T7238] [ 238.744891][ T7238] dump_stack_lvl+0x189/0x250 [ 238.744923][ T7238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.744948][ T7238] ? __pfx__printk+0x10/0x10 [ 238.744975][ T7238] ? kernfs_root+0x1c/0x230 [ 238.745001][ T7238] ? kernfs_path_from_node+0x250/0x290 [pid 7238] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7227] exit_group(0) = ? [pid 7231] <... write resumed>) = ? [ 238.745023][ T7238] ? kernfs_path_from_node+0x2f/0x290 [ 238.745049][ T7238] sysfs_create_dir_ns+0x259/0x280 [ 238.745072][ T7238] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 238.745095][ T7238] ? do_raw_spin_unlock+0x122/0x240 [ 238.745128][ T7238] kobject_add_internal+0x59f/0xb40 [ 238.745155][ T7238] kobject_init_and_add+0x125/0x190 [ 238.745181][ T7238] ? __pfx_kobject_init_and_add+0x10/0x10 [ 238.745204][ T7238] ? __raw_spin_lock_init+0x45/0x100 [ 238.745236][ T7238] ? __init_swait_queue_head+0xa9/0x150 [ 238.745262][ T7238] gfs2_sys_fs_add+0x234/0x450 [ 238.745284][ T7238] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 238.745308][ T7238] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 238.745342][ T7238] gfs2_fill_super+0x13c0/0x20d0 [ 238.745376][ T7238] ? __pfx_gfs2_fill_super+0x10/0x10 [ 238.745404][ T7238] ? sb_set_blocksize+0x104/0x180 [ 238.745434][ T7238] ? setup_bdev_super+0x4c1/0x5b0 [ 238.745464][ T7238] get_tree_bdev_flags+0x40b/0x4d0 [ 238.745492][ T7238] ? __pfx_gfs2_fill_super+0x10/0x10 [ 238.745518][ T7238] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 238.745552][ T7238] gfs2_get_tree+0x51/0x1e0 [ 238.745580][ T7238] vfs_get_tree+0x8f/0x2b0 [ 238.745608][ T7238] do_new_mount+0x2a2/0xa30 [ 238.745639][ T7238] ? ns_capable+0x8a/0xf0 [ 238.745658][ T7238] ? __pfx_do_new_mount+0x10/0x10 [ 238.745688][ T7238] ? path_mount+0x61c/0xfe0 [ 238.745715][ T7238] ? user_path_at+0x44/0x60 [ 238.745743][ T7238] __se_sys_mount+0x317/0x410 [ 238.745776][ T7238] ? __pfx___se_sys_mount+0x10/0x10 [ 238.745804][ T7238] ? rcu_is_watching+0x15/0xb0 [ 238.745827][ T7238] ? __x64_sys_mount+0x20/0xc0 [ 238.745857][ T7238] do_syscall_64+0xfa/0x3b0 [ 238.745878][ T7238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.745899][ T7238] ? clear_bhb_loop+0x60/0xb0 [ 238.745922][ T7238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.745943][ T7238] RIP: 0033:0x7fb47156b94a [ 238.745962][ T7238] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 238.745982][ T7238] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 238.746005][ T7238] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 238.746021][ T7238] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 238.746037][ T7238] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 238.746052][ T7238] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 238.746065][ T7238] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 238.746086][ T7238] [ 239.050686][ T7238] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 239.075912][ T7238] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7238] <... mount resumed>) = -1 EEXIST (File exists) [pid 7231] +++ exited with 0 +++ [pid 7227] +++ exited with 0 +++ [pid 7238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7238] ioctl(3, LOOP_CLR_FD) = 0 [pid 7238] close(3) = 0 [pid 7238] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7227, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=99 /* 0.99 s */} --- [pid 5870] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./69/file0", [pid 7237] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7237] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7238] <... futex resumed>) = 0 [pid 7237] <... futex resumed>) = 1 [pid 7238] openat(AT_FDCWD, ".", O_RDONLY [pid 7237] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7238] <... openat resumed>) = 3 [pid 5870] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7238] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 4 [pid 7238] <... futex resumed>) = 1 [pid 7237] <... futex resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7237] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7237] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7237] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 7238] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./69/file0") = 0 [pid 5870] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./69/binderfs") = 0 [pid 5870] umount2("./69/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./69/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8224768, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./69/cpuset.effective_mems" [pid 7249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7237] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7237] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7237] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7253 attached => {parent_tid=[7253]}, 88) = 7253 [pid 7237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7237] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7253] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7253] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7253] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7238] <... ioctl resumed>) = 0 [pid 7253] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7237] <... futex resumed>) = 0 [pid 7253] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7238] <... futex resumed>) = 0 [pid 7237] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7238] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... unlink resumed>) = 0 [pid 7237] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./69") = 0 [pid 5870] mkdir("./70", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3 [pid 7245] <... write resumed>) = 16777216 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7254 attached [pid 7245] munmap(0x7fb469000000, 138412032 [pid 7254] set_robust_list(0x55558d547760, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7254 [pid 7254] <... set_robust_list resumed>) = 0 [pid 7254] chdir("./70") = 0 [pid 7254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7254] setpgid(0, 0) = 0 [pid 7254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7254] write(3, "1000", 4) = 4 [pid 7254] close(3) = 0 [pid 7254] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7254] write(1, "executing program\n", 18) = 18 [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7254] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7254] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7255 attached => {parent_tid=[7255]}, 88) = 7255 [pid 7255] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7255] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7255] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7254] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] <... futex resumed>) = 0 [pid 7254] <... futex resumed>) = 1 [pid 7255] memfd_create("syzkaller", 0 [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7255] <... memfd_create resumed>) = 3 [pid 7255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7245] <... munmap resumed>) = 0 [pid 7245] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7245] close(3) = 0 [pid 7245] close(4) = 0 [pid 7245] mkdir("./file0", 0777) = 0 [pid 7245] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7237] exit_group(0 [pid 7253] <... futex resumed>) = ? [pid 7237] <... exit_group resumed>) = ? [pid 7253] +++ exited with 0 +++ [pid 7238] <... write resumed>) = ? [ 239.468262][ T7245] loop2: detected capacity change from 0 to 32768 [ 239.501742][ T7245] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 239.514206][ T7245] CPU: 0 UID: 0 PID: 7245 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 239.514239][ T7245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 239.514253][ T7245] Call Trace: [ 239.514262][ T7245] [ 239.514271][ T7245] dump_stack_lvl+0x189/0x250 [ 239.514303][ T7245] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.514327][ T7245] ? __pfx__printk+0x10/0x10 [ 239.514353][ T7245] ? kernfs_root+0x1c/0x230 [ 239.514378][ T7245] ? kernfs_path_from_node+0x250/0x290 [ 239.514399][ T7245] ? kernfs_path_from_node+0x2f/0x290 [ 239.514422][ T7245] sysfs_create_dir_ns+0x259/0x280 [ 239.514446][ T7245] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 239.514468][ T7245] ? do_raw_spin_unlock+0x122/0x240 [ 239.514495][ T7245] kobject_add_internal+0x59f/0xb40 [ 239.514523][ T7245] kobject_init_and_add+0x125/0x190 [ 239.514548][ T7245] ? __pfx_kobject_init_and_add+0x10/0x10 [ 239.514572][ T7245] ? __raw_spin_lock_init+0x45/0x100 [ 239.514596][ T7245] ? __init_swait_queue_head+0xa9/0x150 [ 239.514623][ T7245] gfs2_sys_fs_add+0x234/0x450 [ 239.514644][ T7245] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 239.514668][ T7245] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 239.514702][ T7245] gfs2_fill_super+0x13c0/0x20d0 [ 239.514735][ T7245] ? __pfx_gfs2_fill_super+0x10/0x10 [ 239.514763][ T7245] ? sb_set_blocksize+0x104/0x180 [ 239.514792][ T7245] ? setup_bdev_super+0x4c1/0x5b0 [ 239.514820][ T7245] get_tree_bdev_flags+0x40b/0x4d0 [ 239.514847][ T7245] ? __pfx_gfs2_fill_super+0x10/0x10 [ 239.514870][ T7245] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 239.514902][ T7245] gfs2_get_tree+0x51/0x1e0 [ 239.514930][ T7245] vfs_get_tree+0x8f/0x2b0 [ 239.514958][ T7245] do_new_mount+0x2a2/0xa30 [ 239.514990][ T7245] ? ns_capable+0x8a/0xf0 [ 239.515009][ T7245] ? __pfx_do_new_mount+0x10/0x10 [ 239.515037][ T7245] ? path_mount+0x61c/0xfe0 [ 239.515065][ T7245] ? user_path_at+0x44/0x60 [ 239.515092][ T7245] __se_sys_mount+0x317/0x410 [ 239.515129][ T7245] ? __pfx___se_sys_mount+0x10/0x10 [ 239.515158][ T7245] ? rcu_is_watching+0x15/0xb0 [ 239.515187][ T7245] ? __x64_sys_mount+0x20/0xc0 [ 239.515219][ T7245] do_syscall_64+0xfa/0x3b0 [ 239.515240][ T7245] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.515260][ T7245] ? clear_bhb_loop+0x60/0xb0 [ 239.515282][ T7245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.515302][ T7245] RIP: 0033:0x7fb47156b94a [ 239.515321][ T7245] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 239.515339][ T7245] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 239.515362][ T7245] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 239.515384][ T7245] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 239.515401][ T7245] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 239.515416][ T7245] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 239.515429][ T7245] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 239.515451][ T7245] [pid 7249] <... write resumed>) = 16777216 [pid 7255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7238] +++ exited with 0 +++ [pid 7237] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7237, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- [pid 5867] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./70/file0") = 0 [pid 5867] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./70/binderfs") = 0 [pid 5867] umount2("./70/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./70/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8187904, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./70/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./70") = 0 [pid 5867] mkdir("./71", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7259 [pid 7249] munmap(0x7fb469000000, 138412032./strace-static-x86_64: Process 7259 attached [pid 7259] set_robust_list(0x55558d547760, 24) = 0 [pid 7259] chdir("./71") = 0 [pid 7259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7259] setpgid(0, 0) = 0 [pid 7259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7259] write(3, "1000", 4) = 4 [pid 7259] close(3) = 0 [pid 7259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7249] <... munmap resumed>) = 0 executing program [pid 7259] write(1, "executing program\n", 18) = 18 [pid 7259] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7259] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7260]}, 88) = 7260 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7260 attached [pid 7259] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7260] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7259] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7260] <... rseq resumed>) = 0 [pid 7260] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7249] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7260] memfd_create("syzkaller", 0) = 3 [pid 7260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7249] <... openat resumed>) = 4 [pid 7249] ioctl(4, LOOP_SET_FD, 3 [pid 7245] <... mount resumed>) = -1 EEXIST (File exists) [pid 7249] <... ioctl resumed>) = 0 [pid 7249] close(3 [pid 7245] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7249] <... close resumed>) = 0 [pid 7249] close(4 [pid 7245] <... openat resumed>) = 3 [pid 7249] <... close resumed>) = 0 [pid 7249] mkdir("./file0", 0777) = 0 [pid 7249] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7245] ioctl(3, LOOP_CLR_FD) = 0 [ 239.912939][ T7245] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 239.927318][ T7245] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 239.938111][ T7249] loop1: detected capacity change from 0 to 32768 [ 239.986685][ T7249] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 239.994137][ T7249] CPU: 0 UID: 0 PID: 7249 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 239.994169][ T7249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 239.994194][ T7249] Call Trace: [ 239.994203][ T7249] [ 239.994213][ T7249] dump_stack_lvl+0x189/0x250 [ 239.994245][ T7249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.994271][ T7249] ? __pfx__printk+0x10/0x10 [ 239.994298][ T7249] ? kernfs_root+0x1c/0x230 [ 239.994325][ T7249] ? kernfs_path_from_node+0x250/0x290 [ 239.994348][ T7249] ? kernfs_path_from_node+0x2f/0x290 [ 239.994373][ T7249] sysfs_create_dir_ns+0x259/0x280 [ 239.994397][ T7249] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 239.994421][ T7249] ? do_raw_spin_unlock+0x122/0x240 [ 239.994450][ T7249] kobject_add_internal+0x59f/0xb40 [ 239.994480][ T7249] kobject_init_and_add+0x125/0x190 [ 239.994505][ T7249] ? __pfx_kobject_init_and_add+0x10/0x10 [ 239.994529][ T7249] ? __raw_spin_lock_init+0x45/0x100 [ 239.994554][ T7249] ? __init_swait_queue_head+0xa9/0x150 [ 239.994579][ T7249] gfs2_sys_fs_add+0x234/0x450 [ 239.994600][ T7249] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 239.994622][ T7249] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 239.994655][ T7249] gfs2_fill_super+0x13c0/0x20d0 [ 239.994689][ T7249] ? __pfx_gfs2_fill_super+0x10/0x10 [ 239.994717][ T7249] ? sb_set_blocksize+0x104/0x180 [ 239.994748][ T7249] ? setup_bdev_super+0x4c1/0x5b0 [ 239.994778][ T7249] get_tree_bdev_flags+0x40b/0x4d0 [ 239.994807][ T7249] ? __pfx_gfs2_fill_super+0x10/0x10 [ 239.994833][ T7249] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 239.994867][ T7249] gfs2_get_tree+0x51/0x1e0 [ 239.994895][ T7249] vfs_get_tree+0x8f/0x2b0 [ 239.994924][ T7249] do_new_mount+0x2a2/0xa30 [ 239.994956][ T7249] ? ns_capable+0x8a/0xf0 [ 239.994975][ T7249] ? __pfx_do_new_mount+0x10/0x10 [ 239.995003][ T7249] ? path_mount+0x61c/0xfe0 [ 239.995030][ T7249] ? user_path_at+0x44/0x60 [ 239.995057][ T7249] __se_sys_mount+0x317/0x410 [ 239.995089][ T7249] ? __pfx___se_sys_mount+0x10/0x10 [ 239.995131][ T7249] ? rcu_is_watching+0x15/0xb0 [ 239.995154][ T7249] ? __x64_sys_mount+0x20/0xc0 [ 239.995182][ T7249] do_syscall_64+0xfa/0x3b0 [ 239.995203][ T7249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.995224][ T7249] ? clear_bhb_loop+0x60/0xb0 [ 239.995246][ T7249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.995266][ T7249] RIP: 0033:0x7fb47156b94a [ 239.995285][ T7249] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 239.995303][ T7249] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 239.995327][ T7249] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 239.995343][ T7249] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 239.995358][ T7249] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 239.995373][ T7249] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 239.995386][ T7249] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 239.995408][ T7249] [pid 7245] close(3 [pid 7255] <... write resumed>) = 16777216 [pid 7245] <... close resumed>) = 0 [pid 7255] munmap(0x7fb469000000, 138412032 [pid 7245] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] <... munmap resumed>) = 0 [pid 7245] <... futex resumed>) = 1 [pid 7245] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7255] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7244] <... futex resumed>) = 0 [pid 7244] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7244] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7245] <... futex resumed>) = 0 [pid 7245] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7245] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7245] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7244] <... futex resumed>) = 0 [pid 7244] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7245] <... futex resumed>) = 0 [pid 7244] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7245] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7255] <... openat resumed>) = 4 [pid 7255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7255] close(3) = 0 [pid 7255] close(4) = 0 [pid 7255] mkdir("./file0", 0777) = 0 [pid 7255] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7249] <... mount resumed>) = -1 EEXIST (File exists) [pid 7260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7249] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7244] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7244] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 7249] <... openat resumed>) = 3 [pid 7244] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7244] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7244] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7265]}, 88) = 7265 [pid 7244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7244] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7265 attached [pid 7265] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [ 240.388128][ T7255] loop3: detected capacity change from 0 to 32768 [ 240.396760][ T7249] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 240.410916][ T7249] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 240.430902][ T7255] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 240.442736][ T7255] CPU: 1 UID: 0 PID: 7255 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 240.442768][ T7255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 240.442782][ T7255] Call Trace: [ 240.442790][ T7255] [ 240.442800][ T7255] dump_stack_lvl+0x189/0x250 [ 240.442832][ T7255] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.442857][ T7255] ? __pfx__printk+0x10/0x10 [ 240.442885][ T7255] ? kernfs_root+0x1c/0x230 [ 240.442912][ T7255] ? kernfs_path_from_node+0x250/0x290 [ 240.442935][ T7255] ? kernfs_path_from_node+0x2f/0x290 [ 240.442960][ T7255] sysfs_create_dir_ns+0x259/0x280 [ 240.442983][ T7255] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 240.443006][ T7255] ? do_raw_spin_unlock+0x122/0x240 [ 240.443034][ T7255] kobject_add_internal+0x59f/0xb40 [ 240.443063][ T7255] kobject_init_and_add+0x125/0x190 [ 240.443089][ T7255] ? __pfx_kobject_init_and_add+0x10/0x10 [ 240.443113][ T7255] ? __raw_spin_lock_init+0x45/0x100 [ 240.443146][ T7255] ? __init_swait_queue_head+0xa9/0x150 [ 240.443173][ T7255] gfs2_sys_fs_add+0x234/0x450 [ 240.443195][ T7255] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 240.443219][ T7255] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 240.443253][ T7255] gfs2_fill_super+0x13c0/0x20d0 [ 240.443304][ T7255] ? __pfx_gfs2_fill_super+0x10/0x10 [ 240.443334][ T7255] ? sb_set_blocksize+0x104/0x180 [ 240.443364][ T7255] ? setup_bdev_super+0x4c1/0x5b0 [ 240.443394][ T7255] get_tree_bdev_flags+0x40b/0x4d0 [ 240.443423][ T7255] ? __pfx_gfs2_fill_super+0x10/0x10 [ 240.443450][ T7255] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 240.443485][ T7255] gfs2_get_tree+0x51/0x1e0 [ 240.443513][ T7255] vfs_get_tree+0x8f/0x2b0 [ 240.443542][ T7255] do_new_mount+0x2a2/0xa30 [ 240.443585][ T7255] ? ns_capable+0x8a/0xf0 [ 240.443605][ T7255] ? __pfx_do_new_mount+0x10/0x10 [ 240.443635][ T7255] ? path_mount+0x61c/0xfe0 [ 240.443662][ T7255] ? user_path_at+0x44/0x60 [ 240.443690][ T7255] __se_sys_mount+0x317/0x410 [ 240.443724][ T7255] ? __pfx___se_sys_mount+0x10/0x10 [ 240.443754][ T7255] ? rcu_is_watching+0x15/0xb0 [ 240.443778][ T7255] ? __x64_sys_mount+0x20/0xc0 [ 240.443810][ T7255] do_syscall_64+0xfa/0x3b0 [ 240.443832][ T7255] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.443853][ T7255] ? clear_bhb_loop+0x60/0xb0 [ 240.443876][ T7255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.443897][ T7255] RIP: 0033:0x7fb47156b94a [ 240.443916][ T7255] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 240.443935][ T7255] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 240.443958][ T7255] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 240.443973][ T7255] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 240.443989][ T7255] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 240.444004][ T7255] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 240.444018][ T7255] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 240.444040][ T7255] [pid 7265] set_robust_list(0x7fb4714f59a0, 24 [pid 7244] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7244] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7244] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7266]}, 88) = 7266 [pid 7244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7244] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7244] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7260] <... write resumed>) = 16777216 [pid 7244] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7260] munmap(0x7fb469000000, 138412032 [pid 7249] ioctl(3, LOOP_CLR_FD) = 0 [pid 7249] close(3 [pid 7265] <... set_robust_list resumed>) = 0 [pid 7249] <... close resumed>) = 0 [pid 7249] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7249] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7248] <... futex resumed>) = 0 [pid 7248] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7249] <... futex resumed>) = 0 [pid 7249] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7249] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7248] <... futex resumed>) = 0 [pid 7248] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7249] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]./strace-static-x86_64: Process 7266 attached [pid 7265] rt_sigprocmask(SIG_SETMASK, [], [pid 7266] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7265] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7266] <... rseq resumed>) = 0 [pid 7266] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7266] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7266] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7265] <... openat resumed>) = 4 [pid 7255] <... mount resumed>) = -1 EEXIST (File exists) [pid 7245] <... ioctl resumed>) = 0 [pid 7266] <... futex resumed>) = 0 [pid 7265] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7245] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7244] exit_group(0 [pid 7255] <... openat resumed>) = 3 [pid 7245] <... futex resumed>) = ? [pid 7244] <... exit_group resumed>) = ? [pid 7265] <... futex resumed>) = ? [pid 7255] ioctl(3, LOOP_CLR_FD [pid 7245] +++ exited with 0 +++ [pid 7255] <... ioctl resumed>) = 0 [pid 7265] +++ exited with 0 +++ [pid 7266] +++ exited with 0 +++ [pid 7244] +++ exited with 0 +++ [pid 7255] close(3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7244, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [pid 7255] <... close resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7255] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] <... ioctl resumed>) = 0 [pid 7249] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7249] <... futex resumed>) = 1 [pid 7248] <... futex resumed>) = 0 [pid 7249] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7248] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7248] <... futex resumed>) = 0 [pid 5869] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7249] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7255] <... futex resumed>) = 1 [pid 7254] <... futex resumed>) = 0 [pid 7249] <... openat resumed>) = 4 [pid 5869] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7255] openat(AT_FDCWD, ".", O_RDONLY [pid 7254] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 3 [pid 7254] <... futex resumed>) = 0 [pid 7249] <... futex resumed>) = 1 [pid 7248] <... futex resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7249] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7248] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7248] <... futex resumed>) = 0 [pid 5869] getdents64(3, [ 240.746532][ T7255] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 240.761228][ T7255] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7249] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7248] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7255] <... openat resumed>) = 3 [pid 5869] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7255] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7255] <... futex resumed>) = 1 [pid 7254] <... futex resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./68/file0", [pid 7255] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7254] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7254] <... futex resumed>) = 0 [pid 5869] umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7255] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7255] <... ioctl resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7255] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... futex resumed>) = 0 [pid 7255] <... futex resumed>) = 1 [pid 5869] close(4 [pid 7254] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7254] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./68/file0" [pid 7255] <... openat resumed>) = 4 [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./68/binderfs") = 0 [pid 5869] umount2("./68/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./68/cpuset.effective_mems", [pid 7255] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7254] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7255] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7254] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] unlink("./68/cpuset.effective_mems" [pid 7254] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./68") = 0 [pid 5869] mkdir("./69", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7267 attached [pid 7267] set_robust_list(0x55558d547760, 24) = 0 [pid 7267] chdir("./69" [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7267 [pid 7267] <... chdir resumed>) = 0 [pid 7267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7267] setpgid(0, 0) = 0 [pid 7267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7267] write(3, "1000", 4) = 4 [pid 7267] close(3) = 0 [pid 7267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7248] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7267] write(1, "executing program\n", 18executing program ) = 18 [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7267] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7268 attached => {parent_tid=[7268]}, 88) = 7268 [pid 7267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7267] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7268] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7268] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7268] memfd_create("syzkaller", 0 [pid 7254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7268] <... memfd_create resumed>) = 3 [pid 7268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7260] <... munmap resumed>) = 0 [pid 7255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7255] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7260] ioctl(4, LOOP_SET_FD, 3) = 0 [ 240.956343][ T7260] loop0: detected capacity change from 0 to 32768 [pid 7260] close(3) = 0 [pid 7260] close(4) = 0 [pid 7260] mkdir("./file0", 0777) = 0 [pid 7260] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 241.088543][ T7260] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 241.115224][ T7260] CPU: 0 UID: 0 PID: 7260 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 241.115257][ T7260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 241.115288][ T7260] Call Trace: [ 241.115297][ T7260] [ 241.115306][ T7260] dump_stack_lvl+0x189/0x250 [ 241.115338][ T7260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.115362][ T7260] ? __pfx__printk+0x10/0x10 [ 241.115389][ T7260] ? kernfs_root+0x1c/0x230 [ 241.115413][ T7260] ? kernfs_path_from_node+0x250/0x290 [ 241.115435][ T7260] ? kernfs_path_from_node+0x2f/0x290 [ 241.115458][ T7260] sysfs_create_dir_ns+0x259/0x280 [ 241.115481][ T7260] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 241.115502][ T7260] ? do_raw_spin_unlock+0x122/0x240 [ 241.115528][ T7260] kobject_add_internal+0x59f/0xb40 [ 241.115555][ T7260] kobject_init_and_add+0x125/0x190 [ 241.115581][ T7260] ? __pfx_kobject_init_and_add+0x10/0x10 [ 241.115603][ T7260] ? __raw_spin_lock_init+0x45/0x100 [ 241.115626][ T7260] ? __init_swait_queue_head+0xa9/0x150 [ 241.115652][ T7260] gfs2_sys_fs_add+0x234/0x450 [ 241.115674][ T7260] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 241.115697][ T7260] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 241.115730][ T7260] gfs2_fill_super+0x13c0/0x20d0 [pid 7268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7254] exit_group(0) = ? [pid 7248] exit_group(0) = ? [ 241.115772][ T7260] ? __pfx_gfs2_fill_super+0x10/0x10 [ 241.115800][ T7260] ? sb_set_blocksize+0x104/0x180 [ 241.115831][ T7260] ? setup_bdev_super+0x4c1/0x5b0 [ 241.115860][ T7260] get_tree_bdev_flags+0x40b/0x4d0 [ 241.115886][ T7260] ? __pfx_gfs2_fill_super+0x10/0x10 [ 241.115911][ T7260] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 241.115943][ T7260] gfs2_get_tree+0x51/0x1e0 [ 241.115970][ T7260] vfs_get_tree+0x8f/0x2b0 [ 241.115998][ T7260] do_new_mount+0x2a2/0xa30 [ 241.116031][ T7260] ? ns_capable+0x8a/0xf0 [pid 7268] <... write resumed>) = 16777216 [pid 7255] <... write resumed>) = ? [pid 7249] <... write resumed>) = ? [ 241.116050][ T7260] ? __pfx_do_new_mount+0x10/0x10 [ 241.116079][ T7260] ? path_mount+0x61c/0xfe0 [ 241.116105][ T7260] ? user_path_at+0x44/0x60 [ 241.116132][ T7260] __se_sys_mount+0x317/0x410 [ 241.116164][ T7260] ? __pfx___se_sys_mount+0x10/0x10 [ 241.116192][ T7260] ? rcu_is_watching+0x15/0xb0 [ 241.116215][ T7260] ? __x64_sys_mount+0x20/0xc0 [ 241.116245][ T7260] do_syscall_64+0xfa/0x3b0 [ 241.116266][ T7260] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.116286][ T7260] ? clear_bhb_loop+0x60/0xb0 [pid 7268] munmap(0x7fb469000000, 138412032 [pid 7255] +++ exited with 0 +++ [pid 7254] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7254, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=32 /* 0.32 s */} --- [pid 5870] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./70/file0") = 0 [pid 5870] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./70/binderfs") = 0 [pid 5870] umount2("./70/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./70/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=2383872, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 241.116308][ T7260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.116327][ T7260] RIP: 0033:0x7fb47156b94a [ 241.116345][ T7260] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 241.116364][ T7260] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 241.116385][ T7260] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 5870] unlink("./70/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./70" [pid 7249] +++ exited with 0 +++ [pid 7248] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7248, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=34 /* 0.34 s */} --- [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./71", 0777 [pid 7260] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7268] <... munmap resumed>) = 0 [pid 7260] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7268] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 7268] <... openat resumed>) = 4 [pid 5870] ioctl(3, LOOP_CLR_FD [ 241.116410][ T7260] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 241.116425][ T7260] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 241.116440][ T7260] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 241.116454][ T7260] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 241.116475][ T7260] [ 241.116609][ T7260] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 241.433369][ T7260] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7268] ioctl(4, LOOP_SET_FD, 3 [pid 7260] <... openat resumed>) = 3 [pid 5870] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7260] ioctl(3, LOOP_CLR_FD [pid 5870] close(3 [pid 7260] <... ioctl resumed>) = 0 [pid 5868] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7268] <... ioctl resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7271 attached [pid 7268] close(3 [pid 7260] close(3 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7271 [pid 5868] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7271] set_robust_list(0x55558d547760, 24 [pid 7268] <... close resumed>) = 0 [pid 7268] close(4 [pid 7271] <... set_robust_list resumed>) = 0 [pid 7271] chdir("./71" [pid 5868] <... openat resumed>) = 3 [pid 7271] <... chdir resumed>) = 0 [pid 7271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7268] <... close resumed>) = 0 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 7268] mkdir("./file0", 0777 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7271] setpgid(0, 0 [pid 5868] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./72/file0", [pid 7271] <... setpgid resumed>) = 0 [pid 7268] <... mkdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7268] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5868] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7271] <... openat resumed>) = 3 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7271] write(3, "1000", 4 [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 7271] <... write resumed>) = 4 [pid 7271] close(3 [pid 5868] <... close resumed>) = 0 [pid 7271] <... close resumed>) = 0 [pid 5868] rmdir("./72/file0" [pid 7271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./72/binderfs", executing program [pid 7271] write(1, "executing program\n", 18 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7271] <... write resumed>) = 18 [pid 5868] unlink("./72/binderfs") = 0 [pid 5868] umount2("./72/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(AT_FDCWD, "./72/cpuset.effective_mems", [pid 7271] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=3846080, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./72/cpuset.effective_mems" [pid 7271] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [ 241.454572][ T7268] loop2: detected capacity change from 0 to 32768 [pid 7271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7271] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7274 attached => {parent_tid=[7274]}, 88) = 7274 [pid 7274] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7271] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7274] <... rseq resumed>) = 0 [pid 7274] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7274] memfd_create("syzkaller", 0) = 3 [pid 7274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./72") = 0 [pid 5868] mkdir("./73", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 241.523983][ T7268] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 241.559825][ T7268] CPU: 0 UID: 0 PID: 7268 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 5868] close(3) = 0 [ 241.559858][ T7268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 241.559872][ T7268] Call Trace: [ 241.559881][ T7268] [ 241.559891][ T7268] dump_stack_lvl+0x189/0x250 [ 241.559923][ T7268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.559948][ T7268] ? __pfx__printk+0x10/0x10 [ 241.559976][ T7268] ? kernfs_root+0x1c/0x230 [ 241.560001][ T7268] ? kernfs_path_from_node+0x250/0x290 [ 241.560024][ T7268] ? kernfs_path_from_node+0x2f/0x290 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7275 attached [pid 7275] set_robust_list(0x55558d547760, 24) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7275 [pid 7275] chdir("./73") = 0 [pid 7275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7275] setpgid(0, 0) = 0 [pid 7275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7275] write(3, "1000", 4) = 4 [pid 7275] close(3) = 0 [pid 7275] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7275] write(1, "executing program\n", 18) = 18 [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7275] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7275] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7276]}, 88) = 7276 [pid 7275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7275] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 241.560048][ T7268] sysfs_create_dir_ns+0x259/0x280 [ 241.560071][ T7268] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 241.560094][ T7268] ? do_raw_spin_unlock+0x122/0x240 [ 241.560123][ T7268] kobject_add_internal+0x59f/0xb40 [ 241.560151][ T7268] kobject_init_and_add+0x125/0x190 [ 241.560176][ T7268] ? __pfx_kobject_init_and_add+0x10/0x10 [ 241.560199][ T7268] ? __raw_spin_lock_init+0x45/0x100 [ 241.560225][ T7268] ? __init_swait_queue_head+0xa9/0x150 [ 241.560250][ T7268] gfs2_sys_fs_add+0x234/0x450 [ 241.560272][ T7268] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 241.560295][ T7268] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 241.560329][ T7268] gfs2_fill_super+0x13c0/0x20d0 [ 241.560365][ T7268] ? __pfx_gfs2_fill_super+0x10/0x10 [ 241.560394][ T7268] ? sb_set_blocksize+0x104/0x180 [ 241.560425][ T7268] ? setup_bdev_super+0x4c1/0x5b0 [ 241.560456][ T7268] get_tree_bdev_flags+0x40b/0x4d0 [ 241.560484][ T7268] ? __pfx_gfs2_fill_super+0x10/0x10 [ 241.560510][ T7268] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 241.560544][ T7268] gfs2_get_tree+0x51/0x1e0 [ 241.560572][ T7268] vfs_get_tree+0x8f/0x2b0 [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7260] <... close resumed>) = 0 [pid 7260] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] <... futex resumed>) = 0 [pid 7259] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7260] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7260] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... futex resumed>) = 0 [pid 7259] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7260] <... futex resumed>) = 1 [pid 7260] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]./strace-static-x86_64: Process 7276 attached [pid 7276] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7276] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7276] memfd_create("syzkaller", 0) = 3 [pid 7276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 241.560601][ T7268] do_new_mount+0x2a2/0xa30 [ 241.560633][ T7268] ? ns_capable+0x8a/0xf0 [ 241.560653][ T7268] ? __pfx_do_new_mount+0x10/0x10 [ 241.560682][ T7268] ? path_mount+0x61c/0xfe0 [ 241.560717][ T7268] ? user_path_at+0x44/0x60 [ 241.560744][ T7268] __se_sys_mount+0x317/0x410 [ 241.560778][ T7268] ? __pfx___se_sys_mount+0x10/0x10 [ 241.560807][ T7268] ? rcu_is_watching+0x15/0xb0 [ 241.560830][ T7268] ? __x64_sys_mount+0x20/0xc0 [ 241.560861][ T7268] do_syscall_64+0xfa/0x3b0 [pid 7259] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7259] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7259] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7259] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7277]}, 88) = 7277 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7259] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7277 attached [pid 7277] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7277] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 241.560883][ T7268] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.560904][ T7268] ? clear_bhb_loop+0x60/0xb0 [ 241.560927][ T7268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.560949][ T7268] RIP: 0033:0x7fb47156b94a [ 241.560967][ T7268] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 241.560990][ T7268] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [pid 7277] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7259] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7259] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7259] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7278]}, 88) = 7278 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7278 attached [pid 7259] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7278] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7259] <... futex resumed>) = 0 [pid 7278] <... rseq resumed>) = 0 [pid 7259] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7278] set_robust_list(0x7fb4714d49a0, 24) = 0 [pid 7278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7278] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7278] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7259] <... futex resumed>) = 0 [ 241.561014][ T7268] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 241.561030][ T7268] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 241.561045][ T7268] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 241.561060][ T7268] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 241.561074][ T7268] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 241.561095][ T7268] [pid 7278] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7277] <... openat resumed>) = 4 [pid 7260] <... ioctl resumed>) = 0 [pid 7277] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7277] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7260] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] <... mount resumed>) = -1 EEXIST (File exists) [pid 7260] <... futex resumed>) = 0 [pid 7268] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7260] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7268] ioctl(3, LOOP_CLR_FD [pid 7259] exit_group(0 [pid 7278] <... futex resumed>) = ? [pid 7277] <... futex resumed>) = ? [pid 7268] <... ioctl resumed>) = 0 [pid 7260] <... futex resumed>) = ? [pid 7259] <... exit_group resumed>) = ? [pid 7278] +++ exited with 0 +++ [pid 7277] +++ exited with 0 +++ [pid 7268] close(3 [pid 7260] +++ exited with 0 +++ [pid 7259] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7259, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=79 /* 0.79 s */} --- [pid 5867] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./71/file0") = 0 [pid 5867] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./71/binderfs") = 0 [pid 5867] umount2("./71/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./71/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./71/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./71") = 0 [pid 5867] mkdir("./72", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 241.561162][ T7268] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 241.879538][ T7268] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7279 attached , child_tidptr=0x55558d547750) = 7279 [pid 7279] set_robust_list(0x55558d547760, 24) = 0 [pid 7279] chdir("./72") = 0 [pid 7279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7279] setpgid(0, 0) = 0 [pid 7279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7279] write(3, "1000", 4) = 4 [pid 7279] close(3executing program ) = 0 [pid 7279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7279] write(1, "executing program\n", 18) = 18 [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7279] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7279] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7280 attached => {parent_tid=[7280]}, 88) = 7280 [pid 7280] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7279] rt_sigprocmask(SIG_SETMASK, [], [pid 7280] <... rseq resumed>) = 0 [pid 7279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7280] set_robust_list(0x7fb4715169a0, 24 [pid 7279] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] <... set_robust_list resumed>) = 0 [pid 7279] <... futex resumed>) = 0 [pid 7280] rt_sigprocmask(SIG_SETMASK, [], [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7280] memfd_create("syzkaller", 0) = 3 [pid 7280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7268] <... close resumed>) = 0 [pid 7268] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7267] <... futex resumed>) = 0 [pid 7268] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7267] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7267] <... futex resumed>) = 0 [pid 7268] openat(AT_FDCWD, ".", O_RDONLY [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7268] <... openat resumed>) = 3 [pid 7268] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] <... futex resumed>) = 0 [pid 7268] <... futex resumed>) = 1 [pid 7267] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7267] <... futex resumed>) = 0 [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7268] <... ioctl resumed>) = 0 [pid 7268] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7267] <... futex resumed>) = 0 [pid 7268] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7267] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7267] <... futex resumed>) = 0 [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7268] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7268] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7267] <... futex resumed>) = 0 [pid 7268] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7267] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7267] <... futex resumed>) = 0 [pid 7268] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7267] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7274] <... write resumed>) = 16777216 [pid 7280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7274] munmap(0x7fb469000000, 138412032 [pid 7267] exit_group(0) = ? [pid 7268] <... write resumed>) = ? [pid 7268] +++ exited with 0 +++ [pid 7267] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7267, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=83 /* 0.83 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7274] <... munmap resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7274] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... openat resumed>) = 3 [pid 7274] <... openat resumed>) = 4 [pid 7274] ioctl(4, LOOP_SET_FD, 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7276] <... write resumed>) = 16777216 [pid 7274] <... ioctl resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7276] munmap(0x7fb469000000, 138412032 [pid 5869] close(4) = 0 [pid 5869] rmdir("./69/file0") = 0 [pid 5869] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./69/binderfs") = 0 [pid 5869] umount2("./69/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./69/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5222336, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./69/cpuset.effective_mems" [pid 7274] close(3) = 0 [pid 7274] close(4) = 0 [pid 7274] mkdir("./file0", 0777) = 0 [ 242.326630][ T7274] loop3: detected capacity change from 0 to 32768 [ 242.377249][ T7274] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 242.384776][ T7274] CPU: 0 UID: 0 PID: 7274 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 242.384806][ T7274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 242.384821][ T7274] Call Trace: [ 242.384829][ T7274] [ 242.384838][ T7274] dump_stack_lvl+0x189/0x250 [ 242.384871][ T7274] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.384896][ T7274] ? __pfx__printk+0x10/0x10 [ 242.384923][ T7274] ? kernfs_root+0x1c/0x230 [ 242.384955][ T7274] ? kernfs_path_from_node+0x250/0x290 [ 242.384978][ T7274] ? kernfs_path_from_node+0x2f/0x290 [ 242.385003][ T7274] sysfs_create_dir_ns+0x259/0x280 [ 242.385027][ T7274] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 242.385050][ T7274] ? do_raw_spin_unlock+0x122/0x240 [ 242.385078][ T7274] kobject_add_internal+0x59f/0xb40 [ 242.385106][ T7274] kobject_init_and_add+0x125/0x190 [ 242.385134][ T7274] ? __pfx_kobject_init_and_add+0x10/0x10 [ 242.385157][ T7274] ? __raw_spin_lock_init+0x45/0x100 [ 242.385181][ T7274] ? __init_swait_queue_head+0xa9/0x150 [ 242.385206][ T7274] gfs2_sys_fs_add+0x234/0x450 [ 242.385229][ T7274] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 242.385253][ T7274] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 242.385287][ T7274] gfs2_fill_super+0x13c0/0x20d0 [ 242.385320][ T7274] ? __pfx_gfs2_fill_super+0x10/0x10 [ 242.385348][ T7274] ? sb_set_blocksize+0x104/0x180 [ 242.385378][ T7274] ? setup_bdev_super+0x4c1/0x5b0 [ 242.385407][ T7274] get_tree_bdev_flags+0x40b/0x4d0 [ 242.385436][ T7274] ? __pfx_gfs2_fill_super+0x10/0x10 [ 242.385462][ T7274] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 242.385495][ T7274] gfs2_get_tree+0x51/0x1e0 [ 242.385523][ T7274] vfs_get_tree+0x8f/0x2b0 [ 242.385552][ T7274] do_new_mount+0x2a2/0xa30 [ 242.385584][ T7274] ? ns_capable+0x8a/0xf0 [ 242.385603][ T7274] ? __pfx_do_new_mount+0x10/0x10 [ 242.385633][ T7274] ? path_mount+0x61c/0xfe0 [ 242.385660][ T7274] ? user_path_at+0x44/0x60 [ 242.385688][ T7274] __se_sys_mount+0x317/0x410 [ 242.385721][ T7274] ? __pfx___se_sys_mount+0x10/0x10 [ 242.385752][ T7274] ? rcu_is_watching+0x15/0xb0 [ 242.385775][ T7274] ? __x64_sys_mount+0x20/0xc0 [ 242.385806][ T7274] do_syscall_64+0xfa/0x3b0 [ 242.385829][ T7274] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.385849][ T7274] ? clear_bhb_loop+0x60/0xb0 [ 242.385872][ T7274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.385893][ T7274] RIP: 0033:0x7fb47156b94a [ 242.385911][ T7274] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 242.385929][ T7274] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 242.385960][ T7274] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 242.385976][ T7274] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 242.385991][ T7274] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 242.386007][ T7274] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7274] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7276] <... munmap resumed>) = 0 [pid 7276] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 242.386021][ T7274] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 242.386044][ T7274] [ 242.703150][ T7274] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 242.719197][ T7276] loop1: detected capacity change from 0 to 32768 [pid 7276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7276] close(3) = 0 [pid 7276] close(4) = 0 [pid 7276] mkdir("./file0", 0777) = 0 [pid 7276] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7280] <... write resumed>) = 16777216 [pid 5869] <... unlink resumed>) = 0 [pid 7274] <... mount resumed>) = -1 EEXIST (File exists) [pid 7274] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7274] ioctl(3, LOOP_CLR_FD) = 0 [pid 7274] close(3 [pid 7280] munmap(0x7fb469000000, 138412032 [ 242.726015][ T7274] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 242.739557][ T7276] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 242.752036][ T7276] CPU: 1 UID: 0 PID: 7276 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 242.752070][ T7276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 242.752084][ T7276] Call Trace: [pid 5869] getdents64(3, [pid 7280] <... munmap resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7280] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] close(3 [pid 7280] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [ 242.752093][ T7276] [ 242.752102][ T7276] dump_stack_lvl+0x189/0x250 [ 242.752134][ T7276] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.752159][ T7276] ? __pfx__printk+0x10/0x10 [ 242.752186][ T7276] ? kernfs_root+0x1c/0x230 [ 242.752212][ T7276] ? kernfs_path_from_node+0x250/0x290 [ 242.752235][ T7276] ? kernfs_path_from_node+0x2f/0x290 [ 242.752261][ T7276] sysfs_create_dir_ns+0x259/0x280 [ 242.752284][ T7276] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 242.752307][ T7276] ? do_raw_spin_unlock+0x122/0x240 [ 242.752335][ T7276] kobject_add_internal+0x59f/0xb40 [ 242.752363][ T7276] kobject_init_and_add+0x125/0x190 [ 242.752388][ T7276] ? __pfx_kobject_init_and_add+0x10/0x10 [ 242.752412][ T7276] ? __raw_spin_lock_init+0x45/0x100 [ 242.752438][ T7276] ? __init_swait_queue_head+0xa9/0x150 [ 242.752464][ T7276] gfs2_sys_fs_add+0x234/0x450 [ 242.752486][ T7276] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 242.752511][ T7276] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 242.752545][ T7276] gfs2_fill_super+0x13c0/0x20d0 [pid 7280] ioctl(4, LOOP_SET_FD, 3 [ 242.752579][ T7276] ? __pfx_gfs2_fill_super+0x10/0x10 [ 242.752608][ T7276] ? sb_set_blocksize+0x104/0x180 [ 242.752638][ T7276] ? setup_bdev_super+0x4c1/0x5b0 [ 242.752676][ T7276] get_tree_bdev_flags+0x40b/0x4d0 [ 242.752705][ T7276] ? __pfx_gfs2_fill_super+0x10/0x10 [ 242.752732][ T7276] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 242.752766][ T7276] gfs2_get_tree+0x51/0x1e0 [ 242.752794][ T7276] vfs_get_tree+0x8f/0x2b0 [ 242.752823][ T7276] do_new_mount+0x2a2/0xa30 [ 242.752855][ T7276] ? ns_capable+0x8a/0xf0 [ 242.752874][ T7276] ? __pfx_do_new_mount+0x10/0x10 [ 242.752903][ T7276] ? path_mount+0x61c/0xfe0 [ 242.752931][ T7276] ? user_path_at+0x44/0x60 [ 242.752959][ T7276] __se_sys_mount+0x317/0x410 [ 242.752993][ T7276] ? __pfx___se_sys_mount+0x10/0x10 [ 242.753023][ T7276] ? rcu_is_watching+0x15/0xb0 [ 242.753047][ T7276] ? __x64_sys_mount+0x20/0xc0 [ 242.753079][ T7276] do_syscall_64+0xfa/0x3b0 [ 242.753101][ T7276] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.753122][ T7276] ? clear_bhb_loop+0x60/0xb0 [ 242.753144][ T7276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.753165][ T7276] RIP: 0033:0x7fb47156b94a [ 242.753183][ T7276] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 242.753201][ T7276] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 242.753225][ T7276] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 242.753240][ T7276] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 242.753255][ T7276] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 242.753270][ T7276] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 242.753284][ T7276] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 242.753305][ T7276] [ 242.753533][ T7276] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 242.800264][ T7280] loop0: detected capacity change from 0 to 32768 [pid 5869] rmdir("./69" [pid 7280] <... ioctl resumed>) = 0 [pid 7274] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7280] close(3 [pid 7274] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] mkdir("./70", 0777 [pid 7280] <... close resumed>) = 0 [pid 7274] <... futex resumed>) = 1 [pid 7271] <... futex resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7280] close(4 [pid 7274] openat(AT_FDCWD, ".", O_RDONLY [pid 7271] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7280] <... close resumed>) = 0 [pid 7274] <... openat resumed>) = 3 [pid 7271] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7280] mkdir("./file0", 0777 [pid 7274] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7280] <... mkdir resumed>) = 0 [pid 7274] <... futex resumed>) = 1 [pid 7271] <... futex resumed>) = 0 [pid 5869] close(3 [pid 7271] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7271] <... futex resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7274] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7285 ./strace-static-x86_64: Process 7285 attached [pid 7274] <... ioctl resumed>) = 0 [pid 7274] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7271] <... futex resumed>) = 0 [pid 7285] set_robust_list(0x55558d547760, 24 [pid 7274] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7271] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7271] <... futex resumed>) = 0 [pid 7274] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7285] <... set_robust_list resumed>) = 0 [pid 7274] <... openat resumed>) = 4 [pid 7285] chdir("./70") = 0 [pid 7285] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 7274] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] setpgid(0, 0) = 0 [pid 7285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7285] write(3, "1000", 4) = 4 [pid 7285] close(3) = 0 [pid 7285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7285] write(1, "executing program\n", 18) = 18 [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7274] <... futex resumed>) = 1 [pid 7271] <... futex resumed>) = 0 [pid 7285] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7274] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7271] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7271] <... futex resumed>) = 0 [pid 7285] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7271] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7288 attached [pid 7285] <... clone3 resumed> => {parent_tid=[7288]}, 88) = 7288 [pid 7288] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7285] rt_sigprocmask(SIG_SETMASK, [], [pid 7288] <... rseq resumed>) = 0 [pid 7285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7288] set_robust_list(0x7fb4715169a0, 24 [pid 7285] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... set_robust_list resumed>) = 0 [pid 7285] <... futex resumed>) = 0 [pid 7288] rt_sigprocmask(SIG_SETMASK, [], [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7288] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 242.909975][ T7276] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7288] memfd_create("syzkaller", 0) = 3 [ 243.123953][ T7280] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 243.133429][ T7280] CPU: 0 UID: 0 PID: 7280 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 243.133460][ T7280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 243.133473][ T7280] Call Trace: [ 243.133482][ T7280] [ 243.133492][ T7280] dump_stack_lvl+0x189/0x250 [ 243.133524][ T7280] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 7288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7276] <... mount resumed>) = -1 EEXIST (File exists) [pid 7276] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7276] ioctl(3, LOOP_CLR_FD) = 0 [ 243.133558][ T7280] ? __pfx__printk+0x10/0x10 [ 243.133590][ T7280] ? kernfs_path_from_node+0x250/0x290 [ 243.133613][ T7280] ? kernfs_path_from_node+0x2f/0x290 [ 243.133638][ T7280] sysfs_create_dir_ns+0x259/0x280 [ 243.133660][ T7280] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 243.133682][ T7280] ? do_raw_spin_unlock+0x122/0x240 [ 243.133710][ T7280] kobject_add_internal+0x59f/0xb40 [ 243.133739][ T7280] kobject_init_and_add+0x125/0x190 [ 243.133764][ T7280] ? __pfx_kobject_init_and_add+0x10/0x10 [ 243.133788][ T7280] ? __raw_spin_lock_init+0x45/0x100 [ 243.133813][ T7280] ? __init_swait_queue_head+0xa9/0x150 [ 243.133840][ T7280] gfs2_sys_fs_add+0x234/0x450 [ 243.133860][ T7280] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 243.133883][ T7280] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 243.133916][ T7280] gfs2_fill_super+0x13c0/0x20d0 [ 243.133950][ T7280] ? __pfx_gfs2_fill_super+0x10/0x10 [ 243.133979][ T7280] ? sb_set_blocksize+0x104/0x180 [ 243.134010][ T7280] ? setup_bdev_super+0x4c1/0x5b0 [ 243.134039][ T7280] get_tree_bdev_flags+0x40b/0x4d0 [pid 7276] close(3 [pid 7288] <... mmap resumed>) = 0x7fb469000000 [pid 7271] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 243.134067][ T7280] ? __pfx_gfs2_fill_super+0x10/0x10 [ 243.134092][ T7280] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 243.134124][ T7280] gfs2_get_tree+0x51/0x1e0 [ 243.134151][ T7280] vfs_get_tree+0x8f/0x2b0 [ 243.134180][ T7280] do_new_mount+0x2a2/0xa30 [ 243.134212][ T7280] ? ns_capable+0x8a/0xf0 [ 243.134231][ T7280] ? __pfx_do_new_mount+0x10/0x10 [ 243.134260][ T7280] ? path_mount+0x61c/0xfe0 [ 243.134295][ T7280] ? user_path_at+0x44/0x60 [ 243.134322][ T7280] __se_sys_mount+0x317/0x410 [ 243.134355][ T7280] ? __pfx___se_sys_mount+0x10/0x10 [ 243.134385][ T7280] ? rcu_is_watching+0x15/0xb0 [ 243.134408][ T7280] ? __x64_sys_mount+0x20/0xc0 [ 243.134440][ T7280] do_syscall_64+0xfa/0x3b0 [ 243.134462][ T7280] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.134482][ T7280] ? clear_bhb_loop+0x60/0xb0 [ 243.134504][ T7280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.134523][ T7280] RIP: 0033:0x7fb47156b94a [ 243.134540][ T7280] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 243.134563][ T7280] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 243.134586][ T7280] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 243.134601][ T7280] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 243.134616][ T7280] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 243.134629][ T7280] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7271] exit_group(0) = ? [pid 7274] <... write resumed>) = ? [pid 7274] +++ exited with 0 +++ [pid 7271] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7271, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=40 /* 0.40 s */} --- [ 243.134643][ T7280] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 243.134664][ T7280] [ 243.134685][ T7280] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7276] <... close resumed>) = 0 [pid 5870] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./71/file0") = 0 [pid 5870] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./71/binderfs") = 0 [pid 5870] umount2("./71/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./71/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3579904, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./71/cpuset.effective_mems" [pid 7276] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7275] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] <... mount resumed>) = -1 EEXIST (File exists) [pid 7276] openat(AT_FDCWD, ".", O_RDONLY [pid 7280] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7276] <... openat resumed>) = 3 [pid 7280] <... openat resumed>) = 3 [pid 7276] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] ioctl(3, LOOP_CLR_FD [pid 7276] <... futex resumed>) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7280] <... ioctl resumed>) = 0 [pid 7276] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7275] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] close(3 [pid 7276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7275] <... futex resumed>) = 0 [pid 7276] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7276] <... ioctl resumed>) = 0 [pid 7276] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7276] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7275] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] <... futex resumed>) = 0 [pid 7275] <... futex resumed>) = 1 [pid 7276] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7276] <... openat resumed>) = 4 [pid 7276] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7276] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7275] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] <... futex resumed>) = 0 [pid 7275] <... futex resumed>) = 1 [pid 7275] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 243.476035][ T7280] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7276] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./71") = 0 [pid 5870] mkdir("./72", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7289 attached [pid 7275] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7289 [pid 7289] set_robust_list(0x55558d547760, 24) = 0 [pid 7289] chdir("./72") = 0 [pid 7289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7289] setpgid(0, 0) = 0 [pid 7289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7289] write(3, "1000", 4) = 4 [pid 7289] close(3) = 0 [pid 7289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7289] write(1, "executing program\n", 18executing program ) = 18 [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7289] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7290 attached => {parent_tid=[7290]}, 88) = 7290 [pid 7290] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7289] rt_sigprocmask(SIG_SETMASK, [], [pid 7290] <... rseq resumed>) = 0 [pid 7289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7290] set_robust_list(0x7fb4715169a0, 24 [pid 7289] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] <... set_robust_list resumed>) = 0 [pid 7289] <... futex resumed>) = 0 [pid 7290] rt_sigprocmask(SIG_SETMASK, [], [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7290] memfd_create("syzkaller", 0) = 3 [pid 7290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7280] <... close resumed>) = 0 [pid 7280] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] <... futex resumed>) = 0 [pid 7280] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7279] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7279] <... futex resumed>) = 0 [pid 7280] openat(AT_FDCWD, ".", O_RDONLY [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] <... openat resumed>) = 3 [pid 7280] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] <... futex resumed>) = 0 [pid 7280] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7279] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7279] <... futex resumed>) = 0 [pid 7280] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] <... ioctl resumed>) = 0 [pid 7280] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] <... futex resumed>) = 0 [pid 7280] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7279] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7280] <... openat resumed>) = 4 [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7280] <... futex resumed>) = 0 [pid 7279] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7279] <... futex resumed>) = 0 [pid 7279] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7275] exit_group(0) = ? [pid 7276] <... write resumed>) = ? [pid 7276] +++ exited with 0 +++ [pid 7275] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7275, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=66 /* 0.66 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7279] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5868] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./73/file0") = 0 [pid 5868] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./73/binderfs") = 0 [pid 5868] umount2("./73/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./73/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4902912, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./73/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./73") = 0 [pid 5868] mkdir("./74", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7291 attached , child_tidptr=0x55558d547750) = 7291 [pid 7291] set_robust_list(0x55558d547760, 24) = 0 [pid 7291] chdir("./74") = 0 [pid 7291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7291] setpgid(0, 0) = 0 [pid 7291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7291] write(3, "1000", 4) = 4 [pid 7291] close(3 [pid 7288] <... write resumed>) = 16777216 [pid 7288] munmap(0x7fb469000000, 138412032 [pid 7291] <... close resumed>) = 0 [pid 7291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7291] write(1, "executing program\n", 18) = 18 [pid 7291] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7291] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7292 attached [pid 7292] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7291] <... clone3 resumed> => {parent_tid=[7292]}, 88) = 7292 [pid 7292] <... rseq resumed>) = 0 [pid 7291] rt_sigprocmask(SIG_SETMASK, [], [pid 7292] set_robust_list(0x7fb4715169a0, 24 [pid 7291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7292] <... set_robust_list resumed>) = 0 [pid 7291] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] rt_sigprocmask(SIG_SETMASK, [], [pid 7291] <... futex resumed>) = 0 [pid 7292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7291] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7292] memfd_create("syzkaller", 0) = 3 [pid 7292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7279] exit_group(0 [pid 7280] <... write resumed>) = ? [pid 7279] <... exit_group resumed>) = ? [pid 7288] <... munmap resumed>) = 0 [pid 7280] +++ exited with 0 +++ [pid 7279] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7279, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=84 /* 0.84 s */} --- [pid 7288] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5867] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7288] <... openat resumed>) = 4 [pid 5867] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7288] ioctl(4, LOOP_SET_FD, 3 [pid 5867] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./72/file0") = 0 [pid 5867] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./72/binderfs") = 0 [pid 7290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5867] umount2("./72/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./72/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5537792, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./72/cpuset.effective_mems" [pid 7288] <... ioctl resumed>) = 0 [pid 7288] close(3) = 0 [pid 7288] close(4) = 0 [pid 7288] mkdir("./file0", 0777) = 0 [ 243.951788][ T7288] loop2: detected capacity change from 0 to 32768 [ 243.991566][ T7288] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 244.038277][ T7288] CPU: 1 UID: 0 PID: 7288 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 244.038311][ T7288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.038325][ T7288] Call Trace: [ 244.038333][ T7288] [ 244.038342][ T7288] dump_stack_lvl+0x189/0x250 [ 244.038373][ T7288] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.038397][ T7288] ? __pfx__printk+0x10/0x10 [ 244.038424][ T7288] ? kernfs_root+0x1c/0x230 [ 244.038449][ T7288] ? kernfs_path_from_node+0x250/0x290 [ 244.038471][ T7288] ? kernfs_path_from_node+0x2f/0x290 [ 244.038501][ T7288] sysfs_create_dir_ns+0x259/0x280 [ 244.038523][ T7288] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 244.038546][ T7288] ? do_raw_spin_unlock+0x122/0x240 [ 244.038573][ T7288] kobject_add_internal+0x59f/0xb40 [ 244.038601][ T7288] kobject_init_and_add+0x125/0x190 [ 244.038625][ T7288] ? __pfx_kobject_init_and_add+0x10/0x10 [ 244.038648][ T7288] ? __raw_spin_lock_init+0x45/0x100 [ 244.038672][ T7288] ? __init_swait_queue_head+0xa9/0x150 [ 244.038698][ T7288] gfs2_sys_fs_add+0x234/0x450 [ 244.038719][ T7288] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 244.038752][ T7288] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 244.038785][ T7288] gfs2_fill_super+0x13c0/0x20d0 [ 244.038818][ T7288] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.038845][ T7288] ? sb_set_blocksize+0x104/0x180 [ 244.038874][ T7288] ? setup_bdev_super+0x4c1/0x5b0 [ 244.038903][ T7288] get_tree_bdev_flags+0x40b/0x4d0 [ 244.038931][ T7288] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.038956][ T7288] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 244.038988][ T7288] gfs2_get_tree+0x51/0x1e0 [ 244.039014][ T7288] vfs_get_tree+0x8f/0x2b0 [ 244.039041][ T7288] do_new_mount+0x2a2/0xa30 [ 244.039072][ T7288] ? ns_capable+0x8a/0xf0 [ 244.039091][ T7288] ? __pfx_do_new_mount+0x10/0x10 [ 244.039119][ T7288] ? path_mount+0x61c/0xfe0 [ 244.039146][ T7288] ? user_path_at+0x44/0x60 [ 244.039172][ T7288] __se_sys_mount+0x317/0x410 [ 244.039204][ T7288] ? __pfx___se_sys_mount+0x10/0x10 [ 244.039232][ T7288] ? rcu_is_watching+0x15/0xb0 [ 244.039255][ T7288] ? __x64_sys_mount+0x20/0xc0 [ 244.039284][ T7288] do_syscall_64+0xfa/0x3b0 [ 244.039305][ T7288] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.039325][ T7288] ? clear_bhb_loop+0x60/0xb0 [ 244.039347][ T7288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.039367][ T7288] RIP: 0033:0x7fb47156b94a [ 244.039384][ T7288] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 244.039401][ T7288] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 244.039424][ T7288] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 244.039439][ T7288] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 244.039455][ T7288] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 244.039469][ T7288] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 244.039483][ T7288] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7288] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade,"executing program [pid 7292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./72") = 0 [pid 5867] mkdir("./73", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7295 attached , child_tidptr=0x55558d547750) = 7295 [pid 7295] set_robust_list(0x55558d547760, 24) = 0 [pid 7295] chdir("./73") = 0 [pid 7295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7295] setpgid(0, 0) = 0 [pid 7295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7295] write(3, "1000", 4) = 4 [pid 7295] close(3) = 0 [pid 7295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7295] write(1, "executing program\n", 18) = 18 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7295] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7296]}, 88) = 7296 [pid 7295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7295] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7296 attached [pid 7296] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7296] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7296] memfd_create("syzkaller", 0) = 3 [pid 7296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7288] <... mount resumed>) = -1 EEXIST (File exists) [pid 7288] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7288] ioctl(3, LOOP_CLR_FD) = 0 [ 244.039505][ T7288] [ 244.040134][ T7288] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 244.359460][ T7288] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7288] close(3) = 0 [pid 7288] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... futex resumed>) = 0 [pid 7288] <... futex resumed>) = 1 [pid 7285] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] <... write resumed>) = 16777216 [pid 7288] openat(AT_FDCWD, ".", O_RDONLY [pid 7285] <... futex resumed>) = 0 [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] <... openat resumed>) = 3 [pid 7288] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] munmap(0x7fb469000000, 138412032 [pid 7288] <... futex resumed>) = 1 [pid 7285] <... futex resumed>) = 0 [pid 7285] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 7288] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7285] <... futex resumed>) = 0 [pid 7288] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7285] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7285] <... futex resumed>) = 0 [pid 7288] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] <... openat resumed>) = 4 [pid 7288] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7285] <... futex resumed>) = 0 [pid 7288] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7285] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7285] <... futex resumed>) = 0 [pid 7288] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7285] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... write resumed>) = 16777216 [pid 7290] munmap(0x7fb469000000, 138412032 [pid 7292] <... munmap resumed>) = 0 [pid 7292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7292] ioctl(4, LOOP_SET_FD, 3 [pid 7285] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7292] <... ioctl resumed>) = 0 [pid 7292] close(3) = 0 [pid 7292] close(4) = 0 [pid 7292] mkdir("./file0", 0777) = 0 [ 244.537345][ T7292] loop1: detected capacity change from 0 to 32768 [pid 7292] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7290] <... munmap resumed>) = 0 [pid 7290] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7290] close(3) = 0 [pid 7290] close(4) = 0 [pid 7290] mkdir("./file0", 0777) = 0 [ 244.586412][ T7292] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 244.597911][ T7290] loop3: detected capacity change from 0 to 32768 [ 244.609726][ T7292] CPU: 1 UID: 0 PID: 7292 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 244.609759][ T7292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.609773][ T7292] Call Trace: [ 244.609781][ T7292] [ 244.609790][ T7292] dump_stack_lvl+0x189/0x250 [ 244.609820][ T7292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.609844][ T7292] ? __pfx__printk+0x10/0x10 [ 244.609869][ T7292] ? kernfs_root+0x1c/0x230 [ 244.609894][ T7292] ? kernfs_path_from_node+0x250/0x290 [ 244.609916][ T7292] ? kernfs_path_from_node+0x2f/0x290 [ 244.609940][ T7292] sysfs_create_dir_ns+0x259/0x280 [ 244.609962][ T7292] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 244.609984][ T7292] ? do_raw_spin_unlock+0x122/0x240 [ 244.610011][ T7292] kobject_add_internal+0x59f/0xb40 [ 244.610039][ T7292] kobject_init_and_add+0x125/0x190 [ 244.610063][ T7292] ? __pfx_kobject_init_and_add+0x10/0x10 [ 244.610086][ T7292] ? __raw_spin_lock_init+0x45/0x100 [ 244.610111][ T7292] ? __init_swait_queue_head+0xa9/0x150 [ 244.610137][ T7292] gfs2_sys_fs_add+0x234/0x450 [ 244.610160][ T7292] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 244.610185][ T7292] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 244.610219][ T7292] gfs2_fill_super+0x13c0/0x20d0 [ 244.610254][ T7292] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.610282][ T7292] ? sb_set_blocksize+0x104/0x180 [ 244.610312][ T7292] ? setup_bdev_super+0x4c1/0x5b0 [ 244.610341][ T7292] get_tree_bdev_flags+0x40b/0x4d0 [ 244.610369][ T7292] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.610395][ T7292] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 244.610429][ T7292] gfs2_get_tree+0x51/0x1e0 [ 244.610456][ T7292] vfs_get_tree+0x8f/0x2b0 [ 244.610484][ T7292] do_new_mount+0x2a2/0xa30 [ 244.610515][ T7292] ? ns_capable+0x8a/0xf0 [pid 7290] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7292] <... mount resumed>) = -1 EEXIST (File exists) [pid 7292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 244.610533][ T7292] ? __pfx_do_new_mount+0x10/0x10 [ 244.610561][ T7292] ? path_mount+0x61c/0xfe0 [ 244.610587][ T7292] ? user_path_at+0x44/0x60 [ 244.610614][ T7292] __se_sys_mount+0x317/0x410 [ 244.610646][ T7292] ? __pfx___se_sys_mount+0x10/0x10 [ 244.610682][ T7292] ? rcu_is_watching+0x15/0xb0 [ 244.610705][ T7292] ? __x64_sys_mount+0x20/0xc0 [ 244.610735][ T7292] do_syscall_64+0xfa/0x3b0 [ 244.610756][ T7292] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.610776][ T7292] ? clear_bhb_loop+0x60/0xb0 [pid 7292] ioctl(3, LOOP_CLR_FD) = 0 [pid 7292] close(3) = 0 [pid 7292] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 244.610797][ T7292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.610817][ T7292] RIP: 0033:0x7fb47156b94a [ 244.610834][ T7292] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 244.610853][ T7292] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 244.610877][ T7292] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 244.610892][ T7292] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 244.610907][ T7292] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 244.610922][ T7292] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 244.610935][ T7292] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 244.610957][ T7292] [ 244.610977][ T7292] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 244.661404][ T7290] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7292] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7291] <... futex resumed>) = 0 [pid 7291] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] <... futex resumed>) = 0 [pid 7291] <... futex resumed>) = 1 [pid 7292] openat(AT_FDCWD, ".", O_RDONLY [pid 7291] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7292] <... openat resumed>) = 3 [pid 7292] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7291] <... futex resumed>) = 0 [pid 7292] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7291] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 244.724882][ T7292] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 244.756520][ T7290] CPU: 0 UID: 0 PID: 7290 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 244.756556][ T7290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.756573][ T7290] Call Trace: [ 244.756583][ T7290] [ 244.756593][ T7290] dump_stack_lvl+0x189/0x250 [ 244.756630][ T7290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.756658][ T7290] ? __pfx__printk+0x10/0x10 [pid 7291] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7291] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7291] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7301]}, 88) = 7301 [pid 7291] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7301 attached NULL, 8) = 0 [pid 7301] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7291] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7301] <... rseq resumed>) = 0 [pid 7291] <... futex resumed>) = 0 [pid 7301] set_robust_list(0x7fb4714f59a0, 24 [ 244.756690][ T7290] ? kernfs_root+0x1c/0x230 [ 244.756716][ T7290] ? kernfs_path_from_node+0x250/0x290 [ 244.756742][ T7290] ? kernfs_path_from_node+0x2f/0x290 [ 244.756770][ T7290] sysfs_create_dir_ns+0x259/0x280 [ 244.756797][ T7290] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 244.756822][ T7290] ? do_raw_spin_unlock+0x122/0x240 [ 244.756854][ T7290] kobject_add_internal+0x59f/0xb40 [ 244.756887][ T7290] kobject_init_and_add+0x125/0x190 [ 244.756916][ T7290] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 7291] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7301] <... set_robust_list resumed>) = 0 [pid 7301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 244.756943][ T7290] ? __raw_spin_lock_init+0x45/0x100 [ 244.756972][ T7290] ? __init_swait_queue_head+0xa9/0x150 [ 244.757002][ T7290] gfs2_sys_fs_add+0x234/0x450 [ 244.757025][ T7290] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 244.757052][ T7290] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 244.757092][ T7290] gfs2_fill_super+0x13c0/0x20d0 [ 244.757130][ T7290] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.757163][ T7290] ? sb_set_blocksize+0x104/0x180 [ 244.757196][ T7290] ? setup_bdev_super+0x4c1/0x5b0 [ 244.757231][ T7290] get_tree_bdev_flags+0x40b/0x4d0 [pid 7301] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7291] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7291] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7291] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7302]}, 88) = 7302 [pid 7291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7291] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7302 attached [pid 7302] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7285] exit_group(0 [pid 7302] set_robust_list(0x7fb4714d49a0, 24 [pid 7285] <... exit_group resumed>) = ? [pid 7302] <... set_robust_list resumed>) = 0 [pid 7302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7302] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7302] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7291] <... futex resumed>) = 0 [pid 7302] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7288] <... write resumed>) = ? [ 244.757263][ T7290] ? __pfx_gfs2_fill_super+0x10/0x10 [ 244.757293][ T7290] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 244.757330][ T7290] gfs2_get_tree+0x51/0x1e0 [ 244.757362][ T7290] vfs_get_tree+0x8f/0x2b0 [ 244.757395][ T7290] do_new_mount+0x2a2/0xa30 [ 244.757431][ T7290] ? ns_capable+0x8a/0xf0 [ 244.757452][ T7290] ? __pfx_do_new_mount+0x10/0x10 [ 244.757492][ T7290] ? path_mount+0x61c/0xfe0 [ 244.757525][ T7290] ? user_path_at+0x44/0x60 [ 244.757561][ T7290] __se_sys_mount+0x317/0x410 [pid 7288] +++ exited with 0 +++ [pid 7285] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7285, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=84 /* 0.84 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./70/file0") = 0 [pid 5869] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./70/binderfs") = 0 [pid 5869] umount2("./70/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./70/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10723328, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 244.757598][ T7290] ? __pfx___se_sys_mount+0x10/0x10 [ 244.757632][ T7290] ? rcu_is_watching+0x15/0xb0 [ 244.757657][ T7290] ? __x64_sys_mount+0x20/0xc0 [ 244.757703][ T7290] do_syscall_64+0xfa/0x3b0 [ 244.757726][ T7290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.757748][ T7290] ? clear_bhb_loop+0x60/0xb0 [ 244.757773][ T7290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.757796][ T7290] RIP: 0033:0x7fb47156b94a [ 244.757816][ T7290] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 244.757837][ T7290] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 244.757862][ T7290] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 244.757880][ T7290] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 244.757898][ T7290] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 244.757915][ T7290] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 244.757931][ T7290] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 244.757954][ T7290] [ 244.758149][ T7290] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5869] unlink("./70/cpuset.effective_mems" [pid 7292] <... ioctl resumed>) = 0 [pid 7301] <... openat resumed>) = 4 [pid 7292] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7292] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7301] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7301] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7291] exit_group(0 [pid 7302] <... futex resumed>) = ? [pid 7301] <... futex resumed>) = ? [pid 7292] <... futex resumed>) = ? [pid 7291] <... exit_group resumed>) = ? [pid 7302] +++ exited with 0 +++ [pid 7301] +++ exited with 0 +++ [pid 7292] +++ exited with 0 +++ [pid 7291] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7291, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5868] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7290] <... mount resumed>) = -1 EEXIST (File exists) [pid 5868] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7290] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./74/file0", [pid 7290] <... openat resumed>) = 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7296] <... write resumed>) = 16777216 [pid 7290] ioctl(3, LOOP_CLR_FD [pid 5868] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7296] munmap(0x7fb469000000, 138412032 [pid 7290] <... ioctl resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7290] close(3 [pid 5868] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./74/file0") = 0 [pid 5868] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./74/binderfs") = 0 [pid 5868] umount2("./74/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./74/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./74/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./74") = 0 [pid 5868] mkdir("./75", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7303 attached , child_tidptr=0x55558d547750) = 7303 [pid 7303] set_robust_list(0x55558d547760, 24) = 0 [pid 7303] chdir("./75") = 0 [pid 7303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 245.339673][ T7290] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7303] setpgid(0, 0) = 0 [pid 7303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7303] write(3, "1000", 4) = 4 [pid 7303] close(3) = 0 [pid 7303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7303] write(1, "executing program\n", 18executing program ) = 18 [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7303] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7304]}, 88) = 7304 [pid 7303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7303] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7304 attached [pid 7304] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7304] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7304] memfd_create("syzkaller", 0) = 3 [pid 7304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... unlink resumed>) = 0 [pid 7304] <... mmap resumed>) = 0x7fb469000000 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./70") = 0 [pid 5869] mkdir("./71", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7305 attached [pid 7305] set_robust_list(0x55558d547760, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7305 [pid 7305] <... set_robust_list resumed>) = 0 [pid 7305] chdir("./71") = 0 [pid 7305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7305] setpgid(0, 0) = 0 [pid 7305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7305] write(3, "1000", 4) = 4 [pid 7305] close(3) = 0 [pid 7305] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7305] write(1, "executing program\n", 18) = 18 [pid 7296] <... munmap resumed>) = 0 [pid 7296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] <... openat resumed>) = 4 [pid 7296] ioctl(4, LOOP_SET_FD, 3 [pid 7305] <... futex resumed>) = 0 [pid 7305] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7305] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7306]}, 88) = 7306 [pid 7305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7305] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7306 attached [pid 7306] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7306] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7296] <... ioctl resumed>) = 0 [pid 7306] memfd_create("syzkaller", 0 [pid 7296] close(3 [pid 7306] <... memfd_create resumed>) = 3 [pid 7296] <... close resumed>) = 0 [pid 7306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7296] close(4 [pid 7306] <... mmap resumed>) = 0x7fb469000000 [pid 7296] <... close resumed>) = 0 [pid 7290] <... close resumed>) = 0 [pid 7296] mkdir("./file0", 0777) = 0 [pid 7290] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7290] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7289] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7290] openat(AT_FDCWD, ".", O_RDONLY [pid 7289] <... futex resumed>) = 0 [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... openat resumed>) = 3 [pid 7290] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7290] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7289] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 245.487001][ T7296] loop0: detected capacity change from 0 to 32768 [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... ioctl resumed>) = 0 [pid 7290] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7290] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] <... futex resumed>) = 0 [pid 7289] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] <... futex resumed>) = 0 [pid 7289] <... futex resumed>) = 1 [pid 7290] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... openat resumed>) = 4 [pid 7290] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7290] <... futex resumed>) = 0 [pid 7290] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 245.539752][ T7296] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 245.575187][ T7296] CPU: 0 UID: 0 PID: 7296 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 245.575218][ T7296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 245.575231][ T7296] Call Trace: [ 245.575238][ T7296] [ 245.575247][ T7296] dump_stack_lvl+0x189/0x250 [ 245.575279][ T7296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.575310][ T7296] ? __pfx__printk+0x10/0x10 [ 245.575335][ T7296] ? kernfs_root+0x1c/0x230 [ 245.575357][ T7296] ? kernfs_path_from_node+0x250/0x290 [ 245.575379][ T7296] ? kernfs_path_from_node+0x2f/0x290 [ 245.575401][ T7296] sysfs_create_dir_ns+0x259/0x280 [ 245.575425][ T7296] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 245.575445][ T7296] ? do_raw_spin_unlock+0x122/0x240 [ 245.575471][ T7296] kobject_add_internal+0x59f/0xb40 [ 245.575497][ T7296] kobject_init_and_add+0x125/0x190 [ 245.575523][ T7296] ? __pfx_kobject_init_and_add+0x10/0x10 [ 245.575545][ T7296] ? __raw_spin_lock_init+0x45/0x100 [ 245.575570][ T7296] ? __init_swait_queue_head+0xa9/0x150 [ 245.575596][ T7296] gfs2_sys_fs_add+0x234/0x450 [ 245.575619][ T7296] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 245.575642][ T7296] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 245.575676][ T7296] gfs2_fill_super+0x13c0/0x20d0 [ 245.575711][ T7296] ? __pfx_gfs2_fill_super+0x10/0x10 [ 245.575739][ T7296] ? sb_set_blocksize+0x104/0x180 [ 245.575774][ T7296] ? setup_bdev_super+0x4c1/0x5b0 [ 245.575802][ T7296] get_tree_bdev_flags+0x40b/0x4d0 [ 245.575830][ T7296] ? __pfx_gfs2_fill_super+0x10/0x10 [ 245.575856][ T7296] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 245.575887][ T7296] gfs2_get_tree+0x51/0x1e0 [ 245.575915][ T7296] vfs_get_tree+0x8f/0x2b0 [ 245.575942][ T7296] do_new_mount+0x2a2/0xa30 [ 245.575974][ T7296] ? ns_capable+0x8a/0xf0 [ 245.575993][ T7296] ? __pfx_do_new_mount+0x10/0x10 [ 245.576023][ T7296] ? path_mount+0x61c/0xfe0 [ 245.576050][ T7296] ? user_path_at+0x44/0x60 [ 245.576075][ T7296] __se_sys_mount+0x317/0x410 [ 245.576106][ T7296] ? __pfx___se_sys_mount+0x10/0x10 [ 245.576135][ T7296] ? rcu_is_watching+0x15/0xb0 [ 245.576157][ T7296] ? __x64_sys_mount+0x20/0xc0 [ 245.576189][ T7296] do_syscall_64+0xfa/0x3b0 [ 245.576212][ T7296] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.576233][ T7296] ? clear_bhb_loop+0x60/0xb0 [ 245.576255][ T7296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.576276][ T7296] RIP: 0033:0x7fb47156b94a [ 245.576296][ T7296] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7290] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 245.576324][ T7296] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 245.576348][ T7296] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 245.576364][ T7296] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 245.576379][ T7296] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 245.576394][ T7296] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 245.576408][ T7296] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7296] <... mount resumed>) = -1 EEXIST (File exists) [pid 7296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7296] ioctl(3, LOOP_CLR_FD) = 0 [ 245.576431][ T7296] [ 245.585522][ T7296] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 245.901663][ T7296] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7296] close(3) = 0 [pid 7296] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... write resumed>) = 16777216 [pid 7296] openat(AT_FDCWD, ".", O_RDONLY [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7296] <... openat resumed>) = 3 [pid 7296] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7304] munmap(0x7fb469000000, 138412032 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7296] <... ioctl resumed>) = 0 [pid 7296] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7296] <... openat resumed>) = 4 [pid 7296] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7296] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7289] exit_group(0) = ? [pid 7290] <... write resumed>) = ? [pid 7306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7290] +++ exited with 0 +++ [pid 7289] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7289, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=99 /* 0.99 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./72/file0") = 0 [pid 5870] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./72/binderfs") = 0 [pid 5870] umount2("./72/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./72/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=10010560, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./72/cpuset.effective_mems" [pid 7304] <... munmap resumed>) = 0 [pid 7304] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7304] close(3) = 0 [pid 7304] close(4) = 0 [pid 7304] mkdir("./file0", 0777) = 0 [ 246.189284][ T7304] loop1: detected capacity change from 0 to 32768 [ 246.221297][ T7304] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 246.237411][ T7304] CPU: 0 UID: 0 PID: 7304 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 246.237445][ T7304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 246.237459][ T7304] Call Trace: [ 246.237468][ T7304] [ 246.237478][ T7304] dump_stack_lvl+0x189/0x250 [ 246.237510][ T7304] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.237536][ T7304] ? __pfx__printk+0x10/0x10 [ 246.237563][ T7304] ? kernfs_root+0x1c/0x230 [ 246.237588][ T7304] ? kernfs_path_from_node+0x250/0x290 [ 246.237611][ T7304] ? kernfs_path_from_node+0x2f/0x290 [ 246.237636][ T7304] sysfs_create_dir_ns+0x259/0x280 [ 246.237660][ T7304] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 246.237683][ T7304] ? do_raw_spin_unlock+0x122/0x240 [ 246.237711][ T7304] kobject_add_internal+0x59f/0xb40 [ 246.237741][ T7304] kobject_init_and_add+0x125/0x190 [ 246.237767][ T7304] ? __pfx_kobject_init_and_add+0x10/0x10 [ 246.237791][ T7304] ? __raw_spin_lock_init+0x45/0x100 [ 246.237817][ T7304] ? __init_swait_queue_head+0xa9/0x150 [ 246.237843][ T7304] gfs2_sys_fs_add+0x234/0x450 [ 246.237865][ T7304] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 246.237890][ T7304] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 246.237924][ T7304] gfs2_fill_super+0x13c0/0x20d0 [ 246.237960][ T7304] ? __pfx_gfs2_fill_super+0x10/0x10 [ 246.237989][ T7304] ? sb_set_blocksize+0x104/0x180 [ 246.238020][ T7304] ? setup_bdev_super+0x4c1/0x5b0 [ 246.238049][ T7304] get_tree_bdev_flags+0x40b/0x4d0 [ 246.238077][ T7304] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7304] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7295] exit_group(0) = ? [pid 7296] <... write resumed>) = ? [pid 7296] +++ exited with 0 +++ [pid 7295] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7295, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=68 /* 0.68 s */} --- [pid 5867] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./73/file0") = 0 [pid 5867] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 246.238103][ T7304] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 246.238137][ T7304] gfs2_get_tree+0x51/0x1e0 [ 246.238165][ T7304] vfs_get_tree+0x8f/0x2b0 [ 246.238194][ T7304] do_new_mount+0x2a2/0xa30 [ 246.238226][ T7304] ? ns_capable+0x8a/0xf0 [ 246.238245][ T7304] ? __pfx_do_new_mount+0x10/0x10 [ 246.238275][ T7304] ? path_mount+0x61c/0xfe0 [ 246.238303][ T7304] ? user_path_at+0x44/0x60 [ 246.238341][ T7304] __se_sys_mount+0x317/0x410 [ 246.238375][ T7304] ? __pfx___se_sys_mount+0x10/0x10 [pid 5867] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./73/binderfs") = 0 [pid 5867] umount2("./73/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./73/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4915136, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 246.238405][ T7304] ? rcu_is_watching+0x15/0xb0 [ 246.238429][ T7304] ? __x64_sys_mount+0x20/0xc0 [ 246.238461][ T7304] do_syscall_64+0xfa/0x3b0 [ 246.238483][ T7304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.238503][ T7304] ? clear_bhb_loop+0x60/0xb0 [ 246.238526][ T7304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.238547][ T7304] RIP: 0033:0x7fb47156b94a [pid 5867] unlink("./73/cpuset.effective_mems" [pid 7306] <... write resumed>) = 16777216 [pid 7306] munmap(0x7fb469000000, 138412032 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./72") = 0 [pid 5870] mkdir("./73", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7311 attached [pid 7311] set_robust_list(0x55558d547760, 24) = 0 [pid 7311] chdir("./73") = 0 [pid 7311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7311 [pid 7311] setpgid(0, 0) = 0 [ 246.238566][ T7304] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 246.238584][ T7304] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 246.238607][ T7304] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 246.238622][ T7304] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 246.238637][ T7304] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 246.238652][ T7304] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 246.238666][ T7304] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7311] write(3, "1000", 4) = 4 [pid 7311] close(3) = 0 [pid 7311] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7311] write(1, "executing program\n", 18) = 18 [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... unlink resumed>) = 0 [pid 7311] <... futex resumed>) = 0 [pid 7311] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 5867] getdents64(3, [pid 7311] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5867] close(3 [pid 7311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7304] <... mount resumed>) = -1 EEXIST (File exists) [pid 5867] <... close resumed>) = 0 [pid 7311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7304] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] rmdir("./73" [pid 7311] <... mmap resumed>) = 0x7fb4714f6000 [pid 7311] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 7311] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7304] <... openat resumed>) = 3 [pid 5867] mkdir("./74", 0777 [pid 7311] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7312 attached => {parent_tid=[7312]}, 88) = 7312 [pid 5867] <... mkdir resumed>) = 0 [pid 7311] rt_sigprocmask(SIG_SETMASK, [], [pid 7304] ioctl(3, LOOP_CLR_FD [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7312] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... openat resumed>) = 3 [pid 7312] <... rseq resumed>) = 0 [pid 7311] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... ioctl resumed>) = 0 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 7312] set_robust_list(0x7fb4715169a0, 24 [pid 7311] <... futex resumed>) = 0 [pid 7304] close(3 [pid 7312] <... set_robust_list resumed>) = 0 [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7312] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] close(3 [pid 7312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... close resumed>) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7312] memfd_create("syzkaller", 0./strace-static-x86_64: Process 7313 attached [pid 7313] set_robust_list(0x55558d547760, 24 [pid 7312] <... memfd_create resumed>) = 3 [pid 5867] <... clone resumed>, child_tidptr=0x55558d547750) = 7313 [pid 7313] <... set_robust_list resumed>) = 0 [pid 7312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7313] chdir("./74" [pid 7312] <... mmap resumed>) = 0x7fb469000000 [pid 7313] <... chdir resumed>) = 0 [pid 7313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7313] setpgid(0, 0) = 0 executing program [pid 7313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7313] write(3, "1000", 4) = 4 [pid 7313] close(3) = 0 [pid 7313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7313] write(1, "executing program\n", 18) = 18 [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 246.238687][ T7304] [ 246.243809][ T7304] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 246.564637][ T7304] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7313] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7314 attached => {parent_tid=[7314]}, 88) = 7314 [pid 7314] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], [pid 7314] <... rseq resumed>) = 0 [pid 7314] set_robust_list(0x7fb4715169a0, 24 [pid 7313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7314] <... set_robust_list resumed>) = 0 [pid 7314] rt_sigprocmask(SIG_SETMASK, [], [pid 7313] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7313] <... futex resumed>) = 0 [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7314] memfd_create("syzkaller", 0) = 3 [pid 7314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7306] <... munmap resumed>) = 0 [pid 7306] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7306] close(3) = 0 [pid 7306] close(4) = 0 [pid 7306] mkdir("./file0", 0777) = 0 [pid 7306] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7304] <... close resumed>) = 0 [pid 7304] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7303] <... futex resumed>) = 0 [pid 7303] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = 0 [pid 7303] <... futex resumed>) = 1 [pid 7304] openat(AT_FDCWD, ".", O_RDONLY [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] <... openat resumed>) = 3 [pid 7304] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7303] <... futex resumed>) = 0 [pid 7304] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7303] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = 0 [pid 7303] <... futex resumed>) = 1 [pid 7304] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] <... ioctl resumed>) = 0 [pid 7304] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7303] <... futex resumed>) = 0 [pid 7304] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7303] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7303] <... futex resumed>) = 0 [pid 7304] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] <... openat resumed>) = 4 [ 246.660398][ T7306] loop2: detected capacity change from 0 to 32768 [ 246.696075][ T7306] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7304] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7303] <... futex resumed>) = 0 [pid 7304] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7303] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] <... futex resumed>) = 0 [pid 7303] <... futex resumed>) = 1 [pid 7304] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 246.735189][ T7306] CPU: 1 UID: 0 PID: 7306 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 246.735228][ T7306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 246.735242][ T7306] Call Trace: [ 246.735250][ T7306] [ 246.735260][ T7306] dump_stack_lvl+0x189/0x250 [ 246.735293][ T7306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.735317][ T7306] ? __pfx__printk+0x10/0x10 [ 246.735344][ T7306] ? kernfs_root+0x1c/0x230 [pid 7303] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 246.735368][ T7306] ? kernfs_path_from_node+0x250/0x290 [ 246.735390][ T7306] ? kernfs_path_from_node+0x2f/0x290 [ 246.735415][ T7306] sysfs_create_dir_ns+0x259/0x280 [ 246.735438][ T7306] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 246.735461][ T7306] ? do_raw_spin_unlock+0x122/0x240 [ 246.735490][ T7306] kobject_add_internal+0x59f/0xb40 [ 246.735518][ T7306] kobject_init_and_add+0x125/0x190 [ 246.735543][ T7306] ? __pfx_kobject_init_and_add+0x10/0x10 [ 246.735566][ T7306] ? __raw_spin_lock_init+0x45/0x100 [ 246.735590][ T7306] ? __init_swait_queue_head+0xa9/0x150 [ 246.735615][ T7306] gfs2_sys_fs_add+0x234/0x450 [ 246.735637][ T7306] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 246.735662][ T7306] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 246.735696][ T7306] gfs2_fill_super+0x13c0/0x20d0 [ 246.735730][ T7306] ? __pfx_gfs2_fill_super+0x10/0x10 [ 246.735758][ T7306] ? sb_set_blocksize+0x104/0x180 [ 246.735788][ T7306] ? setup_bdev_super+0x4c1/0x5b0 [ 246.735817][ T7306] get_tree_bdev_flags+0x40b/0x4d0 [ 246.735844][ T7306] ? __pfx_gfs2_fill_super+0x10/0x10 [ 246.735870][ T7306] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 246.735902][ T7306] gfs2_get_tree+0x51/0x1e0 [ 246.735930][ T7306] vfs_get_tree+0x8f/0x2b0 [ 246.735959][ T7306] do_new_mount+0x2a2/0xa30 [ 246.735990][ T7306] ? ns_capable+0x8a/0xf0 [ 246.736009][ T7306] ? __pfx_do_new_mount+0x10/0x10 [ 246.736038][ T7306] ? path_mount+0x61c/0xfe0 [ 246.736064][ T7306] ? user_path_at+0x44/0x60 [ 246.736091][ T7306] __se_sys_mount+0x317/0x410 [ 246.736124][ T7306] ? __pfx___se_sys_mount+0x10/0x10 [ 246.736153][ T7306] ? rcu_is_watching+0x15/0xb0 [ 246.736175][ T7306] ? __x64_sys_mount+0x20/0xc0 [ 246.736207][ T7306] do_syscall_64+0xfa/0x3b0 [ 246.736236][ T7306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.736256][ T7306] ? clear_bhb_loop+0x60/0xb0 [ 246.736278][ T7306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.736298][ T7306] RIP: 0033:0x7fb47156b94a [pid 7303] exit_group(0) = ? [pid 7304] <... write resumed>) = ? [pid 7304] +++ exited with 0 +++ [pid 7303] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7303, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=71 /* 0.71 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./75/file0") = 0 [pid 5868] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./75/binderfs") = 0 [pid 5868] umount2("./75/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./75/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3522560, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 246.736316][ T7306] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 246.736334][ T7306] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 246.736356][ T7306] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 246.736372][ T7306] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 246.736387][ T7306] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 246.736401][ T7306] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5868] unlink("./75/cpuset.effective_mems") = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./75") = 0 [pid 5868] mkdir("./76", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [ 246.736419][ T7306] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 246.736440][ T7306] [ 246.736481][ T7306] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7317 attached , child_tidptr=0x55558d547750) = 7317 [pid 7317] set_robust_list(0x55558d547760, 24) = 0 [pid 7317] chdir("./76") = 0 [pid 7317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7317] setpgid(0, 0) = 0 [pid 7317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216executing program [pid 7317] <... openat resumed>) = 3 [pid 7317] write(3, "1000", 4) = 4 [pid 7317] close(3) = 0 [pid 7317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7317] write(1, "executing program\n", 18) = 18 [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7317] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7317] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7318 attached [pid 7318] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7317] <... clone3 resumed> => {parent_tid=[7318]}, 88) = 7318 [pid 7318] <... rseq resumed>) = 0 [pid 7317] rt_sigprocmask(SIG_SETMASK, [], [pid 7318] set_robust_list(0x7fb4715169a0, 24 [pid 7317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7318] <... set_robust_list resumed>) = 0 [pid 7317] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] rt_sigprocmask(SIG_SETMASK, [], [pid 7317] <... futex resumed>) = 0 [pid 7318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7318] memfd_create("syzkaller", 0) = 3 [pid 7306] <... mount resumed>) = -1 EEXIST (File exists) [pid 7318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7318] <... mmap resumed>) = 0x7fb469000000 [pid 7306] <... openat resumed>) = 3 [pid 7306] ioctl(3, LOOP_CLR_FD) = 0 [ 247.144475][ T7306] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7306] close(3 [pid 7314] <... write resumed>) = 16777216 [pid 7314] munmap(0x7fb469000000, 138412032 [pid 7306] <... close resumed>) = 0 [pid 7306] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7314] <... munmap resumed>) = 0 [pid 7305] <... futex resumed>) = 0 [pid 7305] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7312] <... write resumed>) = 16777216 [pid 7306] <... futex resumed>) = 0 [pid 7305] <... futex resumed>) = 1 [pid 7306] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] <... openat resumed>) = 4 [pid 7306] <... futex resumed>) = 0 [pid 7305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7314] ioctl(4, LOOP_SET_FD, 3 [pid 7312] munmap(0x7fb469000000, 138412032 [pid 7306] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7306] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7305] <... futex resumed>) = 0 [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] <... ioctl resumed>) = 0 [pid 7306] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7305] <... futex resumed>) = 0 [pid 7306] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7305] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7305] <... futex resumed>) = 0 [pid 7306] <... openat resumed>) = 4 [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7305] <... futex resumed>) = 0 [pid 7306] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7305] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7305] <... futex resumed>) = 0 [pid 7306] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7305] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7314] <... ioctl resumed>) = 0 [pid 7314] close(3) = 0 [pid 7314] close(4) = 0 [pid 7314] mkdir("./file0", 0777) = 0 [ 247.392903][ T7314] loop0: detected capacity change from 0 to 32768 [pid 7314] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 247.459484][ T7314] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 247.467124][ T7314] CPU: 1 UID: 0 PID: 7314 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 247.467165][ T7314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.467187][ T7314] Call Trace: [ 247.467196][ T7314] [ 247.467205][ T7314] dump_stack_lvl+0x189/0x250 [ 247.467233][ T7314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.467255][ T7314] ? __pfx__printk+0x10/0x10 [ 247.467280][ T7314] ? kernfs_root+0x1c/0x230 [ 247.467321][ T7314] ? kernfs_path_from_node+0x250/0x290 [ 247.467342][ T7314] ? kernfs_path_from_node+0x2f/0x290 [ 247.467364][ T7314] sysfs_create_dir_ns+0x259/0x280 [ 247.467385][ T7314] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 247.467406][ T7314] ? do_raw_spin_unlock+0x122/0x240 [ 247.467433][ T7314] kobject_add_internal+0x59f/0xb40 [ 247.467459][ T7314] kobject_init_and_add+0x125/0x190 [ 247.467484][ T7314] ? __pfx_kobject_init_and_add+0x10/0x10 [pid 7312] <... munmap resumed>) = 0 [pid 7312] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7312] close(3) = 0 [pid 7312] close(4) = 0 [pid 7312] mkdir("./file0", 0777) = 0 [ 247.467506][ T7314] ? __raw_spin_lock_init+0x45/0x100 [ 247.467532][ T7314] ? __init_swait_queue_head+0xa9/0x150 [ 247.467559][ T7314] gfs2_sys_fs_add+0x234/0x450 [ 247.467581][ T7314] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 247.467607][ T7314] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 247.467640][ T7314] gfs2_fill_super+0x13c0/0x20d0 [ 247.467674][ T7314] ? __pfx_gfs2_fill_super+0x10/0x10 [ 247.467702][ T7314] ? sb_set_blocksize+0x104/0x180 [ 247.467731][ T7314] ? setup_bdev_super+0x4c1/0x5b0 [ 247.467760][ T7314] get_tree_bdev_flags+0x40b/0x4d0 [ 247.467787][ T7314] ? __pfx_gfs2_fill_super+0x10/0x10 [ 247.467812][ T7314] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 247.467844][ T7314] gfs2_get_tree+0x51/0x1e0 [ 247.467870][ T7314] vfs_get_tree+0x8f/0x2b0 [ 247.467898][ T7314] do_new_mount+0x2a2/0xa30 [ 247.467929][ T7314] ? ns_capable+0x8a/0xf0 [ 247.467949][ T7314] ? __pfx_do_new_mount+0x10/0x10 [ 247.467976][ T7314] ? path_mount+0x61c/0xfe0 [ 247.468003][ T7314] ? user_path_at+0x44/0x60 [ 247.468029][ T7314] __se_sys_mount+0x317/0x410 [ 247.468061][ T7314] ? __pfx___se_sys_mount+0x10/0x10 [ 247.468089][ T7314] ? rcu_is_watching+0x15/0xb0 [ 247.468112][ T7314] ? __x64_sys_mount+0x20/0xc0 [ 247.468142][ T7314] do_syscall_64+0xfa/0x3b0 [ 247.468163][ T7314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.468190][ T7314] ? clear_bhb_loop+0x60/0xb0 [ 247.468213][ T7314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.468231][ T7314] RIP: 0033:0x7fb47156b94a [ 247.468249][ T7314] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 247.468267][ T7314] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 247.468289][ T7314] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 247.468304][ T7314] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 247.468319][ T7314] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7312] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 247.468334][ T7314] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 247.468348][ T7314] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 247.468369][ T7314] [ 247.469182][ T7314] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 247.596555][ T7312] loop3: detected capacity change from 0 to 32768 [ 247.598024][ T7314] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 247.802445][ T7312] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 247.810026][ T7312] CPU: 0 UID: 0 PID: 7312 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 247.810057][ T7312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 247.810072][ T7312] Call Trace: [ 247.810081][ T7312] [ 247.810089][ T7312] dump_stack_lvl+0x189/0x250 [ 247.810138][ T7312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.810163][ T7312] ? __pfx__printk+0x10/0x10 [ 247.810190][ T7312] ? kernfs_root+0x1c/0x230 [ 247.810216][ T7312] ? kernfs_path_from_node+0x250/0x290 [ 247.810238][ T7312] ? kernfs_path_from_node+0x2f/0x290 [ 247.810263][ T7312] sysfs_create_dir_ns+0x259/0x280 [ 247.810287][ T7312] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 247.810310][ T7312] ? do_raw_spin_unlock+0x122/0x240 [ 247.810337][ T7312] kobject_add_internal+0x59f/0xb40 [ 247.810366][ T7312] kobject_init_and_add+0x125/0x190 [ 247.810391][ T7312] ? __pfx_kobject_init_and_add+0x10/0x10 [ 247.810415][ T7312] ? __raw_spin_lock_init+0x45/0x100 [ 247.810440][ T7312] ? __init_swait_queue_head+0xa9/0x150 [ 247.810467][ T7312] gfs2_sys_fs_add+0x234/0x450 [ 247.810488][ T7312] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 247.810512][ T7312] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 247.810546][ T7312] gfs2_fill_super+0x13c0/0x20d0 [ 247.810580][ T7312] ? __pfx_gfs2_fill_super+0x10/0x10 [ 247.810610][ T7312] ? sb_set_blocksize+0x104/0x180 [ 247.810641][ T7312] ? setup_bdev_super+0x4c1/0x5b0 [ 247.810671][ T7312] get_tree_bdev_flags+0x40b/0x4d0 [ 247.810700][ T7312] ? __pfx_gfs2_fill_super+0x10/0x10 [ 247.810727][ T7312] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 247.810759][ T7312] gfs2_get_tree+0x51/0x1e0 [ 247.810786][ T7312] vfs_get_tree+0x8f/0x2b0 [ 247.810815][ T7312] do_new_mount+0x2a2/0xa30 [ 247.810847][ T7312] ? ns_capable+0x8a/0xf0 [ 247.810866][ T7312] ? __pfx_do_new_mount+0x10/0x10 [ 247.810906][ T7312] ? path_mount+0x61c/0xfe0 [ 247.810934][ T7312] ? user_path_at+0x44/0x60 [ 247.810977][ T7312] __se_sys_mount+0x317/0x410 [ 247.811011][ T7312] ? __pfx___se_sys_mount+0x10/0x10 [pid 7318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7314] <... mount resumed>) = -1 EEXIST (File exists) [pid 7314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7314] ioctl(3, LOOP_CLR_FD) = 0 [pid 7314] close(3) = 0 [pid 7314] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7314] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7313] <... futex resumed>) = 0 [pid 7313] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7314] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7314] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7314] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7313] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7314] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7313] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7323]}, 88) = 7323 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7313] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7313] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714b4000 [pid 7313] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} => {parent_tid=[7324]}, 88) = 7324 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7313] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7305] exit_group(0) = ? [pid 7306] <... write resumed>) = ? [ 247.811041][ T7312] ? rcu_is_watching+0x15/0xb0 [ 247.811065][ T7312] ? __x64_sys_mount+0x20/0xc0 [ 247.811097][ T7312] do_syscall_64+0xfa/0x3b0 [ 247.811129][ T7312] ? rcu_is_watching+0x15/0xb0 [ 247.811149][ T7312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.811170][ T7312] ? clear_bhb_loop+0x60/0xb0 [ 247.811193][ T7312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.811213][ T7312] RIP: 0033:0x7fb47156b94a [pid 7306] +++ exited with 0 +++ [pid 7305] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7305, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=95 /* 0.95 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 247.811232][ T7312] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 247.811250][ T7312] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 247.811273][ T7312] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 247.811289][ T7312] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 247.811303][ T7312] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 247.811319][ T7312] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5869] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 7323 attached [pid 5869] newfstatat(3, "", [pid 7323] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7323] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 5869] getdents64(3, [pid 7323] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 7323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7323] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 7324 attached [pid 5869] getdents64(4, [pid 7324] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053) = 0 [pid 7323] <... openat resumed>) = 4 [pid 7314] <... ioctl resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7324] set_robust_list(0x7fb4714d49a0, 24 [pid 7323] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 7324] <... set_robust_list resumed>) = 0 [pid 7323] <... futex resumed>) = 0 [pid 7314] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7324] rt_sigprocmask(SIG_SETMASK, [], [pid 7323] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7314] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] rmdir("./71/file0" [pid 7324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7312] <... mount resumed>) = -1 EEXIST (File exists) [pid 5869] <... rmdir resumed>) = 0 [pid 7324] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7312] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./71/binderfs") = 0 [pid 5869] umount2("./71/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./71/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8863744, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./71/cpuset.effective_mems" [pid 7312] <... openat resumed>) = 3 [pid 7312] ioctl(3, LOOP_CLR_FD) = 0 [ 247.811332][ T7312] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 247.811353][ T7312] [ 247.811375][ T7312] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 248.137823][ T7312] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7312] close(3 [pid 7313] exit_group(0 [pid 7324] <... write resumed>) = ? [pid 7323] <... futex resumed>) = ? [pid 7313] <... exit_group resumed>) = ? [pid 7323] +++ exited with 0 +++ [pid 7314] <... futex resumed>) = ? [pid 7314] +++ exited with 0 +++ [pid 7324] +++ exited with 0 +++ [pid 7313] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7313, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=61 /* 0.61 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./74/file0") = 0 [pid 5867] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./74/binderfs") = 0 [pid 5867] umount2("./74/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./74/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=2416640, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./74/cpuset.effective_mems" [pid 7312] <... close resumed>) = 0 [pid 7312] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7311] <... futex resumed>) = 0 [pid 7311] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7312] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7312] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7311] <... futex resumed>) = 0 [pid 7312] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7311] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7311] <... futex resumed>) = 0 [pid 7312] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, [pid 7312] <... ioctl resumed>) = 0 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7312] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] close(3 [pid 7318] <... write resumed>) = 16777216 [pid 7312] <... futex resumed>) = 1 [pid 7311] <... futex resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 7318] munmap(0x7fb469000000, 138412032 [pid 7312] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7311] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] rmdir("./74" [pid 7312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7311] <... futex resumed>) = 0 [pid 5867] <... rmdir resumed>) = 0 [pid 7312] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] mkdir("./75", 0777 [pid 7312] <... openat resumed>) = 4 [pid 5867] <... mkdir resumed>) = 0 [pid 7312] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7312] <... futex resumed>) = 1 [pid 7311] <... futex resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 7312] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7311] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ioctl(3, LOOP_CLR_FD [pid 7312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7311] <... futex resumed>) = 0 [pid 5867] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 7312] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7311] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7325 attached , child_tidptr=0x55558d547750) = 7325 [pid 7325] set_robust_list(0x55558d547760, 24) = 0 [pid 7325] chdir("./75") = 0 [pid 7325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7325] setpgid(0, 0) = 0 [pid 7325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7325] write(3, "1000", 4) = 4 [pid 7325] close(3) = 0 [pid 7325] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7325] write(1, "executing program\n", 18) = 18 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7325] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7325] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 7325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7326]}, 88) = 7326 [pid 7325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7325] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7326 attached [pid 7326] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7326] set_robust_list(0x7fb4715169a0, 24 [pid 5869] getdents64(3, [pid 7326] <... set_robust_list resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7326] rt_sigprocmask(SIG_SETMASK, [], [pid 7311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] close(3 [pid 7326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7318] <... munmap resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7318] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7326] memfd_create("syzkaller", 0 [pid 5869] rmdir("./71" [pid 7326] <... memfd_create resumed>) = 3 [pid 7318] <... openat resumed>) = 4 [pid 7326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7318] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... rmdir resumed>) = 0 [pid 7318] <... ioctl resumed>) = 0 [pid 5869] mkdir("./72", 0777 [pid 7318] close(3 [pid 5869] <... mkdir resumed>) = 0 [pid 7318] <... close resumed>) = 0 [pid 7318] close(4 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7318] <... close resumed>) = 0 [pid 7318] mkdir("./file0", 0777 [pid 5869] <... openat resumed>) = 3 [pid 7318] <... mkdir resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7318] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7329 attached [pid 7329] set_robust_list(0x55558d547760, 24) = 0 [pid 7329] chdir("./72" [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7329 [pid 7329] <... chdir resumed>) = 0 [pid 7329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7329] setpgid(0, 0) = 0 [ 248.408939][ T7318] loop1: detected capacity change from 0 to 32768 [ 248.447402][ T7318] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [pid 7329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7329] write(3, "1000", 4) = 4 [pid 7329] close(3) = 0 [pid 7329] symlink("/dev/binderfs", "./binderfs") = 0 [ 248.466596][ T7318] CPU: 1 UID: 0 PID: 7318 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 248.466629][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 248.466643][ T7318] Call Trace: [ 248.466652][ T7318] [ 248.466661][ T7318] dump_stack_lvl+0x189/0x250 [ 248.466694][ T7318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.466723][ T7318] ? __pfx__printk+0x10/0x10 [ 248.466751][ T7318] ? kernfs_root+0x1c/0x230 executing program [pid 7329] write(1, "executing program\n", 18) = 18 [pid 7329] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7329] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7330]}, 88) = 7330 [pid 7329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7329] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7330 attached [pid 7330] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7330] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7330] memfd_create("syzkaller", 0) = 3 [pid 7330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 248.466777][ T7318] ? kernfs_path_from_node+0x250/0x290 [ 248.466800][ T7318] ? kernfs_path_from_node+0x2f/0x290 [ 248.466825][ T7318] sysfs_create_dir_ns+0x259/0x280 [ 248.466848][ T7318] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 248.466871][ T7318] ? do_raw_spin_unlock+0x122/0x240 [ 248.466901][ T7318] kobject_add_internal+0x59f/0xb40 [ 248.466929][ T7318] kobject_init_and_add+0x125/0x190 [ 248.466967][ T7318] ? __pfx_kobject_init_and_add+0x10/0x10 [ 248.466990][ T7318] ? __raw_spin_lock_init+0x45/0x100 [ 248.467015][ T7318] ? __init_swait_queue_head+0xa9/0x150 [ 248.467042][ T7318] gfs2_sys_fs_add+0x234/0x450 [ 248.467083][ T7318] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 248.467107][ T7318] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 248.467141][ T7318] gfs2_fill_super+0x13c0/0x20d0 [ 248.467176][ T7318] ? __pfx_gfs2_fill_super+0x10/0x10 [ 248.467204][ T7318] ? sb_set_blocksize+0x104/0x180 [ 248.467235][ T7318] ? setup_bdev_super+0x4c1/0x5b0 [ 248.467263][ T7318] get_tree_bdev_flags+0x40b/0x4d0 [ 248.467291][ T7318] ? __pfx_gfs2_fill_super+0x10/0x10 [ 248.467317][ T7318] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 248.467378][ T7318] gfs2_get_tree+0x51/0x1e0 [ 248.467405][ T7318] vfs_get_tree+0x8f/0x2b0 [ 248.467434][ T7318] do_new_mount+0x2a2/0xa30 [ 248.467467][ T7318] ? ns_capable+0x8a/0xf0 [ 248.467486][ T7318] ? __pfx_do_new_mount+0x10/0x10 [ 248.467516][ T7318] ? path_mount+0x61c/0xfe0 [ 248.467544][ T7318] ? user_path_at+0x44/0x60 [ 248.467571][ T7318] __se_sys_mount+0x317/0x410 [ 248.467606][ T7318] ? __pfx___se_sys_mount+0x10/0x10 [ 248.467636][ T7318] ? rcu_is_watching+0x15/0xb0 [ 248.467659][ T7318] ? __x64_sys_mount+0x20/0xc0 [ 248.467691][ T7318] do_syscall_64+0xfa/0x3b0 [ 248.467713][ T7318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.467734][ T7318] ? clear_bhb_loop+0x60/0xb0 [ 248.467757][ T7318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.467778][ T7318] RIP: 0033:0x7fb47156b94a [ 248.467796][ T7318] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 248.467814][ T7318] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 248.467836][ T7318] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 248.467852][ T7318] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 248.467866][ T7318] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 248.467881][ T7318] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7318] <... mount resumed>) = -1 EEXIST (File exists) [pid 7318] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7318] ioctl(3, LOOP_CLR_FD) = 0 [ 248.467894][ T7318] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 248.467916][ T7318] [ 248.467979][ T7318] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 248.787506][ T7318] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7318] close(3 [pid 7311] exit_group(0) = ? [pid 7312] <... write resumed>) = ? [pid 7312] +++ exited with 0 +++ [pid 7311] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7311, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=87 /* 0.87 s */} --- [pid 5870] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./73/file0") = 0 [pid 5870] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./73/binderfs") = 0 [pid 5870] umount2("./73/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./73/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8204224, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./73/cpuset.effective_mems" [pid 7326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7318] <... close resumed>) = 0 [pid 7330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7318] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7318] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7317] <... futex resumed>) = 0 [pid 7317] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] <... futex resumed>) = 0 [pid 7317] <... futex resumed>) = 1 [pid 7318] openat(AT_FDCWD, ".", O_RDONLY [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7318] <... openat resumed>) = 3 [pid 7318] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7317] <... futex resumed>) = 0 [pid 7318] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7317] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7317] <... futex resumed>) = 0 [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7318] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5870] <... unlink resumed>) = 0 [pid 7318] <... ioctl resumed>) = 0 [pid 7318] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7317] <... futex resumed>) = 0 [pid 7318] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7317] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7317] <... futex resumed>) = 0 [pid 7318] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7318] <... openat resumed>) = 4 [pid 7318] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7317] <... futex resumed>) = 0 [pid 7318] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7317] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./73") = 0 [pid 5870] mkdir("./74", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7331 ./strace-static-x86_64: Process 7331 attached [pid 7317] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7331] set_robust_list(0x55558d547760, 24) = 0 [pid 7331] chdir("./74") = 0 [pid 7331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7331] setpgid(0, 0) = 0 [pid 7331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7331] write(3, "1000", 4) = 4 [pid 7331] close(3) = 0 [pid 7331] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7331] write(1, "executing program\n", 18) = 18 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7331] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7332]}, 88) = 7332 [pid 7331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7331] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7332 attached [pid 7332] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7332] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7332] memfd_create("syzkaller", 0) = 3 [pid 7332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7326] <... write resumed>) = 16777216 [pid 7326] munmap(0x7fb469000000, 138412032) = 0 [pid 7330] <... write resumed>) = 16777216 [pid 7326] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7330] munmap(0x7fb469000000, 138412032 [pid 7326] <... openat resumed>) = 4 [pid 7326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7326] close(3) = 0 [pid 7326] close(4) = 0 [pid 7326] mkdir("./file0", 0777) = 0 [ 249.210169][ T7326] loop0: detected capacity change from 0 to 32768 [pid 7326] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7317] exit_group(0) = ? [pid 7318] <... write resumed>) = ? [ 249.258853][ T7326] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 249.274661][ T7326] CPU: 1 UID: 0 PID: 7326 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 249.274693][ T7326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.274707][ T7326] Call Trace: [ 249.274716][ T7326] [ 249.274725][ T7326] dump_stack_lvl+0x189/0x250 [ 249.274758][ T7326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.274782][ T7326] ? __pfx__printk+0x10/0x10 [ 249.274809][ T7326] ? kernfs_root+0x1c/0x230 [ 249.274835][ T7326] ? kernfs_path_from_node+0x250/0x290 [ 249.274856][ T7326] ? kernfs_path_from_node+0x2f/0x290 [ 249.274881][ T7326] sysfs_create_dir_ns+0x259/0x280 [ 249.274904][ T7326] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 249.274927][ T7326] ? do_raw_spin_unlock+0x122/0x240 [ 249.274955][ T7326] kobject_add_internal+0x59f/0xb40 [ 249.274984][ T7326] kobject_init_and_add+0x125/0x190 [ 249.275008][ T7326] ? __pfx_kobject_init_and_add+0x10/0x10 [ 249.275032][ T7326] ? __raw_spin_lock_init+0x45/0x100 [ 249.275057][ T7326] ? __init_swait_queue_head+0xa9/0x150 [ 249.275083][ T7326] gfs2_sys_fs_add+0x234/0x450 [ 249.275105][ T7326] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 249.275133][ T7326] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 249.275166][ T7326] gfs2_fill_super+0x13c0/0x20d0 [ 249.275200][ T7326] ? __pfx_gfs2_fill_super+0x10/0x10 [ 249.275228][ T7326] ? sb_set_blocksize+0x104/0x180 [ 249.275266][ T7326] ? setup_bdev_super+0x4c1/0x5b0 [ 249.275296][ T7326] get_tree_bdev_flags+0x40b/0x4d0 [ 249.275323][ T7326] ? __pfx_gfs2_fill_super+0x10/0x10 [ 249.275349][ T7326] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 249.275382][ T7326] gfs2_get_tree+0x51/0x1e0 [ 249.275409][ T7326] vfs_get_tree+0x8f/0x2b0 [ 249.275436][ T7326] do_new_mount+0x2a2/0xa30 [ 249.275469][ T7326] ? ns_capable+0x8a/0xf0 [ 249.275487][ T7326] ? __pfx_do_new_mount+0x10/0x10 [ 249.275516][ T7326] ? path_mount+0x61c/0xfe0 [ 249.275543][ T7326] ? user_path_at+0x44/0x60 [ 249.275569][ T7326] __se_sys_mount+0x317/0x410 [ 249.275602][ T7326] ? __pfx___se_sys_mount+0x10/0x10 [ 249.275632][ T7326] ? rcu_is_watching+0x15/0xb0 [ 249.275654][ T7326] ? __x64_sys_mount+0x20/0xc0 [ 249.275685][ T7326] do_syscall_64+0xfa/0x3b0 [ 249.275707][ T7326] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.275727][ T7326] ? clear_bhb_loop+0x60/0xb0 [ 249.275750][ T7326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.275769][ T7326] RIP: 0033:0x7fb47156b94a [ 249.275788][ T7326] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 249.275806][ T7326] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 249.275828][ T7326] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 249.275844][ T7326] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 249.275859][ T7326] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7330] <... munmap resumed>) = 0 [pid 7318] +++ exited with 0 +++ [pid 7317] +++ exited with 0 +++ [pid 7332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7330] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7317, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=73 /* 0.73 s */} --- [pid 7330] <... openat resumed>) = 4 [ 249.275874][ T7326] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 249.275888][ T7326] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 249.275909][ T7326] [ 249.582326][ T7326] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 249.596468][ T7326] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 249.604191][ T7330] loop2: detected capacity change from 0 to 32768 [pid 7330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7330] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7330] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7330] close(4 [pid 5868] <... openat resumed>) = 3 [pid 7330] <... close resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 7330] mkdir("./file0", 0777 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7330] <... mkdir resumed>) = 0 [pid 5868] getdents64(3, [pid 7330] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./76/file0") = 0 [pid 5868] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./76/binderfs") = 0 [pid 5868] umount2("./76/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./76/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7868416, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 249.667258][ T7330] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 249.674702][ T7330] CPU: 0 UID: 0 PID: 7330 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 249.674730][ T7330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.674744][ T7330] Call Trace: [ 249.674753][ T7330] [ 249.674762][ T7330] dump_stack_lvl+0x189/0x250 [ 249.674794][ T7330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.674818][ T7330] ? __pfx__printk+0x10/0x10 [ 249.674843][ T7330] ? kernfs_root+0x1c/0x230 [ 249.674868][ T7330] ? kernfs_path_from_node+0x250/0x290 [ 249.674890][ T7330] ? kernfs_path_from_node+0x2f/0x290 [ 249.674915][ T7330] sysfs_create_dir_ns+0x259/0x280 [ 249.674937][ T7330] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 249.674960][ T7330] ? do_raw_spin_unlock+0x122/0x240 [ 249.674987][ T7330] kobject_add_internal+0x59f/0xb40 [ 249.675015][ T7330] kobject_init_and_add+0x125/0x190 [ 249.675040][ T7330] ? __pfx_kobject_init_and_add+0x10/0x10 [ 249.675063][ T7330] ? __raw_spin_lock_init+0x45/0x100 [ 249.675100][ T7330] ? __init_swait_queue_head+0xa9/0x150 [ 249.675128][ T7330] gfs2_sys_fs_add+0x234/0x450 [ 249.675148][ T7330] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 249.675169][ T7330] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 249.675208][ T7330] gfs2_fill_super+0x13c0/0x20d0 [ 249.675241][ T7330] ? __pfx_gfs2_fill_super+0x10/0x10 [ 249.675265][ T7330] ? sb_set_blocksize+0x104/0x180 [ 249.675293][ T7330] ? setup_bdev_super+0x4c1/0x5b0 [ 249.675320][ T7330] get_tree_bdev_flags+0x40b/0x4d0 [ 249.675347][ T7330] ? __pfx_gfs2_fill_super+0x10/0x10 [ 249.675372][ T7330] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 249.675404][ T7330] gfs2_get_tree+0x51/0x1e0 [ 249.675431][ T7330] vfs_get_tree+0x8f/0x2b0 [ 249.675459][ T7330] do_new_mount+0x2a2/0xa30 [ 249.675491][ T7330] ? ns_capable+0x8a/0xf0 [ 249.675509][ T7330] ? __pfx_do_new_mount+0x10/0x10 [ 249.675538][ T7330] ? path_mount+0x61c/0xfe0 [ 249.675565][ T7330] ? user_path_at+0x44/0x60 [ 249.675592][ T7330] __se_sys_mount+0x317/0x410 [ 249.675624][ T7330] ? __pfx___se_sys_mount+0x10/0x10 [ 249.675654][ T7330] ? rcu_is_watching+0x15/0xb0 [ 249.675676][ T7330] ? __x64_sys_mount+0x20/0xc0 [ 249.675707][ T7330] do_syscall_64+0xfa/0x3b0 [ 249.675728][ T7330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.675749][ T7330] ? clear_bhb_loop+0x60/0xb0 [ 249.675771][ T7330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.675791][ T7330] RIP: 0033:0x7fb47156b94a [ 249.675809][ T7330] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 249.675827][ T7330] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 249.675848][ T7330] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 249.675863][ T7330] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 249.675878][ T7330] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 249.675893][ T7330] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5868] unlink("./76/cpuset.effective_mems" [pid 7332] <... write resumed>) = 16777216 [pid 7326] <... mount resumed>) = -1 EEXIST (File exists) [pid 7332] munmap(0x7fb469000000, 138412032 [pid 7326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7326] ioctl(3, LOOP_CLR_FD [pid 7330] <... mount resumed>) = -1 EEXIST (File exists) [pid 7326] <... ioctl resumed>) = 0 [ 249.675907][ T7330] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 249.675928][ T7330] [ 249.991580][ T7330] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 250.005995][ T7330] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7326] close(3 [pid 5868] <... unlink resumed>) = 0 [pid 7330] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7326] <... close resumed>) = 0 [pid 7326] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7330] <... openat resumed>) = 3 [pid 5868] getdents64(3, [pid 7326] <... futex resumed>) = 1 [pid 7326] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7332] <... munmap resumed>) = 0 [pid 7325] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7332] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7325] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... openat resumed>) = 4 [pid 7326] <... futex resumed>) = 0 [pid 7325] <... futex resumed>) = 1 [pid 7332] ioctl(4, LOOP_SET_FD, 3 [pid 7326] openat(AT_FDCWD, ".", O_RDONLY [pid 7330] ioctl(3, LOOP_CLR_FD [pid 7326] <... openat resumed>) = 3 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(3 [pid 7330] <... ioctl resumed>) = 0 [pid 7326] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7330] close(3 [pid 7326] <... futex resumed>) = 1 [pid 7325] <... futex resumed>) = 0 [pid 7332] <... ioctl resumed>) = 0 [pid 7325] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rmdir("./76" [pid 7326] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7325] <... futex resumed>) = 0 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] close(3 [pid 5868] <... rmdir resumed>) = 0 [pid 7332] <... close resumed>) = 0 [pid 5868] mkdir("./77", 0777 [pid 7332] close(4) = 0 [pid 7332] mkdir("./file0", 0777 [pid 7326] <... ioctl resumed>) = 0 [pid 7332] <... mkdir resumed>) = 0 [pid 7326] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7326] <... futex resumed>) = 0 [pid 7325] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7326] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7325] <... futex resumed>) = 0 [ 250.101112][ T7332] loop3: detected capacity change from 0 to 32768 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7326] <... openat resumed>) = 4 [pid 7326] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7325] <... futex resumed>) = 0 [pid 7326] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7325] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... mkdir resumed>) = 0 [pid 7326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7325] <... futex resumed>) = 0 [pid 7326] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7325] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7330] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7330] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... futex resumed>) = 0 [pid 7329] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7330] <... futex resumed>) = 1 [pid 7330] openat(AT_FDCWD, ".", O_RDONLY [pid 5868] <... openat resumed>) = 3 [pid 7330] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7330] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 7330] <... futex resumed>) = 1 [pid 7329] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7329] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7330] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7339 attached , child_tidptr=0x55558d547750) = 7339 [pid 7339] set_robust_list(0x55558d547760, 24) = 0 [pid 7339] chdir("./77") = 0 [pid 7339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7339] setpgid(0, 0) = 0 [pid 7339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7339] write(3, "1000", 4) = 4 [pid 7339] close(3) = 0 [pid 7339] symlink("/dev/binderfs", "./binderfs") = 0 executing program [ 250.222692][ T7332] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 250.231012][ T7332] CPU: 0 UID: 0 PID: 7332 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 250.231041][ T7332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.231055][ T7332] Call Trace: [ 250.231064][ T7332] [ 250.231072][ T7332] dump_stack_lvl+0x189/0x250 [ 250.231103][ T7332] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 7339] write(1, "executing program\n", 18) = 18 [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7339] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7339] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7340 attached => {parent_tid=[7340]}, 88) = 7340 [pid 7339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7339] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7339] <... futex resumed>) = 0 [pid 7340] <... rseq resumed>) = 0 [pid 7340] set_robust_list(0x7fb4715169a0, 24 [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7340] <... set_robust_list resumed>) = 0 [pid 7329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7329] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714d5000 [pid 7329] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7330] <... ioctl resumed>) = 0 [pid 7329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7340] rt_sigprocmask(SIG_SETMASK, [], [pid 7330] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7341 attached [pid 7340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7330] <... futex resumed>) = 0 [pid 7341] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7340] memfd_create("syzkaller", 0 [pid 7330] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7329] <... clone3 resumed> => {parent_tid=[7341]}, 88) = 7341 [pid 7341] <... rseq resumed>) = 0 [pid 7329] rt_sigprocmask(SIG_SETMASK, [], [pid 7341] set_robust_list(0x7fb4714f59a0, 24 [pid 7329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7341] <... set_robust_list resumed>) = 0 [pid 7329] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [ 250.231127][ T7332] ? __pfx__printk+0x10/0x10 [ 250.231161][ T7332] ? kernfs_root+0x1c/0x230 [ 250.231186][ T7332] ? kernfs_path_from_node+0x250/0x290 [ 250.231208][ T7332] ? kernfs_path_from_node+0x2f/0x290 [ 250.231233][ T7332] sysfs_create_dir_ns+0x259/0x280 [ 250.231255][ T7332] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 250.231277][ T7332] ? do_raw_spin_unlock+0x122/0x240 [ 250.231305][ T7332] kobject_add_internal+0x59f/0xb40 [ 250.231332][ T7332] kobject_init_and_add+0x125/0x190 [ 250.231357][ T7332] ? __pfx_kobject_init_and_add+0x10/0x10 [ 250.231379][ T7332] ? __raw_spin_lock_init+0x45/0x100 [ 250.231405][ T7332] ? __init_swait_queue_head+0xa9/0x150 [ 250.231431][ T7332] gfs2_sys_fs_add+0x234/0x450 [ 250.231452][ T7332] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 250.231476][ T7332] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 250.231509][ T7332] gfs2_fill_super+0x13c0/0x20d0 [ 250.231541][ T7332] ? __pfx_gfs2_fill_super+0x10/0x10 [ 250.231569][ T7332] ? sb_set_blocksize+0x104/0x180 [ 250.231599][ T7332] ? setup_bdev_super+0x4c1/0x5b0 [ 250.231628][ T7332] get_tree_bdev_flags+0x40b/0x4d0 [ 250.231655][ T7332] ? __pfx_gfs2_fill_super+0x10/0x10 [ 250.231680][ T7332] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 250.231712][ T7332] gfs2_get_tree+0x51/0x1e0 [ 250.231739][ T7332] vfs_get_tree+0x8f/0x2b0 [ 250.231766][ T7332] do_new_mount+0x2a2/0xa30 [ 250.231797][ T7332] ? ns_capable+0x8a/0xf0 [ 250.231816][ T7332] ? __pfx_do_new_mount+0x10/0x10 [ 250.231845][ T7332] ? path_mount+0x61c/0xfe0 [ 250.231872][ T7332] ? user_path_at+0x44/0x60 [ 250.231898][ T7332] __se_sys_mount+0x317/0x410 [pid 7341] rt_sigprocmask(SIG_SETMASK, [], [pid 7329] <... futex resumed>) = 0 [pid 7341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7340] <... memfd_create resumed>) = 3 [pid 7341] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7329] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7341] <... openat resumed>) = 4 [pid 7340] <... mmap resumed>) = 0x7fb469000000 [pid 7341] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7341] <... futex resumed>) = 0 [pid 7329] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] <... futex resumed>) = 0 [pid 7329] <... futex resumed>) = 1 [pid 7330] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7329] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 250.231931][ T7332] ? __pfx___se_sys_mount+0x10/0x10 [ 250.231959][ T7332] ? rcu_is_watching+0x15/0xb0 [ 250.231983][ T7332] ? __x64_sys_mount+0x20/0xc0 [ 250.232013][ T7332] do_syscall_64+0xfa/0x3b0 [ 250.232034][ T7332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.232055][ T7332] ? clear_bhb_loop+0x60/0xb0 [ 250.232077][ T7332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.232096][ T7332] RIP: 0033:0x7fb47156b94a [pid 7325] exit_group(0) = ? [pid 7326] <... write resumed>) = ? [pid 7326] +++ exited with 0 +++ [pid 7325] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7325, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=44 /* 0.44 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 250.232114][ T7332] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 250.232132][ T7332] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 250.232161][ T7332] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 250.232177][ T7332] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 250.232192][ T7332] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 250.232206][ T7332] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5867] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./75/file0") = 0 [pid 5867] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./75/binderfs") = 0 [pid 5867] umount2("./75/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./75/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5312512, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 250.232220][ T7332] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 250.232241][ T7332] [ 250.232261][ T7332] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 5867] unlink("./75/cpuset.effective_mems") = 0 [pid 7332] <... mount resumed>) = -1 EEXIST (File exists) [pid 7332] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5867] getdents64(3, [pid 7332] <... openat resumed>) = 3 [pid 5867] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7332] ioctl(3, LOOP_CLR_FD) = 0 [pid 5867] close(3 [pid 7332] close(3 [pid 5867] <... close resumed>) = 0 [pid 5867] rmdir("./75") = 0 [pid 5867] mkdir("./76", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3 [pid 7329] exit_group(0 [pid 5867] <... close resumed>) = 0 [pid 7329] <... exit_group resumed>) = ? [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7342 [pid 7341] <... futex resumed>) = ? ./strace-static-x86_64: Process 7342 attached [pid 7341] +++ exited with 0 +++ [pid 7342] set_robust_list(0x55558d547760, 24) = 0 [pid 7342] chdir("./76") = 0 [pid 7342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7342] setpgid(0, 0) = 0 [pid 7342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 250.600018][ T7332] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7342] write(3, "1000", 4) = 4 [pid 7342] close(3) = 0 [pid 7342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7342] write(1, "executing program\n", 18executing program ) = 18 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7342] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7343]}, 88) = 7343 [pid 7342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7342] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7343 attached [pid 7343] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7343] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7343] memfd_create("syzkaller", 0 [pid 7330] <... write resumed>) = ? [pid 7343] <... memfd_create resumed>) = 3 [pid 7343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7330] +++ exited with 0 +++ [pid 7329] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7329, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=43 /* 0.43 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 7340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./72/file0") = 0 [pid 5869] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./72/binderfs") = 0 [pid 5869] umount2("./72/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./72/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5140416, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./72/cpuset.effective_mems" [pid 7332] <... close resumed>) = 0 [pid 7332] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7332] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] <... futex resumed>) = 0 [pid 7332] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] <... futex resumed>) = 0 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 7332] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7331] <... futex resumed>) = 0 [pid 7331] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5869] <... unlink resumed>) = 0 [pid 7332] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7331] <... futex resumed>) = 0 [pid 7331] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... futex resumed>) = 0 [pid 7331] <... futex resumed>) = 1 [pid 7332] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./72") = 0 [pid 5869] mkdir("./73", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7344 ./strace-static-x86_64: Process 7344 attached [pid 7344] set_robust_list(0x55558d547760, 24) = 0 [pid 7344] chdir("./73") = 0 [pid 7344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7344] setpgid(0, 0) = 0 [pid 7344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7344] write(3, "1000", 4) = 4 [pid 7344] close(3) = 0 [pid 7344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7344] write(1, "executing program\n", 18) = 18 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7344] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7344] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7345 attached => {parent_tid=[7345]}, 88) = 7345 [pid 7344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7344] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7345] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7345] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7345] memfd_create("syzkaller", 0) = 3 [pid 7345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7331] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7340] <... write resumed>) = 16777216 [pid 7340] munmap(0x7fb469000000, 138412032 [pid 7343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7340] <... munmap resumed>) = 0 [pid 7340] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7340] close(3) = 0 [pid 7340] close(4) = 0 [pid 7340] mkdir("./file0", 0777) = 0 [ 250.988119][ T7340] loop1: detected capacity change from 0 to 32768 [ 251.035793][ T7340] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 251.050756][ T7340] CPU: 1 UID: 0 PID: 7340 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 251.050788][ T7340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.050802][ T7340] Call Trace: [ 251.050811][ T7340] [ 251.050828][ T7340] dump_stack_lvl+0x189/0x250 [ 251.050862][ T7340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.050887][ T7340] ? __pfx__printk+0x10/0x10 [ 251.050915][ T7340] ? kernfs_root+0x1c/0x230 [ 251.050941][ T7340] ? kernfs_path_from_node+0x250/0x290 [ 251.050964][ T7340] ? kernfs_path_from_node+0x2f/0x290 [ 251.050989][ T7340] sysfs_create_dir_ns+0x259/0x280 [ 251.051011][ T7340] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 251.051035][ T7340] ? do_raw_spin_unlock+0x122/0x240 [ 251.051063][ T7340] kobject_add_internal+0x59f/0xb40 [ 251.051093][ T7340] kobject_init_and_add+0x125/0x190 [ 251.051119][ T7340] ? __pfx_kobject_init_and_add+0x10/0x10 [ 251.051142][ T7340] ? __raw_spin_lock_init+0x45/0x100 [ 251.051168][ T7340] ? __init_swait_queue_head+0xa9/0x150 [ 251.051194][ T7340] gfs2_sys_fs_add+0x234/0x450 [ 251.051217][ T7340] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 251.051241][ T7340] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 251.051275][ T7340] gfs2_fill_super+0x13c0/0x20d0 [ 251.051311][ T7340] ? __pfx_gfs2_fill_super+0x10/0x10 [ 251.051340][ T7340] ? sb_set_blocksize+0x104/0x180 [ 251.051372][ T7340] ? setup_bdev_super+0x4c1/0x5b0 [ 251.051401][ T7340] get_tree_bdev_flags+0x40b/0x4d0 [ 251.051430][ T7340] ? __pfx_gfs2_fill_super+0x10/0x10 [ 251.051462][ T7340] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 251.051496][ T7340] gfs2_get_tree+0x51/0x1e0 [ 251.051524][ T7340] vfs_get_tree+0x8f/0x2b0 [ 251.051552][ T7340] do_new_mount+0x2a2/0xa30 [ 251.051584][ T7340] ? ns_capable+0x8a/0xf0 [ 251.051604][ T7340] ? __pfx_do_new_mount+0x10/0x10 [ 251.051633][ T7340] ? path_mount+0x61c/0xfe0 [ 251.051661][ T7340] ? user_path_at+0x44/0x60 [ 251.051689][ T7340] __se_sys_mount+0x317/0x410 [ 251.051723][ T7340] ? __pfx___se_sys_mount+0x10/0x10 [ 251.051753][ T7340] ? rcu_is_watching+0x15/0xb0 [ 251.051776][ T7340] ? __x64_sys_mount+0x20/0xc0 [ 251.051809][ T7340] do_syscall_64+0xfa/0x3b0 [ 251.051842][ T7340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.051863][ T7340] ? clear_bhb_loop+0x60/0xb0 [ 251.051886][ T7340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.051907][ T7340] RIP: 0033:0x7fb47156b94a [pid 7340] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7331] exit_group(0) = ? [pid 7332] <... write resumed>) = ? [pid 7332] +++ exited with 0 +++ [pid 7331] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7331, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=76 /* 0.76 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./74/file0") = 0 [pid 5870] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./74/binderfs") = 0 [pid 5870] umount2("./74/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./74/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6496256, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 251.051925][ T7340] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 251.051944][ T7340] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 251.051966][ T7340] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 251.051981][ T7340] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 251.051996][ T7340] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 5870] unlink("./74/cpuset.effective_mems" [pid 7343] <... write resumed>) = 16777216 [ 251.052011][ T7340] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 251.052025][ T7340] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 251.052046][ T7340] [ 251.053731][ T7340] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7343] munmap(0x7fb469000000, 138412032 [pid 5870] <... unlink resumed>) = 0 [pid 7345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7340] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] getdents64(3, [pid 7340] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7340] ioctl(3, LOOP_CLR_FD [pid 7343] <... munmap resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] close(3 [pid 7343] <... openat resumed>) = 4 [pid 7340] <... ioctl resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7340] close(3 [ 251.381927][ T7340] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 5870] rmdir("./74") = 0 [pid 5870] mkdir("./75", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 7343] ioctl(4, LOOP_SET_FD, 3 [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7348 ./strace-static-x86_64: Process 7348 attached [pid 7343] <... ioctl resumed>) = 0 [pid 7343] close(3 [pid 7348] set_robust_list(0x55558d547760, 24) = 0 [pid 7343] <... close resumed>) = 0 [pid 7343] close(4 [pid 7348] chdir("./75" [pid 7343] <... close resumed>) = 0 [pid 7348] <... chdir resumed>) = 0 [pid 7343] mkdir("./file0", 0777 [pid 7348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7343] <... mkdir resumed>) = 0 [pid 7343] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7348] setpgid(0, 0) = 0 [pid 7348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7348] write(3, "1000", 4) = 4 [pid 7348] close(3) = 0 [pid 7348] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7348] write(1, "executing program\n", 18) = 18 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7348] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7350]}, 88) = 7350 ./strace-static-x86_64: Process 7350 attached [ 251.442878][ T7343] loop0: detected capacity change from 0 to 32768 [ 251.477165][ T7343] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 251.484940][ T7343] CPU: 1 UID: 0 PID: 7343 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 251.484971][ T7343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 251.484984][ T7343] Call Trace: [ 251.484993][ T7343] [ 251.485001][ T7343] dump_stack_lvl+0x189/0x250 [ 251.485034][ T7343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.485060][ T7343] ? __pfx__printk+0x10/0x10 [ 251.485087][ T7343] ? kernfs_root+0x1c/0x230 [ 251.485117][ T7343] ? kernfs_path_from_node+0x250/0x290 [ 251.485137][ T7343] ? kernfs_path_from_node+0x2f/0x290 [ 251.485160][ T7343] sysfs_create_dir_ns+0x259/0x280 [ 251.485182][ T7343] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 251.485203][ T7343] ? do_raw_spin_unlock+0x122/0x240 [ 251.485229][ T7343] kobject_add_internal+0x59f/0xb40 [ 251.485257][ T7343] kobject_init_and_add+0x125/0x190 [ 251.485281][ T7343] ? __pfx_kobject_init_and_add+0x10/0x10 [ 251.485302][ T7343] ? __raw_spin_lock_init+0x45/0x100 [ 251.485327][ T7343] ? __init_swait_queue_head+0xa9/0x150 [ 251.485351][ T7343] gfs2_sys_fs_add+0x234/0x450 [ 251.485371][ T7343] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 251.485395][ T7343] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 251.485428][ T7343] gfs2_fill_super+0x13c0/0x20d0 [ 251.485460][ T7343] ? __pfx_gfs2_fill_super+0x10/0x10 [ 251.485487][ T7343] ? sb_set_blocksize+0x104/0x180 [ 251.485516][ T7343] ? setup_bdev_super+0x4c1/0x5b0 [ 251.485544][ T7343] get_tree_bdev_flags+0x40b/0x4d0 [ 251.485571][ T7343] ? __pfx_gfs2_fill_super+0x10/0x10 [ 251.485596][ T7343] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 251.485627][ T7343] gfs2_get_tree+0x51/0x1e0 [ 251.485654][ T7343] vfs_get_tree+0x8f/0x2b0 [ 251.485681][ T7343] do_new_mount+0x2a2/0xa30 [ 251.485713][ T7343] ? ns_capable+0x8a/0xf0 [ 251.485732][ T7343] ? __pfx_do_new_mount+0x10/0x10 [ 251.485772][ T7343] ? path_mount+0x61c/0xfe0 [ 251.485800][ T7343] ? user_path_at+0x44/0x60 [ 251.485829][ T7343] __se_sys_mount+0x317/0x410 [ 251.485862][ T7343] ? __pfx___se_sys_mount+0x10/0x10 [ 251.485892][ T7343] ? rcu_is_watching+0x15/0xb0 [ 251.485916][ T7343] ? __x64_sys_mount+0x20/0xc0 [ 251.485948][ T7343] do_syscall_64+0xfa/0x3b0 [ 251.485971][ T7343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.485993][ T7343] ? clear_bhb_loop+0x60/0xb0 [ 251.486015][ T7343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.486035][ T7343] RIP: 0033:0x7fb47156b94a [ 251.486053][ T7343] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 251.486072][ T7343] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 251.486094][ T7343] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 251.486110][ T7343] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 251.486125][ T7343] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 251.486140][ T7343] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 251.486154][ T7343] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 251.486176][ T7343] [pid 7348] rt_sigprocmask(SIG_SETMASK, [], [pid 7340] <... close resumed>) = 0 [pid 7340] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7339] <... futex resumed>) = 0 [pid 7340] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7339] <... futex resumed>) = 0 [pid 7340] openat(AT_FDCWD, ".", O_RDONLY [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7340] <... openat resumed>) = 3 [pid 7340] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7339] <... futex resumed>) = 0 [pid 7340] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7339] <... futex resumed>) = 0 [pid 7340] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7350] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7350] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7345] <... write resumed>) = 16777216 [pid 7345] munmap(0x7fb469000000, 138412032 [pid 7348] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] <... ioctl resumed>) = 0 [ 251.821031][ T7343] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 251.836130][ T7343] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7340] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7339] <... futex resumed>) = 0 [pid 7340] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7339] <... futex resumed>) = 0 [pid 7340] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7340] <... openat resumed>) = 4 [pid 7340] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7339] <... futex resumed>) = 0 [pid 7340] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7339] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7339] <... futex resumed>) = 0 [pid 7350] <... futex resumed>) = 0 [pid 7348] <... futex resumed>) = 1 [pid 7350] memfd_create("syzkaller", 0 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7350] <... memfd_create resumed>) = 3 [pid 7350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7339] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... munmap resumed>) = 0 [pid 7339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7345] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7345] close(3) = 0 [pid 7345] close(4) = 0 [pid 7345] mkdir("./file0", 0777) = 0 [ 251.926229][ T7345] loop2: detected capacity change from 0 to 32768 [pid 7345] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7343] <... mount resumed>) = -1 EEXIST (File exists) [pid 7343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7343] ioctl(3, LOOP_CLR_FD) = 0 [ 251.974214][ T7345] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 252.020035][ T7345] CPU: 0 UID: 0 PID: 7345 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 252.020067][ T7345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 252.020081][ T7345] Call Trace: [ 252.020090][ T7345] [ 252.020098][ T7345] dump_stack_lvl+0x189/0x250 [ 252.020129][ T7345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.020153][ T7345] ? __pfx__printk+0x10/0x10 [ 252.020178][ T7345] ? kernfs_root+0x1c/0x230 [ 252.020201][ T7345] ? kernfs_path_from_node+0x250/0x290 [ 252.020223][ T7345] ? kernfs_path_from_node+0x2f/0x290 [ 252.020246][ T7345] sysfs_create_dir_ns+0x259/0x280 [ 252.020269][ T7345] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 252.020291][ T7345] ? do_raw_spin_unlock+0x122/0x240 [ 252.020319][ T7345] kobject_add_internal+0x59f/0xb40 [ 252.020348][ T7345] kobject_init_and_add+0x125/0x190 [ 252.020374][ T7345] ? __pfx_kobject_init_and_add+0x10/0x10 [ 252.020398][ T7345] ? __raw_spin_lock_init+0x45/0x100 [ 252.020429][ T7345] ? __init_swait_queue_head+0xa9/0x150 [ 252.020456][ T7345] gfs2_sys_fs_add+0x234/0x450 [ 252.020479][ T7345] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 252.020503][ T7345] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 252.020538][ T7345] gfs2_fill_super+0x13c0/0x20d0 [ 252.020594][ T7345] ? __pfx_gfs2_fill_super+0x10/0x10 [ 252.020623][ T7345] ? sb_set_blocksize+0x104/0x180 [ 252.020654][ T7345] ? setup_bdev_super+0x4c1/0x5b0 [ 252.020685][ T7345] get_tree_bdev_flags+0x40b/0x4d0 [ 252.020713][ T7345] ? __pfx_gfs2_fill_super+0x10/0x10 [ 252.020740][ T7345] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 252.020773][ T7345] gfs2_get_tree+0x51/0x1e0 [ 252.020801][ T7345] vfs_get_tree+0x8f/0x2b0 [ 252.020831][ T7345] do_new_mount+0x2a2/0xa30 [ 252.020863][ T7345] ? ns_capable+0x8a/0xf0 [ 252.020883][ T7345] ? __pfx_do_new_mount+0x10/0x10 [ 252.020913][ T7345] ? path_mount+0x61c/0xfe0 [ 252.020941][ T7345] ? user_path_at+0x44/0x60 [ 252.020980][ T7345] __se_sys_mount+0x317/0x410 [ 252.021013][ T7345] ? __pfx___se_sys_mount+0x10/0x10 [ 252.021045][ T7345] ? rcu_is_watching+0x15/0xb0 [ 252.021068][ T7345] ? __x64_sys_mount+0x20/0xc0 [ 252.021100][ T7345] do_syscall_64+0xfa/0x3b0 [ 252.021122][ T7345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.021143][ T7345] ? clear_bhb_loop+0x60/0xb0 [ 252.021166][ T7345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.021186][ T7345] RIP: 0033:0x7fb47156b94a [ 252.021203][ T7345] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 252.021222][ T7345] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 252.021245][ T7345] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 252.021261][ T7345] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 252.021275][ T7345] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 252.021291][ T7345] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 252.021305][ T7345] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 7343] close(3 [pid 7340] <... write resumed>) = 16777152 [pid 7340] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7340] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7339] exit_group(0) = ? [pid 7340] <... futex resumed>) = ? [pid 7340] +++ exited with 0 +++ [pid 7339] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7339, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=95 /* 0.95 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./77/file0") = 0 [pid 5868] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./77/binderfs") = 0 [pid 5868] umount2("./77/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./77/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=16777152, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./77/cpuset.effective_mems" [pid 7343] <... close resumed>) = 0 [ 252.021327][ T7345] [ 252.021532][ T7345] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7343] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7342] <... futex resumed>) = 0 [pid 7343] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7343] <... futex resumed>) = 0 [pid 7342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7342] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... mount resumed>) = -1 EEXIST (File exists) [pid 7345] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7345] ioctl(3, LOOP_CLR_FD) = 0 [pid 7345] close(3 [pid 7343] <... ioctl resumed>) = 0 [pid 7343] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7343] <... openat resumed>) = 4 [pid 7343] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7342] <... futex resumed>) = 0 [pid 7342] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 252.382314][ T7345] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7342] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7345] <... close resumed>) = 0 [pid 7345] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7345] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7344] <... futex resumed>) = 0 [pid 7344] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = 0 [pid 7344] <... futex resumed>) = 1 [pid 7345] openat(AT_FDCWD, ".", O_RDONLY [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... openat resumed>) = 3 [pid 7345] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7344] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL]) = 0 [pid 7345] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7344] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7344] <... futex resumed>) = 0 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... openat resumed>) = 4 [pid 7345] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7345] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7344] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7344] <... futex resumed>) = 0 [pid 7345] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./77") = 0 [pid 5868] mkdir("./78", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7354 attached , child_tidptr=0x55558d547750) = 7354 [pid 7354] set_robust_list(0x55558d547760, 24) = 0 [pid 7354] chdir("./78") = 0 [pid 7354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7354] setpgid(0, 0) = 0 [pid 7354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7354] write(3, "1000", 4) = 4 [pid 7354] close(3) = 0 executing program [pid 7354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7354] write(1, "executing program\n", 18) = 18 [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7354] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7354] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7354] <... clone3 resumed> => {parent_tid=[7355]}, 88) = 7355 [pid 7344] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 7354] rt_sigprocmask(SIG_SETMASK, [], [pid 7344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7354] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7355 attached [pid 7355] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7354] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7355] <... rseq resumed>) = 0 [pid 7355] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7355] memfd_create("syzkaller", 0 [pid 7342] exit_group(0) = ? [pid 7343] <... write resumed>) = ? [pid 7355] <... memfd_create resumed>) = 3 [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7343] +++ exited with 0 +++ [pid 7342] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7342, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=37 /* 0.37 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./76/file0") = 0 [pid 5867] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./76/binderfs") = 0 [pid 5867] umount2("./76/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./76/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4939776, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./76/cpuset.effective_mems" [pid 7350] <... write resumed>) = 16777216 [pid 7350] munmap(0x7fb469000000, 138412032 [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./76") = 0 [pid 5867] mkdir("./77", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7356 attached , child_tidptr=0x55558d547750) = 7356 [pid 7356] set_robust_list(0x55558d547760, 24) = 0 [pid 7356] chdir("./77") = 0 [pid 7356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7350] <... munmap resumed>) = 0 [pid 7356] setpgid(0, 0 [pid 7350] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7356] <... setpgid resumed>) = 0 [pid 7350] <... openat resumed>) = 4 [pid 7344] exit_group(0) = ? [pid 7356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7350] ioctl(4, LOOP_SET_FD, 3 [pid 7345] <... write resumed>) = ? [pid 7356] <... openat resumed>) = 3 [pid 7350] <... ioctl resumed>) = 0 [pid 7356] write(3, "1000", 4 [pid 7350] close(3 [pid 7356] <... write resumed>) = 4 [pid 7350] <... close resumed>) = 0 [pid 7356] close(3 [pid 7350] close(4 [pid 7356] <... close resumed>) = 0 [pid 7350] <... close resumed>) = 0 [pid 7356] symlink("/dev/binderfs", "./binderfs" [pid 7350] mkdir("./file0", 0777executing program [pid 7356] <... symlink resumed>) = 0 [pid 7345] +++ exited with 0 +++ [pid 7344] +++ exited with 0 +++ [pid 7356] write(1, "executing program\n", 18) = 18 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7344, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=68 /* 0.68 s */} --- [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7356] <... futex resumed>) = 0 [pid 7356] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7356] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7357 attached [pid 5869] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7356] <... clone3 resumed> => {parent_tid=[7357]}, 88) = 7357 [pid 7357] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7356] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... openat resumed>) = 3 [pid 7357] <... rseq resumed>) = 0 [pid 7356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7356] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(3, "", [pid 7356] <... futex resumed>) = 0 [pid 7357] set_robust_list(0x7fb4715169a0, 24 [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7357] <... set_robust_list resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] getdents64(3, [pid 7357] memfd_create("syzkaller", 0 [pid 5869] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7357] <... memfd_create resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = 4 [pid 7357] <... mmap resumed>) = 0x7fb469000000 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./73/file0") = 0 [pid 7350] <... mkdir resumed>) = 0 [pid 5869] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7350] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./73/binderfs") = 0 [pid 5869] umount2("./73/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 252.787474][ T7350] loop3: detected capacity change from 0 to 32768 [pid 5869] newfstatat(AT_FDCWD, "./73/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=5337088, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 252.844352][ T7350] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 252.875398][ T7350] CPU: 1 UID: 0 PID: 7350 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 252.875431][ T7350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 252.875444][ T7350] Call Trace: [ 252.875451][ T7350] [ 252.875460][ T7350] dump_stack_lvl+0x189/0x250 [ 252.875492][ T7350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.875515][ T7350] ? __pfx__printk+0x10/0x10 [ 252.875540][ T7350] ? kernfs_root+0x1c/0x230 [ 252.875564][ T7350] ? kernfs_path_from_node+0x250/0x290 [ 252.875586][ T7350] ? kernfs_path_from_node+0x2f/0x290 [ 252.875610][ T7350] sysfs_create_dir_ns+0x259/0x280 [ 252.875643][ T7350] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 252.875664][ T7350] ? do_raw_spin_unlock+0x122/0x240 [ 252.875691][ T7350] kobject_add_internal+0x59f/0xb40 [ 252.875718][ T7350] kobject_init_and_add+0x125/0x190 [ 252.875742][ T7350] ? __pfx_kobject_init_and_add+0x10/0x10 [ 252.875763][ T7350] ? __raw_spin_lock_init+0x45/0x100 [ 252.875787][ T7350] ? __init_swait_queue_head+0xa9/0x150 [ 252.875812][ T7350] gfs2_sys_fs_add+0x234/0x450 [ 252.875835][ T7350] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 252.875859][ T7350] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 5869] unlink("./73/cpuset.effective_mems") = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./73") = 0 [pid 5869] mkdir("./74", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7360 attached [ 252.875894][ T7350] gfs2_fill_super+0x13c0/0x20d0 [ 252.875928][ T7350] ? __pfx_gfs2_fill_super+0x10/0x10 [ 252.875958][ T7350] ? sb_set_blocksize+0x104/0x180 [ 252.875988][ T7350] ? setup_bdev_super+0x4c1/0x5b0 [ 252.876017][ T7350] get_tree_bdev_flags+0x40b/0x4d0 [ 252.876045][ T7350] ? __pfx_gfs2_fill_super+0x10/0x10 [ 252.876071][ T7350] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 252.876103][ T7350] gfs2_get_tree+0x51/0x1e0 [ 252.876130][ T7350] vfs_get_tree+0x8f/0x2b0 [ 252.876159][ T7350] do_new_mount+0x2a2/0xa30 [pid 7360] set_robust_list(0x55558d547760, 24) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7360 [pid 7360] chdir("./74") = 0 [pid 7360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7360] setpgid(0, 0) = 0 executing program [pid 7360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7360] write(3, "1000", 4) = 4 [pid 7360] close(3) = 0 [pid 7360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7360] write(1, "executing program\n", 18) = 18 [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7360] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7361]}, 88) = 7361 [pid 7360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7360] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7361 attached [pid 7361] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7361] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7361] memfd_create("syzkaller", 0) = 3 [pid 7361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 252.876190][ T7350] ? ns_capable+0x8a/0xf0 [ 252.876209][ T7350] ? __pfx_do_new_mount+0x10/0x10 [ 252.876238][ T7350] ? path_mount+0x61c/0xfe0 [ 252.876265][ T7350] ? user_path_at+0x44/0x60 [ 252.876292][ T7350] __se_sys_mount+0x317/0x410 [ 252.876325][ T7350] ? __pfx___se_sys_mount+0x10/0x10 [ 252.876354][ T7350] ? rcu_is_watching+0x15/0xb0 [ 252.876377][ T7350] ? __x64_sys_mount+0x20/0xc0 [ 252.876408][ T7350] do_syscall_64+0xfa/0x3b0 [ 252.876430][ T7350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.876450][ T7350] ? clear_bhb_loop+0x60/0xb0 [ 252.876472][ T7350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.876493][ T7350] RIP: 0033:0x7fb47156b94a [ 252.876510][ T7350] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 252.876529][ T7350] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 252.876550][ T7350] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 252.876566][ T7350] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 252.876581][ T7350] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 252.876595][ T7350] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 252.876609][ T7350] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 252.876637][ T7350] [ 252.876794][ T7350] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [pid 7350] <... mount resumed>) = -1 EEXIST (File exists) [pid 7350] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7350] ioctl(3, LOOP_CLR_FD) = 0 [ 253.196860][ T7350] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7350] close(3 [pid 7357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7355] <... write resumed>) = 16777216 [pid 7350] <... close resumed>) = 0 [pid 7355] munmap(0x7fb469000000, 138412032 [pid 7350] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7350] openat(AT_FDCWD, ".", O_RDONLY [pid 7348] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... openat resumed>) = 3 [pid 7348] <... futex resumed>) = 0 [pid 7350] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... futex resumed>) = 0 [pid 7348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7350] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7348] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... ioctl resumed>) = 0 [pid 7350] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7348] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7350] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7348] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7348] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7355] <... munmap resumed>) = 0 [pid 7348] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7355] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7355] close(3) = 0 [pid 7355] close(4) = 0 [pid 7355] mkdir("./file0", 0777) = 0 [ 253.463266][ T7355] loop1: detected capacity change from 0 to 32768 [ 253.505521][ T7355] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 253.529116][ T7355] CPU: 0 UID: 0 PID: 7355 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 253.529149][ T7355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 253.529163][ T7355] Call Trace: [ 253.529172][ T7355] [ 253.529181][ T7355] dump_stack_lvl+0x189/0x250 [ 253.529213][ T7355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.529239][ T7355] ? __pfx__printk+0x10/0x10 [ 253.529265][ T7355] ? kernfs_root+0x1c/0x230 [ 253.529292][ T7355] ? kernfs_path_from_node+0x250/0x290 [ 253.529314][ T7355] ? kernfs_path_from_node+0x2f/0x290 [ 253.529339][ T7355] sysfs_create_dir_ns+0x259/0x280 [ 253.529363][ T7355] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 253.529385][ T7355] ? do_raw_spin_unlock+0x122/0x240 [ 253.529414][ T7355] kobject_add_internal+0x59f/0xb40 [ 253.529443][ T7355] kobject_init_and_add+0x125/0x190 [ 253.529468][ T7355] ? __pfx_kobject_init_and_add+0x10/0x10 [ 253.529491][ T7355] ? __raw_spin_lock_init+0x45/0x100 [ 253.529518][ T7355] ? __init_swait_queue_head+0xa9/0x150 [ 253.529544][ T7355] gfs2_sys_fs_add+0x234/0x450 [ 253.529567][ T7355] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 253.529592][ T7355] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 253.529635][ T7355] gfs2_fill_super+0x13c0/0x20d0 [pid 7355] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7357] <... write resumed>) = 16777216 [pid 7357] munmap(0x7fb469000000, 138412032 [pid 7361] <... write resumed>) = 16777216 [ 253.529670][ T7355] ? __pfx_gfs2_fill_super+0x10/0x10 [ 253.529698][ T7355] ? sb_set_blocksize+0x104/0x180 [ 253.529734][ T7355] ? setup_bdev_super+0x4c1/0x5b0 [ 253.529764][ T7355] get_tree_bdev_flags+0x40b/0x4d0 [ 253.529793][ T7355] ? __pfx_gfs2_fill_super+0x10/0x10 [ 253.529820][ T7355] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 253.529853][ T7355] gfs2_get_tree+0x51/0x1e0 [ 253.529882][ T7355] vfs_get_tree+0x8f/0x2b0 [ 253.529911][ T7355] do_new_mount+0x2a2/0xa30 [ 253.529943][ T7355] ? ns_capable+0x8a/0xf0 [pid 7361] munmap(0x7fb469000000, 138412032 [pid 7357] <... munmap resumed>) = 0 [pid 7357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 253.529963][ T7355] ? __pfx_do_new_mount+0x10/0x10 [ 253.529992][ T7355] ? path_mount+0x61c/0xfe0 [ 253.530020][ T7355] ? user_path_at+0x44/0x60 [ 253.530048][ T7355] __se_sys_mount+0x317/0x410 [ 253.530083][ T7355] ? __pfx___se_sys_mount+0x10/0x10 [ 253.530113][ T7355] ? rcu_is_watching+0x15/0xb0 [ 253.530137][ T7355] ? __x64_sys_mount+0x20/0xc0 [ 253.530169][ T7355] do_syscall_64+0xfa/0x3b0 [ 253.530190][ T7355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.530212][ T7355] ? clear_bhb_loop+0x60/0xb0 [ 253.530234][ T7355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.530255][ T7355] RIP: 0033:0x7fb47156b94a [ 253.530273][ T7355] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 253.530290][ T7355] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 253.530313][ T7355] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 253.530328][ T7355] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 253.530342][ T7355] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 253.530358][ T7355] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 253.530371][ T7355] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 253.530393][ T7355] [ 253.530581][ T7355] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 253.747563][ T7357] loop0: detected capacity change from 0 to 32768 [pid 7357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7357] close(3) = 0 [pid 7357] close(4) = 0 [pid 7357] mkdir("./file0", 0777) = 0 [pid 7357] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7361] <... munmap resumed>) = 0 [pid 7355] <... mount resumed>) = -1 EEXIST (File exists) [ 253.856464][ T7355] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 253.879533][ T7357] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 253.907300][ T7357] CPU: 1 UID: 0 PID: 7357 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 253.907334][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 253.907348][ T7357] Call Trace: [ 253.907356][ T7357] [ 253.907366][ T7357] dump_stack_lvl+0x189/0x250 [ 253.907397][ T7357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.907422][ T7357] ? __pfx__printk+0x10/0x10 [ 253.907450][ T7357] ? kernfs_root+0x1c/0x230 [pid 7361] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7355] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7361] <... openat resumed>) = 4 [ 253.907475][ T7357] ? kernfs_path_from_node+0x250/0x290 [ 253.907497][ T7357] ? kernfs_path_from_node+0x2f/0x290 [ 253.907522][ T7357] sysfs_create_dir_ns+0x259/0x280 [ 253.907545][ T7357] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 253.907568][ T7357] ? do_raw_spin_unlock+0x122/0x240 [ 253.907596][ T7357] kobject_add_internal+0x59f/0xb40 [ 253.907625][ T7357] kobject_init_and_add+0x125/0x190 [ 253.907650][ T7357] ? __pfx_kobject_init_and_add+0x10/0x10 [ 253.907673][ T7357] ? __raw_spin_lock_init+0x45/0x100 [ 253.907698][ T7357] ? __init_swait_queue_head+0xa9/0x150 [ 253.907724][ T7357] gfs2_sys_fs_add+0x234/0x450 [ 253.907745][ T7357] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 253.907776][ T7357] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 253.907811][ T7357] gfs2_fill_super+0x13c0/0x20d0 [ 253.907846][ T7357] ? __pfx_gfs2_fill_super+0x10/0x10 [ 253.907875][ T7357] ? sb_set_blocksize+0x104/0x180 [ 253.907905][ T7357] ? setup_bdev_super+0x4c1/0x5b0 [ 253.907937][ T7357] get_tree_bdev_flags+0x40b/0x4d0 [ 253.907965][ T7357] ? __pfx_gfs2_fill_super+0x10/0x10 [pid 7361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7355] <... openat resumed>) = 3 [pid 7361] close(3 [pid 7355] ioctl(3, LOOP_CLR_FD [pid 7361] <... close resumed>) = 0 [pid 7355] <... ioctl resumed>) = 0 [pid 7361] close(4 [pid 7355] close(3 [pid 7361] <... close resumed>) = 0 [pid 7361] mkdir("./file0", 0777) = 0 [pid 7361] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7348] exit_group(0) = ? [pid 7350] <... write resumed>) = ? [ 253.907991][ T7357] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 253.908025][ T7357] gfs2_get_tree+0x51/0x1e0 [ 253.908052][ T7357] vfs_get_tree+0x8f/0x2b0 [ 253.908080][ T7357] do_new_mount+0x2a2/0xa30 [ 253.908112][ T7357] ? ns_capable+0x8a/0xf0 [ 253.908131][ T7357] ? __pfx_do_new_mount+0x10/0x10 [ 253.908161][ T7357] ? path_mount+0x61c/0xfe0 [ 253.908188][ T7357] ? user_path_at+0x44/0x60 [ 253.908217][ T7357] __se_sys_mount+0x317/0x410 [ 253.908250][ T7357] ? __pfx___se_sys_mount+0x10/0x10 [pid 7350] +++ exited with 0 +++ [pid 7348] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7348, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=88 /* 0.88 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 253.908280][ T7357] ? rcu_is_watching+0x15/0xb0 [ 253.908304][ T7357] ? __x64_sys_mount+0x20/0xc0 [ 253.908335][ T7357] do_syscall_64+0xfa/0x3b0 [ 253.908357][ T7357] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.908378][ T7357] ? clear_bhb_loop+0x60/0xb0 [ 253.908401][ T7357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.908421][ T7357] RIP: 0033:0x7fb47156b94a [pid 5870] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./75/file0") = 0 [pid 5870] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./75/binderfs") = 0 [pid 5870] umount2("./75/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./75/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=13262848, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 253.908438][ T7357] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 253.908456][ T7357] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 253.908478][ T7357] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 253.908494][ T7357] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 253.908509][ T7357] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 253.908525][ T7357] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 5870] unlink("./75/cpuset.effective_mems" [pid 7357] <... mount resumed>) = -1 EEXIST (File exists) [pid 7357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7357] ioctl(3, LOOP_CLR_FD) = 0 [pid 7357] close(3) = 0 [pid 7357] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7356] <... futex resumed>) = 0 [pid 7357] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7356] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 253.908539][ T7357] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 253.908561][ T7357] [ 253.908582][ T7357] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 253.986909][ T7361] loop2: detected capacity change from 0 to 32768 [ 253.989533][ T7357] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 254.245586][ T7361] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 254.275667][ T7361] CPU: 0 UID: 0 PID: 7361 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 254.275698][ T7361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 254.275711][ T7361] Call Trace: [ 254.275719][ T7361] [ 254.275727][ T7361] dump_stack_lvl+0x189/0x250 [ 254.275766][ T7361] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.275790][ T7361] ? __pfx__printk+0x10/0x10 [ 254.275816][ T7361] ? kernfs_root+0x1c/0x230 [ 254.275839][ T7361] ? kernfs_path_from_node+0x250/0x290 [ 254.275861][ T7361] ? kernfs_path_from_node+0x2f/0x290 [ 254.275885][ T7361] sysfs_create_dir_ns+0x259/0x280 [ 254.275908][ T7361] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 254.275930][ T7361] ? do_raw_spin_unlock+0x122/0x240 [ 254.275958][ T7361] kobject_add_internal+0x59f/0xb40 [ 254.275987][ T7361] kobject_init_and_add+0x125/0x190 [ 254.276012][ T7361] ? __pfx_kobject_init_and_add+0x10/0x10 [ 254.276034][ T7361] ? __raw_spin_lock_init+0x45/0x100 [ 254.276058][ T7361] ? __init_swait_queue_head+0xa9/0x150 [ 254.276084][ T7361] gfs2_sys_fs_add+0x234/0x450 [ 254.276106][ T7361] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 254.276130][ T7361] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 254.276164][ T7361] gfs2_fill_super+0x13c0/0x20d0 [ 254.276199][ T7361] ? __pfx_gfs2_fill_super+0x10/0x10 [ 254.276227][ T7361] ? sb_set_blocksize+0x104/0x180 [ 254.276256][ T7361] ? setup_bdev_super+0x4c1/0x5b0 [ 254.276283][ T7361] get_tree_bdev_flags+0x40b/0x4d0 [ 254.276310][ T7361] ? __pfx_gfs2_fill_super+0x10/0x10 [ 254.276335][ T7361] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 254.276368][ T7361] gfs2_get_tree+0x51/0x1e0 [ 254.276396][ T7361] vfs_get_tree+0x8f/0x2b0 [ 254.276425][ T7361] do_new_mount+0x2a2/0xa30 [ 254.276457][ T7361] ? ns_capable+0x8a/0xf0 [ 254.276477][ T7361] ? __pfx_do_new_mount+0x10/0x10 [ 254.276506][ T7361] ? path_mount+0x61c/0xfe0 [ 254.276534][ T7361] ? user_path_at+0x44/0x60 [ 254.276562][ T7361] __se_sys_mount+0x317/0x410 [ 254.276595][ T7361] ? __pfx___se_sys_mount+0x10/0x10 [ 254.276625][ T7361] ? rcu_is_watching+0x15/0xb0 [ 254.276649][ T7361] ? __x64_sys_mount+0x20/0xc0 [ 254.276680][ T7361] do_syscall_64+0xfa/0x3b0 [ 254.276701][ T7361] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.276722][ T7361] ? clear_bhb_loop+0x60/0xb0 [ 254.276744][ T7361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.276772][ T7361] RIP: 0033:0x7fb47156b94a [ 254.276791][ T7361] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7357] openat(AT_FDCWD, ".", O_RDONLY [pid 7356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7355] <... close resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7357] <... openat resumed>) = 3 [pid 7356] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7357] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... futex resumed>) = 0 [pid 7357] <... futex resumed>) = 0 [pid 7356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7357] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7356] <... mmap resumed>) = 0x7fb4714d5000 [pid 7356] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7368]}, 88) = 7368 [pid 7356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7356] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7356] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./75") = 0 [pid 5870] mkdir("./76", 0777) = 0 [ 254.276809][ T7361] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 254.276831][ T7361] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 254.276846][ T7361] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 254.276862][ T7361] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 254.276877][ T7361] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 254.276891][ T7361] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7368 attached [pid 7368] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7355] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] <... rseq resumed>) = 0 [pid 7368] set_robust_list(0x7fb4714f59a0, 24 [pid 7355] <... futex resumed>) = 1 [pid 7354] <... futex resumed>) = 0 [pid 7368] <... set_robust_list resumed>) = 0 [pid 7355] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7368] rt_sigprocmask(SIG_SETMASK, [], [pid 7354] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7354] <... futex resumed>) = 0 [pid 7368] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7355] openat(AT_FDCWD, ".", O_RDONLY [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] <... openat resumed>) = 3 [pid 7355] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7355] <... futex resumed>) = 0 [pid 7354] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7354] <... futex resumed>) = 0 [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7369 attached [pid 7368] <... ioctl resumed>) = 0 [pid 7361] <... mount resumed>) = -1 EEXIST (File exists) [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7369 [pid 7368] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] set_robust_list(0x55558d547760, 24 [pid 7368] <... futex resumed>) = 1 [pid 7361] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7356] <... futex resumed>) = 0 [pid 7369] <... set_robust_list resumed>) = 0 [pid 7368] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7356] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] chdir("./76" [pid 7361] <... openat resumed>) = 3 [pid 7357] <... futex resumed>) = 0 [pid 7356] <... futex resumed>) = 1 [pid 7357] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7369] <... chdir resumed>) = 0 [pid 7369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7361] ioctl(3, LOOP_CLR_FD [pid 7357] <... openat resumed>) = 4 [pid 7355] <... ioctl resumed>) = 0 [pid 7369] setpgid(0, 0 [pid 7361] <... ioctl resumed>) = 0 [pid 7357] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... setpgid resumed>) = 0 [pid 7361] close(3 [pid 7357] <... futex resumed>) = 1 [pid 7356] <... futex resumed>) = 0 [pid 7355] <... futex resumed>) = 1 [pid 7354] <... futex resumed>) = 0 [pid 7369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7357] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7356] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... futex resumed>) = 0 [pid 7354] <... futex resumed>) = 0 [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 254.276913][ T7361] [ 254.276933][ T7361] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 254.593755][ T7361] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7369] <... openat resumed>) = 3 [pid 7355] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7355] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7355] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7369] write(3, "1000", 4 [pid 7354] <... futex resumed>) = 0 [pid 7369] <... write resumed>) = 4 [pid 7354] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] close(3 [pid 7354] <... futex resumed>) = 1 [pid 7369] <... close resumed>) = 0 [pid 7355] <... futex resumed>) = 0 [pid 7354] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7369] write(1, "executing program\n", 18executing program ) = 18 [pid 7369] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7369] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7370 attached => {parent_tid=[7370]}, 88) = 7370 [pid 7370] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], [pid 7370] <... rseq resumed>) = 0 [pid 7369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7370] set_robust_list(0x7fb4715169a0, 24 [pid 7369] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] <... set_robust_list resumed>) = 0 [pid 7369] <... futex resumed>) = 0 [pid 7370] rt_sigprocmask(SIG_SETMASK, [], [pid 7369] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7370] memfd_create("syzkaller", 0 [pid 7356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7356] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 7370] <... memfd_create resumed>) = 3 [pid 7370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7370] <... mmap resumed>) = 0x7fb469000000 [pid 7354] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7361] <... close resumed>) = 0 [pid 7361] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... futex resumed>) = 0 [pid 7361] <... futex resumed>) = 1 [pid 7360] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] openat(AT_FDCWD, ".", O_RDONLY [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7361] <... openat resumed>) = 3 [pid 7361] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7360] <... futex resumed>) = 0 [pid 7361] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7360] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7360] <... futex resumed>) = 0 [pid 7361] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7361] <... ioctl resumed>) = 0 [pid 7361] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7361] <... openat resumed>) = 4 [pid 7361] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... futex resumed>) = 0 [pid 7361] <... futex resumed>) = 1 [pid 7360] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7360] <... futex resumed>) = 0 [pid 7360] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7356] exit_group(0) = ? [pid 7368] <... futex resumed>) = ? [pid 7357] <... write resumed>) = ? [pid 7368] +++ exited with 0 +++ [pid 7357] +++ exited with 0 +++ [pid 7356] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7356, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=79 /* 0.79 s */} --- [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./77/file0") = 0 [pid 5867] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./77/binderfs") = 0 [pid 5867] umount2("./77/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./77/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7790528, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./77/cpuset.effective_mems" [pid 7354] exit_group(0) = ? [pid 7355] <... write resumed>) = ? [pid 7355] +++ exited with 0 +++ [pid 7354] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7354, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=71 /* 0.71 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("./78/file0") = 0 [pid 5868] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./78/binderfs") = 0 [pid 5868] umount2("./78/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./78/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=8626176, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./78/cpuset.effective_mems" [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./77") = 0 [pid 5867] mkdir("./78", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7371 attached , child_tidptr=0x55558d547750) = 7371 [pid 7371] set_robust_list(0x55558d547760, 24) = 0 [pid 7371] chdir("./78") = 0 [pid 7371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7371] setpgid(0, 0) = 0 [pid 7371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7371] write(3, "1000", 4) = 4 [pid 7371] close(3) = 0 [pid 7371] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7371] write(1, "executing program\n", 18) = 18 [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7371] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7371] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7360] exit_group(0) = ? [pid 7361] <... write resumed>) = ? [pid 7371] <... mprotect resumed>) = 0 [pid 7371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7361] +++ exited with 0 +++ [pid 7360] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7360, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=81 /* 0.81 s */} --- [pid 7371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7372 attached => {parent_tid=[7372]}, 88) = 7372 [pid 7371] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... restart_syscall resumed>) = 0 [pid 7371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7371] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./74/file0") = 0 [pid 5869] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./74/binderfs") = 0 [pid 7372] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 5869] umount2("./74/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7372] <... rseq resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7372] set_robust_list(0x7fb4715169a0, 24 [pid 5869] newfstatat(AT_FDCWD, "./74/cpuset.effective_mems", [pid 7372] <... set_robust_list resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=7110656, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7372] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] unlink("./74/cpuset.effective_mems" [pid 7372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7372] memfd_create("syzkaller", 0 [pid 5868] getdents64(3, [pid 7372] <... memfd_create resumed>) = 3 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 7372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] close(3 [pid 7372] <... mmap resumed>) = 0x7fb469000000 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./78") = 0 [pid 5868] mkdir("./79", 0777) = 0 [pid 7370] <... write resumed>) = 16777216 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7370] munmap(0x7fb469000000, 138412032 [pid 5868] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] <... unlink resumed>) = 0 [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7373 ./strace-static-x86_64: Process 7373 attached [pid 7373] set_robust_list(0x55558d547760, 24) = 0 [pid 7373] chdir("./79") = 0 [pid 7373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7373] setpgid(0, 0) = 0 [pid 7373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7373] write(3, "1000", 4) = 4 [pid 7373] close(3) = 0 [pid 7373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7373] write(1, "executing program\n", 18executing program ) = 18 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7373] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7373] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 7373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./74" [pid 7373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7374 attached => {parent_tid=[7374]}, 88) = 7374 [pid 5869] mkdir("./75", 0777 [pid 7374] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7373] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... mkdir resumed>) = 0 [pid 7373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7373] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3 [pid 7374] <... rseq resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7375 ./strace-static-x86_64: Process 7375 attached [pid 7375] set_robust_list(0x55558d547760, 24) = 0 [pid 7375] chdir("./75") = 0 [pid 7375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7375] setpgid(0, 0) = 0 [pid 7375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7374] set_robust_list(0x7fb4715169a0, 24executing program ) = 0 [pid 7375] <... openat resumed>) = 3 [pid 7374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7375] write(3, "1000", 4) = 4 [pid 7375] close(3) = 0 [pid 7375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7375] write(1, "executing program\n", 18) = 18 [pid 7375] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7374] memfd_create("syzkaller", 0 [pid 7375] <... futex resumed>) = 0 [pid 7375] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7374] <... memfd_create resumed>) = 3 [pid 7374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7374] <... mmap resumed>) = 0x7fb469000000 [pid 7375] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7370] <... munmap resumed>) = 0 [pid 7370] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7370] <... openat resumed>) = 4 [pid 7375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7370] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7376 attached [pid 7375] <... clone3 resumed> => {parent_tid=[7376]}, 88) = 7376 [pid 7375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7375] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7376] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7376] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7376] memfd_create("syzkaller", 0) = 3 [pid 7376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7370] <... ioctl resumed>) = 0 [pid 7370] close(3) = 0 [pid 7370] close(4) = 0 [pid 7370] mkdir("./file0", 0777) = 0 [ 255.315774][ T7370] loop3: detected capacity change from 0 to 32768 [ 255.366659][ T7370] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 255.374181][ T7370] CPU: 0 UID: 0 PID: 7370 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 255.374209][ T7370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.374222][ T7370] Call Trace: [ 255.374231][ T7370] [ 255.374239][ T7370] dump_stack_lvl+0x189/0x250 [ 255.374270][ T7370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.374299][ T7370] ? __pfx__printk+0x10/0x10 [ 255.374326][ T7370] ? kernfs_root+0x1c/0x230 [ 255.374355][ T7370] ? kernfs_path_from_node+0x250/0x290 [ 255.374377][ T7370] ? kernfs_path_from_node+0x2f/0x290 [ 255.374401][ T7370] sysfs_create_dir_ns+0x259/0x280 [ 255.374423][ T7370] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 255.374445][ T7370] ? do_raw_spin_unlock+0x122/0x240 [ 255.374473][ T7370] kobject_add_internal+0x59f/0xb40 [ 255.374500][ T7370] kobject_init_and_add+0x125/0x190 [ 255.374525][ T7370] ? __pfx_kobject_init_and_add+0x10/0x10 [ 255.374547][ T7370] ? __raw_spin_lock_init+0x45/0x100 [ 255.374572][ T7370] ? __init_swait_queue_head+0xa9/0x150 [ 255.374596][ T7370] gfs2_sys_fs_add+0x234/0x450 [ 255.374617][ T7370] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 255.374641][ T7370] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 255.374674][ T7370] gfs2_fill_super+0x13c0/0x20d0 [ 255.374708][ T7370] ? __pfx_gfs2_fill_super+0x10/0x10 [ 255.374735][ T7370] ? sb_set_blocksize+0x104/0x180 [ 255.374765][ T7370] ? setup_bdev_super+0x4c1/0x5b0 [ 255.374794][ T7370] get_tree_bdev_flags+0x40b/0x4d0 [ 255.374820][ T7370] ? __pfx_gfs2_fill_super+0x10/0x10 [ 255.374845][ T7370] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 255.374877][ T7370] gfs2_get_tree+0x51/0x1e0 [ 255.374903][ T7370] vfs_get_tree+0x8f/0x2b0 [ 255.374930][ T7370] do_new_mount+0x2a2/0xa30 [ 255.374961][ T7370] ? ns_capable+0x8a/0xf0 [ 255.374979][ T7370] ? __pfx_do_new_mount+0x10/0x10 [ 255.375008][ T7370] ? path_mount+0x61c/0xfe0 [ 255.375034][ T7370] ? user_path_at+0x44/0x60 [ 255.375061][ T7370] __se_sys_mount+0x317/0x410 [ 255.375092][ T7370] ? __pfx___se_sys_mount+0x10/0x10 [ 255.375125][ T7370] ? rcu_is_watching+0x15/0xb0 [ 255.375146][ T7370] ? __x64_sys_mount+0x20/0xc0 [ 255.375175][ T7370] do_syscall_64+0xfa/0x3b0 [ 255.375254][ T7370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.375276][ T7370] ? clear_bhb_loop+0x60/0xb0 [ 255.375297][ T7370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.375317][ T7370] RIP: 0033:0x7fb47156b94a [ 255.375336][ T7370] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 255.375360][ T7370] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 255.375382][ T7370] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 255.375398][ T7370] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 255.375413][ T7370] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 255.375428][ T7370] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [pid 7370] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 255.375442][ T7370] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 255.375463][ T7370] [ 255.682576][ T7370] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 255.696627][ T7370] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7372] <... write resumed>) = 16777216 [pid 7370] <... mount resumed>) = -1 EEXIST (File exists) [pid 7370] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7370] ioctl(3, LOOP_CLR_FD) = 0 [pid 7370] close(3 [pid 7372] munmap(0x7fb469000000, 138412032 [pid 7376] <... write resumed>) = 16777216 [pid 7376] munmap(0x7fb469000000, 138412032) = 0 [pid 7376] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7376] close(3) = 0 [pid 7376] close(4) = 0 [pid 7376] mkdir("./file0", 0777) = 0 [pid 7376] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7370] <... close resumed>) = 0 [ 255.907026][ T7376] loop2: detected capacity change from 0 to 32768 [pid 7370] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7370] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7369] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] openat(AT_FDCWD, ".", O_RDONLY [pid 7369] <... futex resumed>) = 0 [pid 7370] <... openat resumed>) = 3 [pid 7369] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7370] <... futex resumed>) = 0 [pid 7369] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7369] <... futex resumed>) = 0 [ 255.971047][ T7376] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 255.986939][ T7376] CPU: 1 UID: 0 PID: 7376 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 255.986972][ T7376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.986986][ T7376] Call Trace: [ 255.986995][ T7376] [pid 7369] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] <... munmap resumed>) = 0 [pid 7374] <... write resumed>) = 16777216 [pid 7374] munmap(0x7fb469000000, 138412032 [pid 7369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7369] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7372] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7372] <... openat resumed>) = 4 [pid 7369] <... mmap resumed>) = 0x7fb4714d5000 [pid 7372] ioctl(4, LOOP_SET_FD, 3 [pid 7369] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7381]}, 88) = 7381 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7369] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7381 attached [pid 7369] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 255.987005][ T7376] dump_stack_lvl+0x189/0x250 [ 255.987046][ T7376] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.987071][ T7376] ? __pfx__printk+0x10/0x10 [ 255.987099][ T7376] ? kernfs_root+0x1c/0x230 [ 255.987124][ T7376] ? kernfs_path_from_node+0x250/0x290 [ 255.987147][ T7376] ? kernfs_path_from_node+0x2f/0x290 [ 255.987172][ T7376] sysfs_create_dir_ns+0x259/0x280 [ 255.987196][ T7376] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 255.987219][ T7376] ? do_raw_spin_unlock+0x122/0x240 [ 255.987247][ T7376] kobject_add_internal+0x59f/0xb40 [pid 7381] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7381] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7381] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7372] <... ioctl resumed>) = 0 [pid 7372] close(3) = 0 [pid 7372] close(4) = 0 [pid 7372] mkdir("./file0", 0777) = 0 [ 255.987276][ T7376] kobject_init_and_add+0x125/0x190 [ 255.987301][ T7376] ? __pfx_kobject_init_and_add+0x10/0x10 [ 255.987331][ T7376] ? __raw_spin_lock_init+0x45/0x100 [ 255.987356][ T7376] ? __init_swait_queue_head+0xa9/0x150 [ 255.987383][ T7376] gfs2_sys_fs_add+0x234/0x450 [ 255.987405][ T7376] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 255.987430][ T7376] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 255.987463][ T7376] gfs2_fill_super+0x13c0/0x20d0 [ 255.987499][ T7376] ? __pfx_gfs2_fill_super+0x10/0x10 [ 255.987529][ T7376] ? sb_set_blocksize+0x104/0x180 [ 255.987566][ T7376] ? setup_bdev_super+0x4c1/0x5b0 [ 255.987597][ T7376] get_tree_bdev_flags+0x40b/0x4d0 [ 255.987625][ T7376] ? __pfx_gfs2_fill_super+0x10/0x10 [ 255.987658][ T7376] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 255.987692][ T7376] gfs2_get_tree+0x51/0x1e0 [ 255.987720][ T7376] vfs_get_tree+0x8f/0x2b0 [ 255.987749][ T7376] do_new_mount+0x2a2/0xa30 [ 255.987781][ T7376] ? ns_capable+0x8a/0xf0 [ 255.987801][ T7376] ? __pfx_do_new_mount+0x10/0x10 [ 255.987831][ T7376] ? path_mount+0x61c/0xfe0 [ 255.987859][ T7376] ? user_path_at+0x44/0x60 [ 255.987886][ T7376] __se_sys_mount+0x317/0x410 [ 255.987920][ T7376] ? __pfx___se_sys_mount+0x10/0x10 [ 255.987950][ T7376] ? rcu_is_watching+0x15/0xb0 [ 255.987973][ T7376] ? __x64_sys_mount+0x20/0xc0 [ 255.988005][ T7376] do_syscall_64+0xfa/0x3b0 [ 255.988028][ T7376] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.988049][ T7376] ? clear_bhb_loop+0x60/0xb0 [ 255.988071][ T7376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [pid 7372] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7376] <... mount resumed>) = -1 EEXIST (File exists) [pid 7374] <... munmap resumed>) = 0 [pid 7369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 255.988091][ T7376] RIP: 0033:0x7fb47156b94a [ 255.988109][ T7376] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 255.988128][ T7376] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 255.988150][ T7376] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 255.988165][ T7376] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [pid 7374] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7376] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7374] <... openat resumed>) = 4 [pid 7369] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] <... openat resumed>) = 3 [pid 7374] ioctl(4, LOOP_SET_FD, 3 [pid 7369] <... futex resumed>) = 0 [ 255.988180][ T7376] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 255.988194][ T7376] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 255.988208][ T7376] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 255.988229][ T7376] [ 255.988250][ T7376] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 256.057223][ T7372] loop0: detected capacity change from 0 to 32768 [ 256.059852][ T7376] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 256.116200][ T7372] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 256.278060][ T7374] loop1: detected capacity change from 0 to 32768 [ 256.284683][ T7372] CPU: 0 UID: 0 PID: 7372 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 256.284719][ T7372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.284735][ T7372] Call Trace: [ 256.284744][ T7372] [ 256.284756][ T7372] dump_stack_lvl+0x189/0x250 [ 256.284794][ T7372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.284822][ T7372] ? __pfx__printk+0x10/0x10 [ 256.284851][ T7372] ? kernfs_root+0x1c/0x230 [ 256.284881][ T7372] ? kernfs_path_from_node+0x250/0x290 [ 256.284905][ T7372] ? kernfs_path_from_node+0x2f/0x290 [ 256.284935][ T7372] sysfs_create_dir_ns+0x259/0x280 [ 256.284961][ T7372] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 256.284986][ T7372] ? do_raw_spin_unlock+0x122/0x240 [ 256.285018][ T7372] kobject_add_internal+0x59f/0xb40 [ 256.285050][ T7372] kobject_init_and_add+0x125/0x190 [pid 7376] ioctl(3, LOOP_CLR_FD [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7376] <... ioctl resumed>) = 0 [pid 7369] <... mmap resumed>) = 0x7fb4714b4000 [pid 7376] close(3 [pid 7369] mprotect(0x7fb4714b5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7374] <... ioctl resumed>) = 0 [pid 7374] close(3) = 0 [pid 7374] close(4) = 0 [pid 7374] mkdir("./file0", 0777) = 0 [pid 7374] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7376] <... close resumed>) = 0 [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7376] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7375] <... futex resumed>) = 0 [pid 7375] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7376] <... futex resumed>) = 1 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714d4990, parent_tid=0x7fb4714d4990, exit_signal=0, stack=0x7fb4714b4000, stack_size=0x20240, tls=0x7fb4714d46c0} [pid 7376] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7376] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7375] <... futex resumed>) = 0 [pid 7376] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7375] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7375] <... futex resumed>) = 0 [pid 7376] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7375] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7369] <... clone3 resumed> => {parent_tid=[7386]}, 88) = 7386 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7369] futex(0x7fb47160a6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7fb47160a6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7386 attached [ 256.285078][ T7372] ? __pfx_kobject_init_and_add+0x10/0x10 [ 256.285104][ T7372] ? __raw_spin_lock_init+0x45/0x100 [ 256.285139][ T7372] ? __init_swait_queue_head+0xa9/0x150 [ 256.285168][ T7372] gfs2_sys_fs_add+0x234/0x450 [ 256.285194][ T7372] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 256.285221][ T7372] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 256.285259][ T7372] gfs2_fill_super+0x13c0/0x20d0 [ 256.285298][ T7372] ? __pfx_gfs2_fill_super+0x10/0x10 [ 256.285330][ T7372] ? sb_set_blocksize+0x104/0x180 [pid 7386] rseq(0x7fb4714d4fe0, 0x20, 0, 0x53053053 [pid 7375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7370] <... ioctl resumed>) = 0 [pid 7369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7375] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = 0 [pid 7375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7370] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7375] <... mmap resumed>) = 0x7fb4714d5000 [pid 7375] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7386] <... rseq resumed>) = 0 [pid 7375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7386] set_robust_list(0x7fb4714d49a0, 24 [pid 7375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} [pid 7386] <... set_robust_list resumed>) = 0 [pid 7386] rt_sigprocmask(SIG_SETMASK, [], [pid 7375] <... clone3 resumed> => {parent_tid=[7387]}, 88) = 7387 [pid 7386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7375] rt_sigprocmask(SIG_SETMASK, [], [pid 7386] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7386] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7375] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7375] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7386] futex(0x7fb47160a6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] <... ioctl resumed>) = 0 [pid 7386] <... futex resumed>) = 0 [pid 7376] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] futex(0x7fb47160a6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7376] <... futex resumed>) = 0 [ 256.285364][ T7372] ? setup_bdev_super+0x4c1/0x5b0 [ 256.285398][ T7372] get_tree_bdev_flags+0x40b/0x4d0 [ 256.285428][ T7372] ? __pfx_gfs2_fill_super+0x10/0x10 [ 256.285459][ T7372] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 256.285496][ T7372] gfs2_get_tree+0x51/0x1e0 [ 256.285526][ T7372] vfs_get_tree+0x8f/0x2b0 [ 256.285568][ T7372] do_new_mount+0x2a2/0xa30 [ 256.285604][ T7372] ? ns_capable+0x8a/0xf0 [ 256.285625][ T7372] ? __pfx_do_new_mount+0x10/0x10 [ 256.285659][ T7372] ? path_mount+0x61c/0xfe0 [ 256.285690][ T7372] ? user_path_at+0x44/0x60 [pid 7376] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7387 attached [pid 7381] <... openat resumed>) = 4 [pid 7387] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7381] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7375] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] <... futex resumed>) = 0 [pid 7375] <... futex resumed>) = 1 [pid 7376] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7375] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7376] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7376] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7375] <... futex resumed>) = 0 [ 256.285723][ T7372] __se_sys_mount+0x317/0x410 [ 256.285762][ T7372] ? __pfx___se_sys_mount+0x10/0x10 [ 256.285796][ T7372] ? rcu_is_watching+0x15/0xb0 [ 256.285822][ T7372] ? __x64_sys_mount+0x20/0xc0 [ 256.285870][ T7372] do_syscall_64+0xfa/0x3b0 [ 256.285895][ T7372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.285916][ T7372] ? clear_bhb_loop+0x60/0xb0 [ 256.285940][ T7372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.285963][ T7372] RIP: 0033:0x7fb47156b94a [pid 7376] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7374] <... mount resumed>) = -1 EEXIST (File exists) [pid 7374] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7374] ioctl(3, LOOP_CLR_FD) = 0 [pid 7374] close(3) = 0 [pid 7374] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7374] openat(AT_FDCWD, ".", O_RDONLY [pid 7373] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] exit_group(0 [pid 7386] <... futex resumed>) = ? [pid 7370] <... futex resumed>) = ? [pid 7369] <... exit_group resumed>) = ? [pid 7386] +++ exited with 0 +++ [pid 7370] +++ exited with 0 +++ [pid 7373] <... futex resumed>) = 0 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7374] <... openat resumed>) = 3 [pid 7374] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7374] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7373] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7374] <... ioctl resumed>) = 0 [pid 7374] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7374] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7373] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7374] <... openat resumed>) = 4 [pid 7373] <... futex resumed>) = 0 [pid 7374] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7374] <... futex resumed>) = 0 [pid 7373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7374] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7373] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 256.285983][ T7372] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 256.286002][ T7372] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 256.286027][ T7372] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 256.286046][ T7372] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 256.286063][ T7372] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [pid 7373] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 256.286079][ T7372] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 256.286095][ T7372] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 256.286119][ T7372] [ 256.286192][ T7372] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 256.481872][ T7374] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 256.484790][ T7372] gfs2: fsid=syz:syz: error -17 adding sysfs files [pid 7387] <... rseq resumed>) = 0 [pid 7387] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7387] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7387] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7387] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7375] exit_group(0 [pid 7387] <... futex resumed>) = ? [pid 7375] <... exit_group resumed>) = ? [pid 7387] +++ exited with 0 +++ [pid 7376] <... futex resumed>) = ? [pid 7376] +++ exited with 0 +++ [pid 7375] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7375, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 256.518358][ T7374] CPU: 1 UID: 0 PID: 7374 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 256.518391][ T7374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.518406][ T7374] Call Trace: [ 256.518418][ T7374] [ 256.518428][ T7374] dump_stack_lvl+0x189/0x250 [ 256.518466][ T7374] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.518494][ T7374] ? __pfx__printk+0x10/0x10 [ 256.518524][ T7374] ? kernfs_root+0x1c/0x230 [ 256.518553][ T7374] ? kernfs_path_from_node+0x250/0x290 [ 256.518579][ T7374] ? kernfs_path_from_node+0x2f/0x290 [ 256.518607][ T7374] sysfs_create_dir_ns+0x259/0x280 [ 256.518633][ T7374] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 256.518659][ T7374] ? do_raw_spin_unlock+0x122/0x240 [ 256.518690][ T7374] kobject_add_internal+0x59f/0xb40 [ 256.518724][ T7374] kobject_init_and_add+0x125/0x190 [ 256.518753][ T7374] ? __pfx_kobject_init_and_add+0x10/0x10 [ 256.518779][ T7374] ? __raw_spin_lock_init+0x45/0x100 [ 256.518809][ T7374] ? __init_swait_queue_head+0xa9/0x150 [ 256.518839][ T7374] gfs2_sys_fs_add+0x234/0x450 [pid 5869] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("./75/file0") = 0 [pid 5869] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./75/binderfs") = 0 [pid 5869] umount2("./75/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./75/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./75/cpuset.effective_mems") = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./75") = 0 [pid 5869] mkdir("./76", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7388 [pid 7381] <... futex resumed>) = ? [ 256.518864][ T7374] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 256.518891][ T7374] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 256.518929][ T7374] gfs2_fill_super+0x13c0/0x20d0 [ 256.518967][ T7374] ? __pfx_gfs2_fill_super+0x10/0x10 [ 256.519000][ T7374] ? sb_set_blocksize+0x104/0x180 [ 256.519036][ T7374] ? setup_bdev_super+0x4c1/0x5b0 [ 256.519068][ T7374] get_tree_bdev_flags+0x40b/0x4d0 [ 256.519100][ T7374] ? __pfx_gfs2_fill_super+0x10/0x10 [ 256.519129][ T7374] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 256.519166][ T7374] gfs2_get_tree+0x51/0x1e0 [ 256.519198][ T7374] vfs_get_tree+0x8f/0x2b0 [ 256.519229][ T7374] do_new_mount+0x2a2/0xa30 [ 256.519274][ T7374] ? ns_capable+0x8a/0xf0 [ 256.519297][ T7374] ? __pfx_do_new_mount+0x10/0x10 [ 256.519329][ T7374] ? path_mount+0x61c/0xfe0 [ 256.519361][ T7374] ? user_path_at+0x44/0x60 [ 256.519397][ T7374] __se_sys_mount+0x317/0x410 [ 256.519435][ T7374] ? __pfx___se_sys_mount+0x10/0x10 [ 256.519469][ T7374] ? rcu_is_watching+0x15/0xb0 [ 256.519495][ T7374] ? __x64_sys_mount+0x20/0xc0 [ 256.519528][ T7374] do_syscall_64+0xfa/0x3b0 [ 256.519553][ T7374] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.519577][ T7374] ? clear_bhb_loop+0x60/0xb0 [ 256.519602][ T7374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.519624][ T7374] RIP: 0033:0x7fb47156b94a [ 256.519645][ T7374] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 ./strace-static-x86_64: Process 7388 attached [pid 7381] +++ exited with 0 +++ [pid 7369] +++ exited with 0 +++ [pid 7388] set_robust_list(0x55558d547760, 24) = 0 [pid 7388] chdir("./76") = 0 [pid 7388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7388] setpgid(0, 0) = 0 [pid 7388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7388] write(3, "1000", 4) = 4 [pid 7388] close(3) = 0 [pid 7388] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7388] write(1, "executing program\n", 18) = 18 [pid 7388] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7388] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7388] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7389]}, 88) = 7389 [pid 7388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7388] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7388] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7369, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=27 /* 0.27 s */} --- [pid 5870] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, [pid 7372] <... mount resumed>) = -1 EEXIST (File exists) [pid 7372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7372] ioctl(3, LOOP_CLR_FD) = 0 [ 256.519667][ T7374] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 256.519693][ T7374] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 256.519711][ T7374] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 256.519728][ T7374] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 256.519744][ T7374] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 256.519761][ T7374] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 256.519786][ T7374] [pid 7372] close(3./strace-static-x86_64: Process 7389 attached [pid 5870] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [ 256.531486][ T7374] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 256.534072][ T31] INFO: task kworker/0:2H:5960 blocked for more than 143 seconds. [ 256.563731][ T7374] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 256.564074][ T31] Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 [pid 7389] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7389] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7389] memfd_create("syzkaller", 0) = 3 [pid 7389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7373] exit_group(0) = ? [pid 5870] getdents64(4, [pid 7374] <... write resumed>) = ? [pid 7372] <... close resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55558d550830 /* 0 entries */, 32768) = 0 [pid 7372] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4 [pid 7374] +++ exited with 0 +++ [pid 7373] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7373, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=44 /* 0.44 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7372] <... futex resumed>) = 1 [pid 7371] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./76/file0" [pid 7371] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] openat(AT_FDCWD, ".", O_RDONLY [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7372] <... openat resumed>) = 3 [pid 7371] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5868] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7372] <... futex resumed>) = 0 [pid 7371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7372] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7371] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 7371] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5868] <... close resumed>) = 0 [ 257.072047][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 257.080909][ T31] task:kworker/0:2H state:D stack:25832 pid:5960 tgid:5960 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 257.093159][ T31] Workqueue: gfs2-glock/syz:syz glock_work_func [ 257.099689][ T31] Call Trace: [ 257.103761][ T31] [ 257.106874][ T31] __schedule+0x1798/0x4cc0 [ 257.111560][ T31] ? __set_page_owner+0x35f/0x4a0 [ 257.116945][ T31] ? rcu_read_lock_held+0xa/0x50 [pid 5868] rmdir("./79/file0") = 0 [pid 5868] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./79/binderfs" [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("./79/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./79/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=6533120, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./79/cpuset.effective_mems" [pid 7372] <... ioctl resumed>) = 0 [pid 5870] unlink("./76/binderfs") = 0 [pid 7372] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./76/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7372] <... futex resumed>) = 1 [pid 7371] <... futex resumed>) = 0 [pid 7371] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7372] <... openat resumed>) = 4 [pid 5870] newfstatat(AT_FDCWD, "./76/cpuset.effective_mems", [pid 7372] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7372] <... futex resumed>) = 1 [pid 7371] <... futex resumed>) = 0 [pid 5870] unlink("./76/cpuset.effective_mems" [pid 7371] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7371] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... unlink resumed>) = 0 [pid 7372] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./76") = 0 [pid 5870] mkdir("./77", 0777) = 0 [ 257.122094][ T31] ? __page_table_check_zero+0xba/0x530 [ 257.127909][ T31] ? __page_table_check_zero+0x406/0x530 [ 257.134082][ T31] ? __page_table_check_zero+0xba/0x530 [ 257.139949][ T31] ? __pfx___schedule+0x10/0x10 [ 257.145610][ T31] ? schedule+0x91/0x360 [ 257.150092][ T31] ? rcu_is_watching+0x15/0xb0 [ 257.154999][ T31] ? lock_release+0x4b/0x3e0 [ 257.159676][ T31] ? wq_worker_sleeping+0x63/0x250 [ 257.165233][ T31] schedule+0x165/0x360 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7390 attached [pid 7371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... clone resumed>, child_tidptr=0x55558d547750) = 7390 [pid 7390] set_robust_list(0x55558d547760, 24) = 0 [ 257.185223][ T31] io_schedule+0x80/0xd0 [ 257.189607][ T31] bit_wait_io+0x11/0xd0 [ 257.193876][ T31] __wait_on_bit_lock+0xec/0x4f0 [ 257.209578][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 257.225149][ T31] ? __pfx_bit_wait_io+0x10/0x10 [pid 7390] chdir("./77") = 0 [pid 7390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7390] setpgid(0, 0) = 0 [pid 7390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7390] write(3, "1000", 4) = 4 [pid 7390] close(3) = 0 [pid 7390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./79") = 0 [pid 5868] mkdir("./80", 0777 [pid 7390] write(1, "executing program\n", 18 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5868] close(3) = 0 executing program [pid 7390] <... write resumed>) = 18 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7390] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7391 attached [pid 7391] set_robust_list(0x55558d547760, 24 [pid 7390] <... futex resumed>) = 0 [pid 7391] <... set_robust_list resumed>) = 0 [pid 7390] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7391] chdir("./80" [pid 7390] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7391] <... chdir resumed>) = 0 [pid 7390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7391] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7391] <... prctl resumed>) = 0 [pid 7391] setpgid(0, 0 [pid 7390] <... mmap resumed>) = 0x7fb4714f6000 [pid 7391] <... setpgid resumed>) = 0 [pid 7390] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE [pid 7391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7390] <... mprotect resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55558d547750) = 7391 [pid 7391] <... openat resumed>) = 3 [pid 7390] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7391] write(3, "1000", 4 [pid 7390] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7391] <... write resumed>) = 4 [pid 7390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} [pid 7391] close(3./strace-static-x86_64: Process 7392 attached ) = 0 [pid 7390] <... clone3 resumed> => {parent_tid=[7392]}, 88) = 7392 [ 257.230161][ T31] out_of_line_wait_on_bit_lock+0x123/0x170 [ 257.246251][ T31] ? __pfx_out_of_line_wait_on_bit_lock+0x10/0x10 [ 257.263742][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 257.275169][ T31] block_invalidate_folio+0x376/0x730 [ 257.280887][ T31] ? shmem_mapping+0xd/0x50 [pid 7392] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7391] symlink("/dev/binderfs", "./binderfs" [pid 7390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7391] <... symlink resumed>) = 0 [pid 7390] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... rseq resumed>) = 0 [pid 7390] <... futex resumed>) = 0 [pid 7390] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7392] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7391] write(1, "executing program\n", 18 [pid 7392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7392] memfd_create("syzkaller", 0executing program ) = 3 [pid 7391] <... write resumed>) = 18 [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7391] <... futex resumed>) = 0 [pid 7391] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7392] <... mmap resumed>) = 0x7fb469000000 [pid 7391] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [ 257.293197][ T31] ? __pfx_block_invalidate_folio+0x10/0x10 [ 257.313187][ T31] ? folio_mapping+0x16f/0x240 [pid 7391] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7393 attached => {parent_tid=[7393]}, 88) = 7393 [pid 7393] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [ 257.335148][ T31] ? __pfx_block_invalidate_folio+0x10/0x10 [ 257.341210][ T31] truncate_cleanup_folio+0x2d8/0x430 [ 257.355470][ T31] truncate_inode_pages_range+0x233/0xda0 [pid 7391] rt_sigprocmask(SIG_SETMASK, [], [pid 7393] <... rseq resumed>) = 0 [pid 7393] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7393] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7391] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = 1 [pid 7393] memfd_create("syzkaller", 0) = 3 [pid 7393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7371] exit_group(0) = ? [pid 7372] <... write resumed>) = ? [pid 7372] +++ exited with 0 +++ [pid 7371] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7371, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=73 /* 0.73 s */} --- [ 257.385172][ T31] ? filemap_get_folios_tag+0xed/0x630 [ 257.390837][ T31] ? __pfx_truncate_inode_pages_range+0x10/0x10 [ 257.397439][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 257.402750][ T31] ? do_raw_spin_lock+0x121/0x290 [ 257.415207][ T31] ? rcu_is_watching+0x15/0xb0 [ 257.425176][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 257.430454][ T31] inode_go_inval+0xf9/0x2c0 [pid 5867] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", [pid 7389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5867] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 257.445158][ T31] ? __pfx_inode_go_inval+0x10/0x10 [ 257.455387][ T31] do_xmote+0x4e9/0x1060 [ 257.459704][ T31] glock_work_func+0x2a8/0x580 [ 257.475240][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 257.481252][ T31] ? process_scheduled_works+0x9ef/0x17b0 [pid 5867] newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./78/file0") = 0 [pid 5867] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./78/binderfs") = 0 [pid 5867] umount2("./78/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./78/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=4935680, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 257.495155][ T31] process_scheduled_works+0xae1/0x17b0 [ 257.500881][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 257.512778][ T31] worker_thread+0x8a0/0xda0 [ 257.525163][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.555170][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 257.561152][ T31] ? __kthread_parkme+0x7b/0x200 [ 257.595176][ T31] kthread+0x711/0x8a0 [ 257.599401][ T31] ? __pfx_worker_thread+0x10/0x10 [pid 5867] unlink("./78/cpuset.effective_mems") = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./78") = 0 [pid 5867] mkdir("./79", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [ 257.604551][ T31] ? __pfx_kthread+0x10/0x10 [ 257.619731][ T31] ? rcu_is_watching+0x15/0xb0 [ 257.624781][ T31] ? __pfx_kthread+0x10/0x10 [ 257.634940][ T31] ret_from_fork+0x3f9/0x770 [ 257.645162][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 257.650437][ T31] ? __switch_to_asm+0x39/0x70 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7394 attached , child_tidptr=0x55558d547750) = 7394 [pid 7394] set_robust_list(0x55558d547760, 24) = 0 [ 257.663605][ T31] ? __switch_to_asm+0x33/0x70 [ 257.682017][ T31] ? __pfx_kthread+0x10/0x10 [ 257.687871][ T31] ret_from_fork_asm+0x1a/0x30 [ 257.705178][ T31] [pid 7394] chdir("./79") = 0 [pid 7394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7394] setpgid(0, 0 [pid 7392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7394] <... setpgid resumed>) = 0 [pid 7394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7389] <... write resumed>) = 16777216 [pid 7394] write(3, "1000", 4 [pid 7389] munmap(0x7fb469000000, 138412032 [pid 7394] <... write resumed>) = 4 [pid 7394] close(3) = 0 [ 257.708412][ T31] INFO: task syz-executor878:6013 blocked for more than 144 seconds. [ 257.723439][ T31] Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 [ 257.741958][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [pid 7394] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7394] write(1, "executing program\n", 18) = 18 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7394] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7394] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 257.757742][ T31] task:syz-executor878 state:D stack:25224 pid:6013 tgid:6011 ppid:5871 task_flags:0x400140 flags:0x00004006 [ 257.785158][ T31] Call Trace: [ 257.788629][ T31] [ 257.791690][ T31] __schedule+0x1798/0x4cc0 [ 257.805174][ T31] ? lock_release+0x4b/0x3e0 [pid 7394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7395]}, 88) = 7395 [pid 7394] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7395 attached [pid 7395] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7395] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7395] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7394] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... futex resumed>) = 0 [pid 7394] <... futex resumed>) = 1 [pid 7389] <... munmap resumed>) = 0 [pid 7395] memfd_create("syzkaller", 0) = 3 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [pid 7389] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 257.809977][ T31] ? get_page_from_freelist+0x21e4/0x22c0 [ 257.825177][ T31] ? rcu_read_lock_held+0xa/0x50 [ 257.835396][ T31] ? __pfx___schedule+0x10/0x10 [ 257.840319][ T31] ? schedule+0x91/0x360 [ 257.855454][ T31] ? rcu_is_watching+0x15/0xb0 [pid 7389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7389] close(3) = 0 [pid 7389] close(4) = 0 [pid 7389] mkdir("./file0", 0777) = 0 [ 257.856748][ T7389] loop2: detected capacity change from 0 to 32768 [ 257.865560][ T31] ? lock_release+0x4b/0x3e0 [ 257.871376][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 257.885219][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.891733][ T31] schedule+0x165/0x360 [ 257.901829][ T31] io_schedule+0x80/0xd0 [ 257.930504][ T7389] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 257.945233][ T31] bit_wait_io+0x11/0xd0 [ 257.949628][ T31] __wait_on_bit_lock+0xec/0x4f0 [ 257.954607][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 257.955293][ T7389] CPU: 1 UID: 0 PID: 7389 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 257.955326][ T7389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 257.955342][ T7389] Call Trace: [ 257.955351][ T7389] [ 257.955369][ T7389] dump_stack_lvl+0x189/0x250 [ 257.955401][ T7389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.955429][ T7389] ? __pfx__printk+0x10/0x10 [ 257.955460][ T7389] ? kernfs_root+0x1c/0x230 [ 257.955488][ T7389] ? kernfs_path_from_node+0x250/0x290 [ 257.955512][ T7389] ? kernfs_path_from_node+0x2f/0x290 [ 257.955541][ T7389] sysfs_create_dir_ns+0x259/0x280 [ 257.955567][ T7389] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 257.955593][ T7389] ? do_raw_spin_unlock+0x122/0x240 [ 257.955624][ T7389] kobject_add_internal+0x59f/0xb40 [ 257.955656][ T7389] kobject_init_and_add+0x125/0x190 [ 257.955685][ T7389] ? __pfx_kobject_init_and_add+0x10/0x10 [ 257.955712][ T7389] ? __raw_spin_lock_init+0x45/0x100 [ 257.955741][ T7389] ? __init_swait_queue_head+0xa9/0x150 [ 257.955770][ T7389] gfs2_sys_fs_add+0x234/0x450 [ 257.955795][ T7389] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 257.955823][ T7389] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [pid 7389] mount("/dev/loop2", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7392] <... write resumed>) = 16777216 [ 257.955861][ T7389] gfs2_fill_super+0x13c0/0x20d0 [ 257.955900][ T7389] ? __pfx_gfs2_fill_super+0x10/0x10 [ 257.955933][ T7389] ? sb_set_blocksize+0x104/0x180 [ 257.955967][ T7389] ? setup_bdev_super+0x4c1/0x5b0 [ 257.956001][ T7389] get_tree_bdev_flags+0x40b/0x4d0 [ 257.956033][ T7389] ? __pfx_gfs2_fill_super+0x10/0x10 [ 257.956062][ T7389] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 257.956101][ T7389] gfs2_get_tree+0x51/0x1e0 [ 257.956132][ T7389] vfs_get_tree+0x8f/0x2b0 [ 257.956166][ T7389] do_new_mount+0x2a2/0xa30 [ 257.956204][ T7389] ? ns_capable+0x8a/0xf0 [pid 7392] munmap(0x7fb469000000, 138412032 [pid 7393] <... write resumed>) = 16777216 [ 257.956227][ T7389] ? __pfx_do_new_mount+0x10/0x10 [ 257.956259][ T7389] ? path_mount+0x61c/0xfe0 [ 257.956291][ T7389] ? user_path_at+0x44/0x60 [ 257.956321][ T7389] __se_sys_mount+0x317/0x410 [ 257.956366][ T7389] ? __pfx___se_sys_mount+0x10/0x10 [ 257.956400][ T7389] ? rcu_is_watching+0x15/0xb0 [ 257.956425][ T7389] ? __x64_sys_mount+0x20/0xc0 [ 257.956461][ T7389] do_syscall_64+0xfa/0x3b0 [ 257.956487][ T7389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.956509][ T7389] ? clear_bhb_loop+0x60/0xb0 [ 257.956535][ T7389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.956559][ T7389] RIP: 0033:0x7fb47156b94a [ 257.956580][ T7389] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 257.956602][ T7389] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 257.956627][ T7389] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 257.956645][ T7389] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 257.956662][ T7389] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 257.956680][ T7389] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 257.956696][ T7389] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 257.956722][ T7389] [ 257.956749][ T7389] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 258.175226][ T31] ? __pfx_bit_wait_io+0x10/0x10 [pid 7393] munmap(0x7fb469000000, 138412032 [pid 7392] <... munmap resumed>) = 0 [pid 7393] <... munmap resumed>) = 0 [pid 7393] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7392] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7393] <... openat resumed>) = 4 [pid 7392] <... openat resumed>) = 4 [pid 7393] ioctl(4, LOOP_SET_FD, 3 [pid 7392] ioctl(4, LOOP_SET_FD, 3 [pid 7389] <... mount resumed>) = -1 EEXIST (File exists) [pid 7395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7393] <... ioctl resumed>) = 0 [pid 7392] <... ioctl resumed>) = 0 [pid 7389] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 258.277074][ T7389] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 258.289134][ T31] out_of_line_wait_on_bit_lock+0x123/0x170 [ 258.295080][ T31] ? __pfx___might_resched+0x10/0x10 [ 258.308696][ T7393] loop1: detected capacity change from 0 to 32768 [ 258.317257][ T7392] loop3: detected capacity change from 0 to 32768 [ 258.319011][ T31] ? __pfx_out_of_line_wait_on_bit_lock+0x10/0x10 [pid 7393] close(3) = 0 [pid 7389] ioctl(3, LOOP_CLR_FD [pid 7392] close(3 [pid 7389] <... ioctl resumed>) = 0 [pid 7389] close(3 [pid 7392] <... close resumed>) = 0 [pid 7393] close(4 [pid 7392] close(4 [pid 7393] <... close resumed>) = 0 [pid 7392] <... close resumed>) = 0 [pid 7392] mkdir("./file0", 0777 [pid 7393] mkdir("./file0", 0777) = 0 [pid 7392] <... mkdir resumed>) = 0 [pid 7393] mount("/dev/loop1", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [ 258.330427][ T31] ? __filemap_get_folio+0x79f/0xaf0 [ 258.367971][ T7392] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 258.383041][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 258.394396][ T7393] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 258.415569][ T7392] CPU: 0 UID: 0 PID: 7392 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 258.415601][ T7392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 258.415615][ T7392] Call Trace: [ 258.415623][ T7392] [ 258.415632][ T7392] dump_stack_lvl+0x189/0x250 [ 258.415664][ T7392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.415688][ T7392] ? __pfx__printk+0x10/0x10 [ 258.415716][ T7392] ? kernfs_root+0x1c/0x230 [pid 7392] mount("/dev/loop3", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7395] <... write resumed>) = 16777216 [ 258.415742][ T7392] ? kernfs_path_from_node+0x250/0x290 [ 258.415764][ T7392] ? kernfs_path_from_node+0x2f/0x290 [ 258.415789][ T7392] sysfs_create_dir_ns+0x259/0x280 [ 258.415812][ T7392] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 258.415835][ T7392] ? do_raw_spin_unlock+0x122/0x240 [ 258.415863][ T7392] kobject_add_internal+0x59f/0xb40 [ 258.415892][ T7392] kobject_init_and_add+0x125/0x190 [ 258.415918][ T7392] ? __pfx_kobject_init_and_add+0x10/0x10 [ 258.415941][ T7392] ? __raw_spin_lock_init+0x45/0x100 [ 258.415966][ T7392] ? __init_swait_queue_head+0xa9/0x150 [pid 7395] munmap(0x7fb469000000, 138412032 [pid 7392] <... mount resumed>) = -1 EEXIST (File exists) [pid 7392] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7392] ioctl(3, LOOP_CLR_FD) = 0 [pid 7392] close(3) = 0 [pid 7392] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7390] <... futex resumed>) = 0 [pid 7390] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] openat(AT_FDCWD, ".", O_RDONLY [pid 7390] <... futex resumed>) = 0 [pid 7392] <... openat resumed>) = 3 [pid 7390] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7390] <... futex resumed>) = 0 [pid 7390] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7392] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [ 258.415992][ T7392] gfs2_sys_fs_add+0x234/0x450 [ 258.416015][ T7392] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 258.416040][ T7392] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 258.416084][ T7392] gfs2_fill_super+0x13c0/0x20d0 [ 258.416119][ T7392] ? __pfx_gfs2_fill_super+0x10/0x10 [ 258.416149][ T7392] ? sb_set_blocksize+0x104/0x180 [ 258.416180][ T7392] ? setup_bdev_super+0x4c1/0x5b0 [ 258.416210][ T7392] get_tree_bdev_flags+0x40b/0x4d0 [ 258.416240][ T7392] ? __pfx_gfs2_fill_super+0x10/0x10 [ 258.416267][ T7392] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 258.416301][ T7392] gfs2_get_tree+0x51/0x1e0 [ 258.416329][ T7392] vfs_get_tree+0x8f/0x2b0 [ 258.416358][ T7392] do_new_mount+0x2a2/0xa30 [ 258.416390][ T7392] ? ns_capable+0x8a/0xf0 [ 258.416410][ T7392] ? __pfx_do_new_mount+0x10/0x10 [ 258.416440][ T7392] ? path_mount+0x61c/0xfe0 [ 258.416468][ T7392] ? user_path_at+0x44/0x60 [ 258.416496][ T7392] __se_sys_mount+0x317/0x410 [ 258.416531][ T7392] ? __pfx___se_sys_mount+0x10/0x10 [ 258.416561][ T7392] ? rcu_is_watching+0x15/0xb0 [ 258.416584][ T7392] ? __x64_sys_mount+0x20/0xc0 [ 258.416616][ T7392] do_syscall_64+0xfa/0x3b0 [ 258.416638][ T7392] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.416659][ T7392] ? clear_bhb_loop+0x60/0xb0 [ 258.416683][ T7392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.416703][ T7392] RIP: 0033:0x7fb47156b94a [ 258.416722][ T7392] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 7390] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7390] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7392] <... ioctl resumed>) = 0 [pid 7390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7392] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... mmap resumed>) = 0x7fb4714d5000 [pid 7392] <... futex resumed>) = 0 [pid 7390] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7392] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] <... mprotect resumed>) = 0 [pid 7390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0} => {parent_tid=[7402]}, 88) = 7402 [ 258.416742][ T7392] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 258.416765][ T7392] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 258.416780][ T7392] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 258.416795][ T7392] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 258.416810][ T7392] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 258.416823][ T7392] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 258.416844][ T7392] [ 258.416867][ T7392] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 258.450478][ T31] ? gfs2_getbuf+0x5ed/0x6d0 [ 258.455297][ T7392] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 258.495299][ T7393] CPU: 0 UID: 0 PID: 7393 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 258.495336][ T7393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [pid 7390] rt_sigprocmask(SIG_SETMASK, [], [pid 7395] <... munmap resumed>) = 0 [pid 7390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7390] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7390] <... futex resumed>) = 0 [pid 7390] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7395] <... openat resumed>) = 4 [pid 7395] ioctl(4, LOOP_SET_FD, 3 [pid 7389] <... close resumed>) = 0 [ 258.495352][ T7393] Call Trace: [ 258.495362][ T7393] [ 258.495372][ T7393] dump_stack_lvl+0x189/0x250 [ 258.495408][ T7393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.495436][ T7393] ? __pfx__printk+0x10/0x10 [ 258.495466][ T7393] ? kernfs_root+0x1c/0x230 [ 258.495496][ T7393] ? kernfs_path_from_node+0x250/0x290 [ 258.495520][ T7393] ? kernfs_path_from_node+0x2f/0x290 [ 258.495547][ T7393] sysfs_create_dir_ns+0x259/0x280 [ 258.495573][ T7393] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 258.495599][ T7393] ? do_raw_spin_unlock+0x122/0x240 [ 258.495631][ T7393] kobject_add_internal+0x59f/0xb40 [ 258.495664][ T7393] kobject_init_and_add+0x125/0x190 [ 258.495693][ T7393] ? __pfx_kobject_init_and_add+0x10/0x10 [ 258.495720][ T7393] ? __raw_spin_lock_init+0x45/0x100 [ 258.495748][ T7393] ? __init_swait_queue_head+0xa9/0x150 [ 258.495777][ T7393] gfs2_sys_fs_add+0x234/0x450 [ 258.495801][ T7393] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 258.495828][ T7393] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 258.495865][ T7393] gfs2_fill_super+0x13c0/0x20d0 [ 258.495904][ T7393] ? __pfx_gfs2_fill_super+0x10/0x10 [ 258.495937][ T7393] ? sb_set_blocksize+0x104/0x180 [ 258.495970][ T7393] ? setup_bdev_super+0x4c1/0x5b0 [ 258.496003][ T7393] get_tree_bdev_flags+0x40b/0x4d0 [ 258.496036][ T7393] ? __pfx_gfs2_fill_super+0x10/0x10 [ 258.496074][ T7393] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 258.496112][ T7393] gfs2_get_tree+0x51/0x1e0 [ 258.496143][ T7393] vfs_get_tree+0x8f/0x2b0 [ 258.496175][ T7393] do_new_mount+0x2a2/0xa30 [ 258.496211][ T7393] ? ns_capable+0x8a/0xf0 ./strace-static-x86_64: Process 7402 attached [pid 7390] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7389] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7392] <... futex resumed>) = 0 [pid 7392] write(-1, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 7392] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7392] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7395] <... ioctl resumed>) = 0 [pid 7395] close(3) = 0 [pid 7395] close(4) = 0 [pid 7395] mkdir("./file0", 0777) = 0 [pid 7395] mount("/dev/loop0", "./file0", "gfs2", MS_NODEV|MS_DIRSYNC, "nobarrier,norgrplvb,norgrplvb,acl,loccookie,noacl,statfs_percent=0x0000000000000004,upgrade," [pid 7389] <... futex resumed>) = 1 [pid 7389] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7402] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053) = 0 [pid 7402] set_robust_list(0x7fb4714f59a0, 24) = 0 [pid 7402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7402] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 7402] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7402] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] exit_group(0 [pid 7392] <... futex resumed>) = ? [pid 7390] <... exit_group resumed>) = ? [pid 7392] +++ exited with 0 +++ [pid 7402] <... futex resumed>) = ? [pid 7402] +++ exited with 0 +++ [pid 7390] +++ exited with 0 +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7390, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=30 /* 0.30 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5870] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("./77/file0") = 0 [pid 5870] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./77/binderfs") = 0 [pid 5870] umount2("./77/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./77/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./77/cpuset.effective_mems") = 0 [pid 5870] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./77") = 0 [pid 5870] mkdir("./78", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558d547750) = 7404 [ 258.496233][ T7393] ? __pfx_do_new_mount+0x10/0x10 [ 258.496264][ T7393] ? path_mount+0x61c/0xfe0 [ 258.496295][ T7393] ? user_path_at+0x44/0x60 [ 258.496326][ T7393] __se_sys_mount+0x317/0x410 [ 258.496363][ T7393] ? __pfx___se_sys_mount+0x10/0x10 [ 258.496397][ T7393] ? rcu_is_watching+0x15/0xb0 [ 258.496424][ T7393] ? __x64_sys_mount+0x20/0xc0 [ 258.496458][ T7393] do_syscall_64+0xfa/0x3b0 [ 258.496484][ T7393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.496508][ T7393] ? clear_bhb_loop+0x60/0xb0 [pid 7388] <... futex resumed>) = 0 [pid 7393] <... mount resumed>) = -1 EEXIST (File exists) [pid 7388] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7389] <... futex resumed>) = 0 [pid 7389] openat(AT_FDCWD, ".", O_RDONLY) = 3 [pid 7389] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7388] <... futex resumed>) = 1 [pid 7388] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7388] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7389] <... futex resumed>) = 0 [pid 7389] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7388] <... futex resumed>) = 1 [ 258.496533][ T7393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.496556][ T7393] RIP: 0033:0x7fb47156b94a [ 258.496576][ T7393] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 258.496594][ T7393] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 258.496615][ T7393] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [pid 7388] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7393] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 7404 attached [pid 7404] set_robust_list(0x55558d547760, 24 [pid 7393] <... openat resumed>) = 3 [pid 7388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7404] <... set_robust_list resumed>) = 0 [pid 7393] ioctl(3, LOOP_CLR_FD [ 258.496631][ T7393] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 258.496649][ T7393] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 258.496665][ T7393] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 258.496683][ T7393] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 258.496708][ T7393] [ 258.496735][ T7393] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 258.504877][ T31] gfs2_meta_read+0x25a/0x980 [pid 7388] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] chdir("./78" [pid 7395] <... mount resumed>) = -1 EEXIST (File exists) [pid 7393] <... ioctl resumed>) = 0 [pid 7389] <... ioctl resumed>) = 0 [pid 7388] <... futex resumed>) = 0 [pid 7404] <... chdir resumed>) = 0 [pid 7395] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7393] close(3 [pid 7389] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7404] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7395] <... openat resumed>) = 3 [pid 7389] <... futex resumed>) = 0 [pid 7388] <... mmap resumed>) = 0x7fb4714d5000 [pid 7404] <... prctl resumed>) = 0 [pid 7389] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7388] mprotect(0x7fb4714d6000, 131072, PROT_READ|PROT_WRITE [pid 7404] setpgid(0, 0 [pid 7388] <... mprotect resumed>) = 0 [pid 7404] <... setpgid resumed>) = 0 [pid 7388] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7388] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7404] <... openat resumed>) = 3 [pid 7388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb4714f5990, parent_tid=0x7fb4714f5990, exit_signal=0, stack=0x7fb4714d5000, stack_size=0x20240, tls=0x7fb4714f56c0}./strace-static-x86_64: Process 7406 attached [pid 7404] write(3, "1000", 4) = 4 [pid 7388] <... clone3 resumed> => {parent_tid=[7406]}, 88) = 7406 [pid 7406] rseq(0x7fb4714f5fe0, 0x20, 0, 0x53053053 [pid 7404] close(3 [pid 7395] ioctl(3, LOOP_CLR_FD [pid 7388] rt_sigprocmask(SIG_SETMASK, [], [pid 7406] <... rseq resumed>) = 0 [pid 7404] <... close resumed>) = 0 [pid 7395] <... ioctl resumed>) = 0 [pid 7388] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 258.547714][ T7393] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 258.635387][ T31] ? __pfx_gfs2_meta_read+0x10/0x10 [ 258.767838][ T7395] loop0: detected capacity change from 0 to 32768 [ 258.826805][ T31] ? __pfx_find_get_entries+0x10/0x10 [ 258.983483][ T7395] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz' [ 258.999810][ T31] gfs2_meta_buffer+0x10f/0x2e0 [ 259.030882][ T7395] CPU: 0 UID: 0 PID: 7395 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [pid 7406] set_robust_list(0x7fb4714f59a0, 24executing program [pid 7404] symlink("/dev/binderfs", "./binderfs" [pid 7395] close(3 [pid 7388] futex(0x7fb47160a6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] <... set_robust_list resumed>) = 0 [pid 7404] <... symlink resumed>) = 0 [pid 7388] <... futex resumed>) = 0 [pid 7406] rt_sigprocmask(SIG_SETMASK, [], [pid 7404] write(1, "executing program\n", 18 [pid 7388] futex(0x7fb47160a6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7404] <... write resumed>) = 18 [pid 7406] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7404] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] <... openat resumed>) = 4 [pid 7404] <... futex resumed>) = 0 [pid 7406] futex(0x7fb47160a6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, [pid 7406] <... futex resumed>) = 1 [pid 7404] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7388] <... futex resumed>) = 0 [pid 7406] futex(0x7fb47160a6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7388] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7389] <... futex resumed>) = 0 [pid 7388] <... futex resumed>) = 1 [pid 7404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7389] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7404] <... mmap resumed>) = 0x7fb4714f6000 [pid 7388] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7404] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 259.030912][ T7395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 259.030925][ T7395] Call Trace: [ 259.030933][ T7395] [ 259.030941][ T7395] dump_stack_lvl+0x189/0x250 [ 259.030973][ T7395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.030996][ T7395] ? __pfx__printk+0x10/0x10 [ 259.031022][ T7395] ? kernfs_root+0x1c/0x230 [ 259.031045][ T7395] ? kernfs_path_from_node+0x250/0x290 [ 259.031066][ T7395] ? kernfs_path_from_node+0x2f/0x290 [pid 7404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7407]}, 88) = 7407 [pid 7404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7404] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 259.031089][ T7395] sysfs_create_dir_ns+0x259/0x280 [ 259.031113][ T7395] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 259.031137][ T7395] ? do_raw_spin_unlock+0x122/0x240 [ 259.031170][ T7395] kobject_add_internal+0x59f/0xb40 [ 259.031203][ T7395] kobject_init_and_add+0x125/0x190 [ 259.031232][ T7395] ? __pfx_kobject_init_and_add+0x10/0x10 [ 259.031259][ T7395] ? __raw_spin_lock_init+0x45/0x100 [ 259.031287][ T7395] ? __init_swait_queue_head+0xa9/0x150 [ 259.031318][ T7395] gfs2_sys_fs_add+0x234/0x450 [pid 7404] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 259.031372][ T7395] ? __pfx_gfs2_sys_fs_add+0x10/0x10 [ 259.031399][ T7395] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 259.031438][ T7395] gfs2_fill_super+0x13c0/0x20d0 [ 259.031477][ T7395] ? __pfx_gfs2_fill_super+0x10/0x10 [ 259.031510][ T7395] ? sb_set_blocksize+0x104/0x180 [ 259.031546][ T7395] ? setup_bdev_super+0x4c1/0x5b0 [ 259.031580][ T7395] get_tree_bdev_flags+0x40b/0x4d0 [ 259.031612][ T7395] ? __pfx_gfs2_fill_super+0x10/0x10 [ 259.031644][ T7395] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 259.031681][ T7395] gfs2_get_tree+0x51/0x1e0 [ 259.031713][ T7395] vfs_get_tree+0x8f/0x2b0 [ 259.031745][ T7395] do_new_mount+0x2a2/0xa30 [ 259.031781][ T7395] ? ns_capable+0x8a/0xf0 [ 259.031805][ T7395] ? __pfx_do_new_mount+0x10/0x10 [ 259.031838][ T7395] ? path_mount+0x61c/0xfe0 [ 259.031869][ T7395] ? user_path_at+0x44/0x60 [ 259.031901][ T7395] __se_sys_mount+0x317/0x410 [ 259.031939][ T7395] ? __pfx___se_sys_mount+0x10/0x10 [ 259.031973][ T7395] ? rcu_is_watching+0x15/0xb0 [ 259.031998][ T7395] ? __x64_sys_mount+0x20/0xc0 [ 259.032034][ T7395] do_syscall_64+0xfa/0x3b0 ./strace-static-x86_64: Process 7407 attached [pid 7407] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053) = 0 [pid 7407] set_robust_list(0x7fb4715169a0, 24) = 0 [pid 7407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7407] memfd_create("syzkaller", 0) = 3 [pid 7407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 259.032059][ T7395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.032081][ T7395] ? clear_bhb_loop+0x60/0xb0 [ 259.032107][ T7395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.032131][ T7395] RIP: 0033:0x7fb47156b94a [ 259.032151][ T7395] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 259.032172][ T7395] RSP: 002b:00007fb471515fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 259.032198][ T7395] RAX: ffffffffffffffda RBX: 00007fb471515ff0 RCX: 00007fb47156b94a [ 259.032216][ T7395] RDX: 000020000001f680 RSI: 0000200000000040 RDI: 00007fb471515ff0 [ 259.032234][ T7395] RBP: 000020000001f680 R08: 00007fb471516030 R09: 00007fb471516030 [ 259.032252][ T7395] R10: 0000000000000084 R11: 0000000000000246 R12: 0000200000000040 [ 259.032268][ T7395] R13: 00007fb471516030 R14: 0000000000000003 R15: 0000000000000084 [ 259.032293][ T7395] [pid 7388] exit_group(0) = ? [pid 7406] <... futex resumed>) = ? [pid 7406] +++ exited with 0 +++ [pid 7389] <... write resumed>) = ? [pid 7389] +++ exited with 0 +++ [pid 7388] +++ exited with 0 +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7388, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=68 /* 0.68 s */} --- [pid 5869] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5869] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [ 259.032318][ T7395] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory. [ 259.040158][ T31] punch_hole+0x802/0x2ca0 [ 259.052384][ T7395] gfs2: fsid=syz:syz: error -17 adding sysfs files [ 259.065516][ T31] ? schedule+0x91/0x360 [pid 5869] close(4) = 0 [pid 5869] rmdir("./76/file0") = 0 [pid 5869] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./76/binderfs") = 0 [pid 5869] umount2("./76/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./76/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=3768256, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./76/cpuset.effective_mems" [pid 7395] <... close resumed>) = 0 [pid 7393] <... close resumed>) = 0 [pid 7395] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... futex resumed>) = 1 [pid 7394] <... futex resumed>) = 0 [pid 7395] openat(AT_FDCWD, ".", O_RDONLY [pid 7394] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... openat resumed>) = 3 [pid 7394] <... futex resumed>) = 0 [pid 7395] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7395] <... futex resumed>) = 0 [pid 7394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7395] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7394] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7393] <... futex resumed>) = 1 [pid 7391] <... futex resumed>) = 0 [pid 7393] futex(0x7fb47160a6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7391] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7391] <... futex resumed>) = 0 [pid 7395] <... ioctl resumed>) = 0 [pid 7393] openat(AT_FDCWD, ".", O_RDONLY [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7395] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7394] <... futex resumed>) = 0 [pid 7394] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7395] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7395] <... openat resumed>) = 4 [pid 7395] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7394] <... futex resumed>) = 0 [pid 7394] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] <... openat resumed>) = 3 [pid 7394] <... futex resumed>) = 0 [pid 7393] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7394] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 259.502433][ T31] ? __pfx_punch_hole+0x10/0x10 [ 259.507432][ T31] ? lockref_put_or_lock+0x71/0xc0 [ 259.512588][ T31] ? truncate_pagecache_range+0x87/0xb0 [ 259.518271][ T31] gfs2_iomap_end+0x4f8/0x6c0 [ 259.524038][ T31] iomap_iter+0x313/0xde0 [ 259.529315][ T31] ? __pfx_gfs2_iomap_end+0x10/0x10 [ 259.535250][ T31] iomap_file_buffered_write+0x7fa/0x9b0 [ 259.540942][ T31] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 259.547638][ T31] ? inode_dio_wait+0x19e/0x240 [pid 7395] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7393] <... futex resumed>) = 1 [pid 7391] <... futex resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 7391] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7393] ioctl(3, FS_IOC_SETFLAGS, [FS_JOURNAL_DATA_FL] [pid 7391] <... futex resumed>) = 0 [pid 5869] rmdir("./76") = 0 [pid 5869] mkdir("./77", 0777) = 0 [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5869] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7393] <... ioctl resumed>) = 0 [ 259.552882][ T31] ? inode_go_held+0xf8/0x200 [ 259.558285][ T31] ? gfs2_glock_wait+0x20f/0x2a0 [ 259.564590][ T31] gfs2_file_buffered_write+0x4ed/0x880 [ 259.570950][ T31] ? gfs2_file_write_iter+0x94e/0x1100 [ 259.585158][ T31] gfs2_file_write_iter+0x94e/0x1100 [ 259.590530][ T31] ? vfs_write+0x211/0xb30 [pid 7394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7393] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7408 attached ) = 1 [pid 7391] <... futex resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55558d547750) = 7408 [pid 7391] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7408] set_robust_list(0x55558d547760, 24 [pid 7391] <... futex resumed>) = 0 [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... set_robust_list resumed>) = 0 [pid 7393] <... openat resumed>) = 4 [pid 7408] chdir("./77") = 0 [pid 7393] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7391] <... futex resumed>) = 0 [pid 7408] <... prctl resumed>) = 0 [pid 7393] <... futex resumed>) = 1 [pid 7391] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] setpgid(0, 0 [pid 7393] write(4, "\x23\x21\x20\x0a\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 7391] <... futex resumed>) = 0 [pid 7408] <... setpgid resumed>) = 0 [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 259.594980][ T31] ? __pfx_gfs2_file_write_iter+0x10/0x10 [pid 7408] write(3, "1000", 4) = 4 [pid 7408] close(3) = 0 [pid 7408] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7408] write(1, "executing program\n", 18) = 18 [pid 7408] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7408] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7408] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0}./strace-static-x86_64: Process 7409 attached => {parent_tid=[7409]}, 88) = 7409 [pid 7409] rseq(0x7fb471516fe0, 0x20, 0, 0x53053053 [pid 7408] rt_sigprocmask(SIG_SETMASK, [], [pid 7409] <... rseq resumed>) = 0 [pid 7408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7409] set_robust_list(0x7fb4715169a0, 24 [pid 7408] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7409] <... set_robust_list resumed>) = 0 [pid 7408] <... futex resumed>) = 0 [pid 7409] rt_sigprocmask(SIG_SETMASK, [], [pid 7408] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7391] futex(0x7fb47160a6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7409] memfd_create("syzkaller", 0) = 3 [ 259.645195][ T31] ? gfs2_file_write_iter+0x94e/0x1100 [ 259.650924][ T31] ? security_file_permission+0x75/0x290 [ 259.665243][ T31] vfs_write+0x5c9/0xb30 [ 259.676439][ T31] ? __pfx_gfs2_file_write_iter+0x10/0x10 [pid 7409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb469000000 [ 259.693220][ T31] ? __pfx_vfs_write+0x10/0x10 [ 259.701589][ T31] ? __fget_files+0x2a/0x420 [ 259.712783][ T31] ksys_write+0x145/0x250 [ 259.722883][ T31] ? __pfx_ksys_write+0x10/0x10 [ 259.735336][ T31] ? rcu_is_watching+0x15/0xb0 [ 259.746771][ T31] do_syscall_64+0xfa/0x3b0 [ 259.757841][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.772356][ T31] ? clear_bhb_loop+0x60/0xb0 [ 259.785192][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.797540][ T31] RIP: 0033:0x7fb47156a4f9 [ 259.808883][ T31] RSP: 002b:00007fb471516168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 259.826705][ T31] RAX: ffffffffffffffda RBX: 00007fb47160a6c8 RCX: 00007fb47156a4f9 [pid 7394] exit_group(0) = ? [pid 7395] <... write resumed>) = ? [pid 7407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 7395] +++ exited with 0 +++ [pid 7394] +++ exited with 0 +++ [pid 5867] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7394, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=61 /* 0.61 s */} --- [ 259.845475][ T31] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000005 [ 259.863839][ T31] RBP: 00007fb47160a6c0 R08: 00007fb4715166c0 R09: 0000000000000000 [ 259.877241][ T31] R10: 00007fb4715166c0 R11: 0000000000000246 R12: 00007fb47160a6cc [ 259.885670][ T31] R13: 0000000000000006 R14: 00007ffe95b7cf90 R15: 00007ffe95b7d078 [pid 5867] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5867] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5867] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 5 entries */, 32768) = 160 [pid 5867] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5867] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] getdents64(4, 0x55558d550830 /* 2 entries */, 32768) = 48 [pid 5867] getdents64(4, 0x55558d550830 /* 0 entries */, 32768) = 0 [pid 5867] close(4) = 0 [pid 5867] rmdir("./79/file0") = 0 [pid 5867] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] unlink("./79/binderfs") = 0 [pid 5867] umount2("./79/cpuset.effective_mems", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5867] newfstatat(AT_FDCWD, "./79/cpuset.effective_mems", {st_mode=S_IFREG|000, st_size=7491584, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 259.901209][ T31] [ 259.904641][ T31] INFO: lockdep is turned off. [ 259.975174][ T31] NMI backtrace for cpu 0 [ 259.975198][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 259.975224][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 259.975237][ T31] Call Trace: [ 259.975245][ T31] [ 259.975254][ T31] dump_stack_lvl+0x189/0x250 [ 259.975287][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.975312][ T31] ? __pfx__printk+0x10/0x10 [ 259.975345][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 259.975373][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 259.975401][ T31] ? __pfx__printk+0x10/0x10 [ 259.975430][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 259.975464][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 259.975494][ T31] watchdog+0xf60/0xfa0 [ 259.975524][ T31] ? watchdog+0x1e2/0xfa0 [ 259.975554][ T31] kthread+0x711/0x8a0 [ 259.975581][ T31] ? __pfx_watchdog+0x10/0x10 [ 259.975608][ T31] ? __pfx_kthread+0x10/0x10 [pid 5867] unlink("./79/cpuset.effective_mems" [pid 7391] exit_group(0) = ? [pid 5867] <... unlink resumed>) = 0 [pid 5867] getdents64(3, 0x55558d5487f0 /* 0 entries */, 32768) = 0 [pid 5867] close(3) = 0 [pid 5867] rmdir("./79") = 0 [pid 5867] mkdir("./80", 0777) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5867] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5867] close(3) = 0 [pid 5867] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7410 attached , child_tidptr=0x55558d547750) = 7410 [pid 7410] set_robust_list(0x55558d547760, 24) = 0 [pid 7410] chdir("./80") = 0 [pid 7410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7410] setpgid(0, 0) = 0 [pid 7410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7410] write(3, "1000", 4) = 4 [pid 7410] close(3) = 0 [pid 7410] symlink("/dev/binderfs", "./binderfs") = 0 [ 259.975633][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 259.975663][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.975680][ T31] ? __pfx_kthread+0x10/0x10 [ 259.975705][ T31] ret_from_fork+0x3f9/0x770 [ 259.975726][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 259.975750][ T31] ? __switch_to_asm+0x39/0x70 [ 259.975774][ T31] ? __switch_to_asm+0x33/0x70 [ 259.975800][ T31] ? __pfx_kthread+0x10/0x10 [ 259.975824][ T31] ret_from_fork_asm+0x1a/0x30 [ 259.975858][ T31] [ 259.975869][ T31] Sending NMI from CPU 0 to CPUs 1: [pid 7393] <... write resumed>) = ? [pid 7410] write(1, "executing program\n", 18executing program ) = 18 [pid 7410] futex(0x7fb47160a6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] rt_sigaction(SIGRT_1, {sa_handler=0x7fb471591af0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb4715321d0}, NULL, 8) = 0 [pid 7410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fb4714f6000 [pid 7410] mprotect(0x7fb4714f7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fb471516990, parent_tid=0x7fb471516990, exit_signal=0, stack=0x7fb4714f6000, stack_size=0x20240, tls=0x7fb4715166c0} => {parent_tid=[7411]}, 88) = 7411 [pid 7410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7410] futex(0x7fb47160a6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 260.123680][ C1] NMI backtrace for cpu 1 [ 260.123698][ C1] CPU: 1 UID: 0 PID: 5868 Comm: syz-executor878 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 260.123721][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 260.123733][ C1] RIP: 0010:__se_sys_clock_nanosleep+0x2f1/0x380 [ 260.123767][ C1] Code: df 41 80 3c 07 00 49 89 c7 74 08 4c 89 ef e8 66 3a 73 00 4d 8b 5d 00 44 89 f7 48 8b 74 24 08 48 8d 54 24 40 41 ff d3 0f 1f 00 <48> 98 eb 1d e8 56 bc 0f 00 eb 05 e8 4f bc 0f 00 48 c7 c0 ea ff ff [ 260.123783][ C1] RSP: 0018:ffffc90003d87e20 EFLAGS: 00000246 [ 260.123799][ C1] RAX: 0000000000000000 RBX: ffff888032e95fb8 RCX: 4287d3a08c5ae100 [ 260.123812][ C1] RDX: 0000000000000000 RSI: ffffffff8be34be0 RDI: ffffffff84d25ae3 [ 260.123825][ C1] RBP: ffffc90003d87ee0 R08: ffffffff8fa3b137 R09: 1ffffffff1f47626 [ 260.123839][ C1] R10: dffffc0000000000 R11: fffffbfff1f47627 R12: 0000000000000000 [ 260.123852][ C1] R13: ffffffff8b8d2870 R14: 0000000000000000 R15: dffffc0000000000 [ 260.123865][ C1] FS: 000055558d547480(0000) GS:ffff888125d0f000(0000) knlGS:0000000000000000 [ 260.123881][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 260.123894][ C1] CR2: 00007fb469b83000 CR3: 0000000033114000 CR4: 00000000003526f0 [ 260.123925][ C1] Call Trace: [ 260.123933][ C1] [ 260.123944][ C1] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 260.123971][ C1] ? rcu_is_watching+0x15/0xb0 [ 260.123993][ C1] do_syscall_64+0xfa/0x3b0 [ 260.124013][ C1] ? rcu_is_watching+0x15/0xb0 [ 260.124029][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.124046][ C1] ? clear_bhb_loop+0x60/0xb0 [ 260.124066][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.124083][ C1] RIP: 0033:0x7fb4715976f3 [ 260.124098][ C1] Code: 00 00 00 00 0f 1f 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d ae 19 07 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 260.124113][ C1] RSP: 002b:00007ffe95b7d118 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 260.124130][ C1] RAX: ffffffffffffffda RBX: 000000000003ece8 RCX: 00007fb4715976f3 [ 260.124143][ C1] RDX: 00007ffe95b7d130 RSI: 0000000000000000 RDI: 0000000000000000 [ 260.124154][ C1] RBP: 0000000000001cdf R08: 00000000046c6b1b R09: 7fffffffffffffff [ 260.124168][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe95b7d200 [ 260.124180][ C1] R13: 0000000000000050 R14: 431bde82d7b634db R15: 00007ffe95b7d184 [ 260.124200][ C1] [ 260.124778][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 260.371524][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) [ 260.382813][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 260.392892][ T31] Call Trace: [ 260.396181][ T31] [ 260.399131][ T31] dump_stack_lvl+0x99/0x250 [ 260.403736][ T31] ? __asan_memcpy+0x40/0x70 [ 260.408338][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.413543][ T31] ? __pfx__printk+0x10/0x10 [ 260.418165][ T31] vpanic+0x281/0x750 [ 260.422242][ T31] ? __pfx_vpanic+0x10/0x10 [ 260.426750][ T31] ? preempt_schedule+0xae/0xc0 [ 260.431615][ T31] ? preempt_schedule_common+0x83/0xd0 [ 260.437107][ T31] panic+0xb9/0xc0 [ 260.440846][ T31] ? __pfx_panic+0x10/0x10 [ 260.445270][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 260.450647][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 260.456899][ T31] watchdog+0xf9f/0xfa0 [ 260.461071][ T31] ? watchdog+0x1e2/0xfa0 [ 260.465414][ T31] kthread+0x711/0x8a0 [ 260.469498][ T31] ? __pfx_watchdog+0x10/0x10 [ 260.474186][ T31] ? __pfx_kthread+0x10/0x10 [ 260.478785][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 260.484000][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 260.489200][ T31] ? __pfx_kthread+0x10/0x10 [ 260.493801][ T31] ret_from_fork+0x3f9/0x770 [ 260.498398][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 260.503539][ T31] ? __switch_to_asm+0x39/0x70 [ 260.508318][ T31] ? __switch_to_asm+0x33/0x70 [ 260.513089][ T31] ? __pfx_kthread+0x10/0x10 [ 260.517694][ T31] ret_from_fork_asm+0x1a/0x30 [ 260.522493][ T31] [ 260.525895][ T31] Kernel Offset: disabled [ 260.530238][ T31] Rebooting in 86400 seconds..