./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor832643843 <...> Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. execve("./syz-executor832643843", ["./syz-executor832643843"], 0x7ffc4b7090f0 /* 10 vars */) = 0 brk(NULL) = 0x55557c156000 brk(0x55557c156d00) = 0x55557c156d00 arch_prctl(ARCH_SET_FS, 0x55557c156380) = 0 set_tid_address(0x55557c156650) = 5211 set_robust_list(0x55557c156660, 24) = 0 rseq(0x55557c156ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor832643843", 4096) = 27 getrandom("\xa2\x2e\xb0\x8d\x29\x10\xd0\x06", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c156d00 brk(0x55557c177d00) = 0x55557c177d00 brk(0x55557c178000) = 0x55557c178000 mprotect(0x7f2499a8e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.03GIwY", 0700) = 0 chmod("./syzkaller.03GIwY", 0777) = 0 chdir("./syzkaller.03GIwY") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x55557c156660, 24 [pid 5211] <... clone resumed>, child_tidptr=0x55557c156650) = 5213 [pid 5213] <... set_robust_list resumed>) = 0 [pid 5213] chdir("./0") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] write(1, "executing program\n", 18executing program ) = 18 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2491400000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5213] munmap(0x7f2491400000, 138412032) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file0", 0777) = 0 [ 60.756577][ T5213] loop0: detected capacity change from 0 to 40427 [pid 5213] mount("/dev/loop0", "./file0", "f2fs", 0, "nodiscard,background_gc=sync,acl,alloc_mode=reuse,errors=continue,disable_roll_forward,background_gc"...) = 0 [pid 5213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file0") = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5213] openat(AT_FDCWD, "memory.numa_stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 60.803534][ T5213] F2FS-fs (loop0): invalid crc value [ 60.811994][ T5213] F2FS-fs (loop0): Found nat_bits in checkpoint [ 60.843017][ T5213] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5213] ioctl(4, F2FS_IOC_SHUTDOWN, 0x20000080) = 0 [pid 5213] exit_group(0) = ? [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557c1576f0 /* 4 entries */, 32768) = 112 [ 60.912205][ T82] kworker/u8:5: attempt to access beyond end of device [ 60.912205][ T82] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 60.927437][ T82] F2FS-fs (loop0): Remounting filesystem read-only [ 60.936020][ T82] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 60.948118][ T5213] F2FS-fs (loop0): Stopped filesystem due to reason: 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557c15f730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557c15f730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55557c1576f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 61.091277][ T58] ------------[ cut here ]------------ [ 61.097107][ T58] WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 [ 61.106027][ T58] Modules linked in: [ 61.110014][ T58] CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 61.120309][ T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 61.130437][ T58] Workqueue: events destroy_super_work [ 61.136122][ T58] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 61.141508][ T58] Code: 74 19 e8 86 d5 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 41 83 3f 00 75 1d 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 89 90 0f 0b 90 eb dd 44 89 [ 61.161426][ T58] RSP: 0018:ffffc9000133fb30 EFLAGS: 00010246 [ 61.167521][ T58] RAX: 0000000000000002 RBX: 1ffff11005324477 RCX: ffff8880163f5a00 [ 61.175645][ T58] RDX: 0000000000000000 RSI: ffffffff8c3f9540 RDI: ffff888029922350 [ 61.183707][ T58] RBP: 0000000000000167 R08: ffffffff82092061 R09: 1ffffffff1cbbbd4 [ 61.191775][ T58] R10: dffffc0000000000 R11: fffffbfff1cbbbd5 R12: dffffc0000000000 [ 61.199791][ T58] R13: 1ffff1100532446a R14: ffff888029922350 R15: ffff888029922350 [ 61.207868][ T58] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 61.216927][ T58] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.223569][ T58] CR2: 000055557c167738 CR3: 000000007ada8000 CR4: 00000000003506f0 [ 61.231609][ T58] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.239699][ T58] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.247787][ T58] Call Trace: [ 61.251195][ T58] [ 61.254158][ T58] ? __warn+0x163/0x4e0 [ 61.258383][ T58] ? rcu_sync_dtor+0xcd/0x180 [ 61.263157][ T58] ? report_bug+0x2b3/0x500 [ 61.267694][ T58] ? rcu_sync_dtor+0xcd/0x180 [ 61.272492][ T58] ? handle_bug+0x3e/0x70 [ 61.276854][ T58] ? exc_invalid_op+0x1a/0x50 [ 61.281639][ T58] ? asm_exc_invalid_op+0x1a/0x20 [ 61.286696][ T58] ? destroy_super_work+0xb1/0x130 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c156650) = 5217 ./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x55557c156660, 24) = 0 [pid 5217] chdir("./1") = 0 [ 61.291891][ T58] ? rcu_sync_dtor+0xcd/0x180 [ 61.296583][ T58] percpu_free_rwsem+0x41/0x80 [ 61.301403][ T58] destroy_super_work+0xec/0x130 [ 61.306368][ T58] ? process_scheduled_works+0x945/0x1830 [ 61.312166][ T58] process_scheduled_works+0xa2c/0x1830 [ 61.317743][ T58] ? __pfx_process_scheduled_works+0x10/0x10 [ 61.323816][ T58] ? assign_work+0x364/0x3d0 [ 61.328491][ T58] worker_thread+0x86d/0xd40 [ 61.333153][ T58] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] write(1, "executing program\n", 18executing program ) = 18 [ 61.339068][ T58] ? __kthread_parkme+0x169/0x1d0 [ 61.344187][ T58] ? __pfx_worker_thread+0x10/0x10 [ 61.349417][ T58] kthread+0x2f0/0x390 [ 61.353534][ T58] ? __pfx_worker_thread+0x10/0x10 [ 61.358672][ T58] ? __pfx_kthread+0x10/0x10 [ 61.363339][ T58] ret_from_fork+0x4b/0x80 [ 61.367797][ T58] ? __pfx_kthread+0x10/0x10 [ 61.372464][ T58] ret_from_fork_asm+0x1a/0x30 [ 61.377275][ T58] [ 61.380378][ T58] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 61.387664][ T58] CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 61.397981][ T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 61.408027][ T58] Workqueue: events destroy_super_work [ 61.413489][ T58] Call Trace: [ 61.416760][ T58] [ 61.419683][ T58] dump_stack_lvl+0x241/0x360 [ 61.424360][ T58] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.429638][ T58] ? __pfx__printk+0x10/0x10 [ 61.434217][ T58] ? _printk+0xd5/0x120 [ 61.438370][ T58] ? vscnprintf+0x5d/0x90 [ 61.442700][ T58] panic+0x349/0x860 [ 61.446589][ T58] ? __warn+0x172/0x4e0 [ 61.450750][ T58] ? __pfx_panic+0x10/0x10 [ 61.455154][ T58] ? show_trace_log_lvl+0x4e6/0x520 [ 61.460357][ T58] ? ret_from_fork_asm+0x1a/0x30 [ 61.465468][ T58] __warn+0x346/0x4e0 [ 61.469440][ T58] ? rcu_sync_dtor+0xcd/0x180 [ 61.474112][ T58] report_bug+0x2b3/0x500 [ 61.478434][ T58] ? rcu_sync_dtor+0xcd/0x180 [ 61.483110][ T58] handle_bug+0x3e/0x70 [ 61.487258][ T58] exc_invalid_op+0x1a/0x50 [ 61.491858][ T58] asm_exc_invalid_op+0x1a/0x20 [ 61.496791][ T58] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 61.502070][ T58] Code: 74 19 e8 86 d5 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 41 83 3f 00 75 1d 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 89 90 0f 0b 90 eb dd 44 89 [ 61.521666][ T58] RSP: 0018:ffffc9000133fb30 EFLAGS: 00010246 [ 61.527743][ T58] RAX: 0000000000000002 RBX: 1ffff11005324477 RCX: ffff8880163f5a00 [ 61.535767][ T58] RDX: 0000000000000000 RSI: ffffffff8c3f9540 RDI: ffff888029922350 [ 61.543752][ T58] RBP: 0000000000000167 R08: ffffffff82092061 R09: 1ffffffff1cbbbd4 [ 61.551726][ T58] R10: dffffc0000000000 R11: fffffbfff1cbbbd5 R12: dffffc0000000000 [ 61.559724][ T58] R13: 1ffff1100532446a R14: ffff888029922350 R15: ffff888029922350 [ 61.567725][ T58] ? destroy_super_work+0xb1/0x130 [ 61.572854][ T58] percpu_free_rwsem+0x41/0x80 [ 61.577623][ T58] destroy_super_work+0xec/0x130 [ 61.582577][ T58] ? process_scheduled_works+0x945/0x1830 [ 61.588304][ T58] process_scheduled_works+0xa2c/0x1830 [ 61.593886][ T58] ? __pfx_process_scheduled_works+0x10/0x10 [ 61.599871][ T58] ? assign_work+0x364/0x3d0 [ 61.604458][ T58] worker_thread+0x86d/0xd40 [ 61.609049][ T58] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 61.614943][ T58] ? __kthread_parkme+0x169/0x1d0 [ 61.619965][ T58] ? __pfx_worker_thread+0x10/0x10 [ 61.625094][ T58] kthread+0x2f0/0x390 [ 61.629182][ T58] ? __pfx_worker_thread+0x10/0x10 [ 61.634399][ T58] ? __pfx_kthread+0x10/0x10 [ 61.639011][ T58] ret_from_fork+0x4b/0x80 [ 61.643445][ T58] ? __pfx_kthread+0x10/0x10 [ 61.648037][ T58] ret_from_fork_asm+0x1a/0x30 [ 61.652809][ T58] [ 61.656049][ T58] Kernel Offset: disabled [ 61.660396][ T58] Rebooting in 86400 seconds..