./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4039214339 <...> forked to background, child pid 3183 no interfaces have a carrier [ 21.917018][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.926013][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. execve("./syz-executor4039214339", ["./syz-executor4039214339"], 0x7ffc6584ae90 /* 10 vars */) = 0 brk(NULL) = 0x555556134000 brk(0x555556134d40) = 0x555556134d40 arch_prctl(ARCH_SET_FS, 0x555556134400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555561346d0) = 3604 set_robust_list(0x5555561346e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc27c0edb80, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc27c0ed0d0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc27c0edc20, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc27c0ed0d0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4039214339", 4096) = 28 brk(0x555556155d40) = 0x555556155d40 brk(0x555556156000) = 0x555556156000 mprotect(0x7fc27c1b0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3604 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3604", 4) = 4 close(3) = 0 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3604}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3604}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fc27c0e5250, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc27c0ed0d0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fc27c0e5250, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fc27c0ed0d0}, NULL, 8) = 0 getpid() = 3604 mkdir("./syzkaller.9Az6eH", 0700) = 0 chmod("./syzkaller.9Az6eH", 0777) = 0 chdir("./syzkaller.9Az6eH") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x5555561346d0) = 3607 [pid 3607] set_robust_list(0x5555561346e0, 24) = 0 [pid 3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setsid() = 1 [pid 3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3607] unshare(CLONE_NEWNS) = 0 [pid 3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3607] unshare(CLONE_NEWIPC) = 0 [pid 3607] unshare(CLONE_NEWCGROUP) = 0 [pid 3607] unshare(CLONE_NEWUTS) = 0 [pid 3607] unshare(CLONE_SYSVSEM) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "16777216", 8) = 8 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "536870912", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "8192", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3607] close(3) = 0 [pid 3607] getpid() = 1 [pid 3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3615] set_robust_list(0x7fc27c0d99e0, 24) = 0 [pid 3615] futex(0x7fc27c1b6488, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... clone resumed>, parent_tid=[2], tls=0x7fc27c0d9700, child_tidptr=0x7fc27c0d99d0) = 2 [pid 3607] futex(0x7fc27c1b6488, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3615] <... futex resumed>) = 0 [pid 3615] memfd_create("syzkaller", 0) = 3 [pid 3607] futex(0x7fc27c1b648c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=100000000} [pid 3615] ftruncate(3, 33077) = 0 [pid 3615] pwrite64(3, "\x60\x1c\x6d\x6b\x64\x6f\x73\x66\x90\xe6\xb1\x00\x08\x01\x01\x00\x04\x40\x00\x20\x00\xf8\x01\x00\x10\x00\x02\x00\x03\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x7d\x92\xd6\xcb\xe5\xd9\x15\x00\x7b\xf7\xd7\xef\xdf\x73\x0c\x3d\x67\xac\x38\x9a\x1c\xda\x44\x0a\x25\xe1\xc3\x0c\x10\xfc\xd6\xdc", 88, 0) = 88 [pid 3615] pwrite64(3, "\x53\x59\x5a\x4b\x41\x4c\x4c\x45\x52\x20\x20\x08\x00\x00\x07\x60\x2c\x55\x2c\x55\x00\x00\x15\x60\x2c\x55\x00\x00\x00\x00\x00\x00\x41\x66\x00\x69\x00\x6c\x00\x65\x00\x30\x80\x0f\x00\xfc\x00\x01\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xdf\xf2\xff\x46\x49\x4c\x45\x30\x20\x20\x20\x20\x20\x20\x10\x00\x7f\x15\x60\x2c\x55\x2c\x55\x00\x00\x15\x60\x2c\x55\x03\x00\x00\x00\x00\x00\x6f\x7a\x00\x69"..., 798, 10240) = 798 [pid 3615] pwrite64(3, "\x00\xba\x1f\x9d\xf7\x25\x7e\xb9\x87", 9, 16384) = 9 [pid 3615] pwrite64(3, "\xf8\xff\x07\x00\xf0\xff\x4f\xc4\xfe\x26\x80\x00\x09\xa0\x00\xc8\xa6\x00", 18, 16393) = 18 [pid 3615] pwrite64(3, "\x73\xc0\xd2\x8b\xde\xef\xe2\x35\x25\x97\x75\xdb\xad\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\x61\x6c\xec\x65\x72\x65\x72\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x6a\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\xb6\x6c\x65\x72\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x53\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\xee\x82\xc1\x1b\x5a\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x73\x79\x7a\x6b\x62\x6c\x6c\xdf\xd0\x57"..., 306, 32771) = 306 [pid 3615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3615] mkdir("./file0", 0777) = 0 [pid 3615] mount("/dev/loop0", "./file0", "vfat", MS_SYNCHRONOUS|MS_SILENT, "nfs,errors=continue,shortname=winnt,") = 0 [pid 3615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 3615] chdir("./file0") = 0 [pid 3615] ioctl(4, LOOP_CLR_FD) = 0 [pid 3615] close(4) = 0 [pid 3615] close(3) = 0 [pid 3615] futex(0x7fc27c1b648c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] <... futex resumed>) = 0 [pid 3615] mkdir("./file1", 000 [pid 3607] futex(0x7fc27c1b6488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fc27c1b648c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3615] <... mkdir resumed>) = 0 [pid 3615] futex(0x7fc27c1b648c, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7fc27c1b6488, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7fc27c1b649c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc27c098000 [pid 3607] mprotect(0x7fc27c099000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7fc27c0b82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7fc27c0b89e0, 24 [pid 3607] <... clone resumed>, parent_tid=[3], tls=0x7fc27c0b8700, child_tidptr=0x7fc27c0b89d0) = 3 [pid 3616] <... set_robust_list resumed>) = 0 [pid 3607] futex(0x7fc27c1b6498, FUTEX_WAKE_PRIVATE, 1000000 [pid 3616] rmdir("./file0/file0" [pid 3607] <... futex resumed>) = 0 [pid 3616] <... rmdir resumed>) = -1 ENOENT (No such file or directory) [pid 3607] futex(0x7fc27c1b649c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] rmdir("./file0/file0" [pid 3615] <... futex resumed>) = 1 [pid 3615] mkdir("./file1/file0", 000) = 0 [pid 3615] mkdir("./file1/file0", 000 [pid 3616] <... rmdir resumed>) = 0 [pid 3616] rmdir("./file0/file0" [pid 3615] <... mkdir resumed>) = 0 [pid 3615] mkdir("./file1/file0", 000 [pid 3616] <... rmdir resumed>) = 0 [pid 3616] rmdir("./file0/file0" [pid 3615] <... mkdir resumed>) = 0 [ 44.561164][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 44.569086][ T146] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 44.587385][ T3615] loop0: detected capacity change from 0 to 64 [pid 3615] mkdir("./file1/file0", 000 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 44.622919][ T3616] ------------[ cut here ]------------ [ 44.628484][ T3616] WARNING: CPU: 0 PID: 3616 at fs/inode.c:330 drop_nlink+0xb9/0x100 [ 44.636709][ T3616] Modules linked in: [ 44.640607][ T3616] CPU: 0 PID: 3616 Comm: syz-executor403 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 [ 44.651742][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 44.662941][ T3616] RIP: 0010:drop_nlink+0xb9/0x100 [ 44.668613][ T3616] Code: 49 8b 1e 48 8d bb c0 07 00 00 be 08 00 00 00 e8 9d f3 e9 ff f0 48 ff 83 c0 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 37 f9 95 ff <0f> 0b eb 8a 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 63 ff ff ff 4c [ 44.689423][ T3616] RSP: 0018:ffffc90003c5fc50 EFLAGS: 00010293 [ 44.695508][ T3616] RAX: ffffffff81f1d6a9 RBX: 1ffff1100e1b1031 RCX: ffff88807bbad7c0 [ 44.703878][ T3616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 44.712155][ T3616] RBP: 0000000000000000 R08: ffffffff81f1d62e R09: ffffed100e18e1c0 [ 44.720366][ T3616] R10: ffffed100e18e1c0 R11: 1ffff1100e18e1bf R12: ffff888070d88188 [ 44.728583][ T3616] R13: dffffc0000000000 R14: ffff888070d88140 R15: dffffc0000000000 [ 44.736908][ T3616] FS: 00007fc27c0b8700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 44.746316][ T3616] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.752912][ T3616] CR2: 00007fc27c0d8fd8 CR3: 0000000028873000 CR4: 00000000003506e0 [ 44.761001][ T3616] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.769899][ T3616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.778112][ T3616] Call Trace: [ 44.781423][ T3616] [ 44.784338][ T3616] vfat_rmdir+0x2e8/0x490 [ 44.788991][ T3616] ? read_lock_is_recursive+0x10/0x10 [ 44.794386][ T3616] ? vfat_mkdir+0x340/0x340 [ 44.798978][ T3616] ? down_write+0x1a5/0x270 [ 44.803587][ T3616] ? down_read_killable+0x80/0x80 [ 44.808661][ T3616] ? do_raw_spin_unlock+0x134/0x8a0 [ 44.813866][ T3616] ? bpf_lsm_inode_rmdir+0x5/0x10 [pid 3607] close(3) = -1 EBADF (Bad file descriptor) [pid 3607] close(4) = -1 EBADF (Bad file descriptor) [pid 3607] close(5) = 0 [pid 3607] close(6) = -1 EBADF (Bad file descriptor) [pid 3607] close(7) = -1 EBADF (Bad file descriptor) [pid 3607] close(8) = -1 EBADF (Bad file descriptor) [pid 3607] close(9) = -1 EBADF (Bad file descriptor) [pid 3607] close(10) = -1 EBADF (Bad file descriptor) [pid 3607] close(11) = -1 EBADF (Bad file descriptor) [pid 3607] close(12) = -1 EBADF (Bad file descriptor) [pid 3607] close(13) = -1 EBADF (Bad file descriptor) [pid 3607] close(14) = -1 EBADF (Bad file descriptor) [pid 3607] close(15) = -1 EBADF (Bad file descriptor) [pid 3607] close(16) = -1 EBADF (Bad file descriptor) [pid 3607] close(17) = -1 EBADF (Bad file descriptor) [pid 3607] close(18) = -1 EBADF (Bad file descriptor) [pid 3607] close(19) = -1 EBADF (Bad file descriptor) [pid 3607] close(20) = -1 EBADF (Bad file descriptor) [pid 3607] close(21) = -1 EBADF (Bad file descriptor) [pid 3607] close(22) = -1 EBADF (Bad file descriptor) [pid 3607] close(23) = -1 EBADF (Bad file descriptor) [pid 3607] close(24) = -1 EBADF (Bad file descriptor) [pid 3607] close(25) = -1 EBADF (Bad file descriptor) [pid 3607] close(26) = -1 EBADF (Bad file descriptor) [pid 3607] close(27) = -1 EBADF (Bad file descriptor) [pid 3607] close(28) = -1 EBADF (Bad file descriptor) [pid 3607] close(29) = -1 EBADF (Bad file descriptor) [pid 3607] exit_group(1) = ? [ 44.819291][ T3616] ? security_inode_rmdir+0xfa/0x130 [ 44.824699][ T3616] vfs_rmdir+0x358/0x4b0 [ 44.829661][ T3616] do_rmdir+0x39d/0x610 [ 44.833934][ T3616] ? d_delete_notify+0x150/0x150 [ 44.839027][ T3616] ? strncpy_from_user+0x1d6/0x330 [ 44.844473][ T3616] __x64_sys_rmdir+0x45/0x50 [ 44.849464][ T3616] do_syscall_64+0x3d/0xb0 [ 44.853900][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.860288][ T3616] RIP: 0033:0x7fc27c1380a9 [ 44.864969][ T3616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 44.884699][ T3616] RSP: 002b:00007fc27c0b8208 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 44.893465][ T3616] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00007fc27c1380a9 [ 44.901705][ T3616] RDX: 00007fc27c1380a9 RSI: 00007fc27c1380a9 RDI: 0000000020000300 [ 44.910195][ T3616] RBP: 00007fc27c1b6490 R08: 00007fc27c1b6498 R09: 00007fc27c1b6498 [ 44.918327][ T3616] R10: 00007fc27c1b6498 R11: 0000000000000246 R12: 00007fc27c1b649c [ 44.927076][ T3616] R13: 00007ffdc8f5ddef R14: 00007fc27c0b8300 R15: 0000000000022000 [ 44.935078][ T3616] [ 44.938324][ T3616] Kernel panic - not syncing: panic_on_warn set ... [ 44.944898][ T3616] CPU: 1 PID: 3616 Comm: syz-executor403 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 [ 44.955291][ T3616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 44.965338][ T3616] Call Trace: [ 44.968610][ T3616] [ 44.971525][ T3616] dump_stack_lvl+0x1b1/0x28e [ 44.976195][ T3616] ? nf_tcp_handle_invalid+0x62e/0x62e [ 44.981649][ T3616] ? panic+0x710/0x710 [ 44.985741][ T3616] ? vscnprintf+0x59/0x80 [ 44.990053][ T3616] ? drop_nlink+0x10/0x100 [ 44.994460][ T3616] panic+0x2d6/0x710 [ 44.998352][ T3616] ? __warn+0x131/0x220 [ 45.002503][ T3616] ? memcpy_page_flushcache+0xfc/0xfc [ 45.007881][ T3616] ? drop_nlink+0xb9/0x100 [ 45.012300][ T3616] __warn+0x1fa/0x220 [ 45.016269][ T3616] ? drop_nlink+0xb9/0x100 [ 45.020669][ T3616] report_bug+0x1b3/0x2d0 [ 45.024990][ T3616] handle_bug+0x3d/0x70 [ 45.029166][ T3616] exc_invalid_op+0x16/0x40 [ 45.033759][ T3616] asm_exc_invalid_op+0x16/0x20 [ 45.038603][ T3616] RIP: 0010:drop_nlink+0xb9/0x100 [ 45.043621][ T3616] Code: 49 8b 1e 48 8d bb c0 07 00 00 be 08 00 00 00 e8 9d f3 e9 ff f0 48 ff 83 c0 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 37 f9 95 ff <0f> 0b eb 8a 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 63 ff ff ff 4c [ 45.063230][ T3616] RSP: 0018:ffffc90003c5fc50 EFLAGS: 00010293 [ 45.069288][ T3616] RAX: ffffffff81f1d6a9 RBX: 1ffff1100e1b1031 RCX: ffff88807bbad7c0 [ 45.077247][ T3616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 45.085218][ T3616] RBP: 0000000000000000 R08: ffffffff81f1d62e R09: ffffed100e18e1c0 [ 45.093205][ T3616] R10: ffffed100e18e1c0 R11: 1ffff1100e18e1bf R12: ffff888070d88188 [ 45.101175][ T3616] R13: dffffc0000000000 R14: ffff888070d88140 R15: dffffc0000000000 [ 45.109135][ T3616] ? drop_nlink+0x3e/0x100 [ 45.113543][ T3616] ? drop_nlink+0xb9/0x100 [ 45.117953][ T3616] vfat_rmdir+0x2e8/0x490 [ 45.122282][ T3616] ? read_lock_is_recursive+0x10/0x10 [ 45.127643][ T3616] ? vfat_mkdir+0x340/0x340 [ 45.132131][ T3616] ? down_write+0x1a5/0x270 [ 45.136662][ T3616] ? down_read_killable+0x80/0x80 [ 45.141676][ T3616] ? do_raw_spin_unlock+0x134/0x8a0 [ 45.146865][ T3616] ? bpf_lsm_inode_rmdir+0x5/0x10 [ 45.151877][ T3616] ? security_inode_rmdir+0xfa/0x130 [ 45.157156][ T3616] vfs_rmdir+0x358/0x4b0 [ 45.161392][ T3616] do_rmdir+0x39d/0x610 [ 45.165530][ T3616] ? d_delete_notify+0x150/0x150 [ 45.170463][ T3616] ? strncpy_from_user+0x1d6/0x330 [ 45.175577][ T3616] __x64_sys_rmdir+0x45/0x50 [ 45.180163][ T3616] do_syscall_64+0x3d/0xb0 [ 45.184569][ T3616] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 45.190457][ T3616] RIP: 0033:0x7fc27c1380a9 [ 45.194857][ T3616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 45.214452][ T3616] RSP: 002b:00007fc27c0b8208 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 45.222848][ T3616] RAX: ffffffffffffffda RBX: 000000000000003e RCX: 00007fc27c1380a9 [ 45.230804][ T3616] RDX: 00007fc27c1380a9 RSI: 00007fc27c1380a9 RDI: 0000000020000300 [ 45.238758][ T3616] RBP: 00007fc27c1b6490 R08: 00007fc27c1b6498 R09: 00007fc27c1b6498 [ 45.246718][ T3616] R10: 00007fc27c1b6498 R11: 0000000000000246 R12: 00007fc27c1b649c [ 45.256332][ T3616] R13: 00007ffdc8f5ddef R14: 00007fc27c0b8300 R15: 0000000000022000 [ 45.264291][ T3616] [ 45.267366][ T3616] Kernel Offset: disabled [ 45.271677][ T3616] Rebooting in 86400 seconds..