./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1571947607 <...> DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6 forked to background, child pid 4694 [ 47.716980][ T4695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.727296][ T4695] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. execve("./syz-executor1571947607", ["./syz-executor1571947607"], 0x7ffc7c4c5180 /* 10 vars */) = 0 brk(NULL) = 0x555555700000 brk(0x555555700c40) = 0x555555700c40 arch_prctl(ARCH_SET_FS, 0x555555700300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1571947607", 4096) = 28 brk(0x555555721c40) = 0x555555721c40 brk(0x555555722000) = 0x555555722000 mprotect(0x7f7a4b62d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5030 attached , child_tidptr=0x5555557005d0) = 5030 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] getpid() = 5030 [pid 5030] mkdir("./syzkaller.8ukcXx", 0700./strace-static-x86_64: Process 5031 attached [pid 5029] <... clone resumed>, child_tidptr=0x5555557005d0) = 5031 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557005d0) = 5032 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] <... mkdir resumed>) = 0 [pid 5030] chmod("./syzkaller.8ukcXx", 0777 [pid 5029] <... clone resumed>, child_tidptr=0x5555557005d0) = 5033 [pid 5030] <... chmod resumed>) = 0 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5030] chdir("./syzkaller.8ukcXx") = 0 [pid 5030] mkdir("./0", 0777 [pid 5031] getpid( [pid 5029] <... clone resumed>, child_tidptr=0x5555557005d0) = 5034 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557005d0) = 5035 ./strace-static-x86_64: Process 5034 attached [pid 5030] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5032 attached [pid 5031] <... getpid resumed>) = 5031 [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached [pid 5031] mkdir("./syzkaller.UqxWoC", 0700 [pid 5034] getpid( [pid 5033] getpid( [pid 5034] <... getpid resumed>) = 5034 [pid 5034] mkdir("./syzkaller.2LPouR", 0700 [pid 5031] <... mkdir resumed>) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x5555557005d0) = 5036 [pid 5033] <... getpid resumed>) = 5033 [pid 5033] mkdir("./syzkaller.AeEtDL", 0700 [pid 5031] chmod("./syzkaller.UqxWoC", 0777) = 0 ./strace-static-x86_64: Process 5035 attached [pid 5032] getpid( [pid 5031] chdir("./syzkaller.UqxWoC" [pid 5032] <... getpid resumed>) = 5032 [pid 5031] <... chdir resumed>) = 0 [pid 5031] mkdir("./0", 0777 [pid 5032] mkdir("./syzkaller.NWfjlJ", 0700 [pid 5031] <... mkdir resumed>) = 0 [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5033] <... mkdir resumed>) = 0 [pid 5033] chmod("./syzkaller.AeEtDL", 0777) = 0 ./strace-static-x86_64: Process 5036 attached [pid 5034] <... mkdir resumed>) = 0 [pid 5034] chmod("./syzkaller.2LPouR", 0777 [pid 5031] <... clone resumed>, child_tidptr=0x5555557005d0) = 5037 [pid 5033] chdir("./syzkaller.AeEtDL") = 0 [pid 5033] mkdir("./0", 0777 [pid 5036] chdir("./0" [pid 5032] <... mkdir resumed>) = 0 [pid 5032] chmod("./syzkaller.NWfjlJ", 0777 [pid 5036] <... chdir resumed>) = 0 [pid 5032] <... chmod resumed>) = 0 [pid 5032] chdir("./syzkaller.NWfjlJ") = 0 [pid 5034] <... chmod resumed>) = 0 [pid 5034] chdir("./syzkaller.2LPouR" [pid 5032] mkdir("./0", 0777 [pid 5034] <... chdir resumed>) = 0 [pid 5034] mkdir("./0", 0777 [pid 5035] getpid(./strace-static-x86_64: Process 5037 attached ) = 5035 [pid 5034] <... mkdir resumed>) = 0 [pid 5032] <... mkdir resumed>) = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5035] mkdir("./syzkaller.74MUxT", 0700 [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5036] <... prctl resumed>) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] <... mkdir resumed>) = 0 [pid 5033] <... mkdir resumed>) = 0 [pid 5034] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5035] chmod("./syzkaller.74MUxT", 0777 [pid 5037] chdir("./0" [pid 5033] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5035] <... chmod resumed>) = 0 [pid 5032] <... clone resumed>, child_tidptr=0x5555557005d0) = 5038 [pid 5037] <... chdir resumed>) = 0 [pid 5035] chdir("./syzkaller.74MUxT") = 0 ./strace-static-x86_64: Process 5040 attached ./strace-static-x86_64: Process 5039 attached ./strace-static-x86_64: Process 5038 attached [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] write(3, "1000", 4 [pid 5034] <... clone resumed>, child_tidptr=0x5555557005d0) = 5039 [pid 5035] mkdir("./0", 0777 [pid 5036] <... write resumed>) = 4 [pid 5036] close(3) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs" [pid 5037] <... prctl resumed>) = 0 [pid 5036] <... symlink resumed>) = 0 [pid 5035] <... mkdir resumed>) = 0 [pid 5037] setpgid(0, 0 [pid 5035] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5037] <... setpgid resumed>) = 0 [pid 5036] creat("./bus", 000 [pid 5033] <... clone resumed>, child_tidptr=0x5555557005d0) = 5040 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... creat resumed>) = 3 [pid 5038] chdir("./0" [pid 5039] chdir("./0" [pid 5037] <... openat resumed>) = 3 [pid 5036] open("./bus", O_RDONLY [pid 5035] <... clone resumed>, child_tidptr=0x5555557005d0) = 5041 [pid 5038] <... chdir resumed>) = 0 [pid 5037] write(3, "1000", 4 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5037] <... write resumed>) = 4 [pid 5040] chdir("./0" [pid 5039] <... chdir resumed>) = 0 [pid 5038] <... prctl resumed>) = 0 [pid 5037] close(3 [pid 5036] <... open resumed>) = 4 ./strace-static-x86_64: Process 5041 attached [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] finit_module(4, NULL, 0 [pid 5041] chdir("./0" [pid 5039] <... prctl resumed>) = 0 [pid 5036] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5041] <... chdir resumed>) = 0 [pid 5039] setpgid(0, 0 [pid 5036] exit_group(0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5039] <... setpgid resumed>) = 0 [pid 5036] <... exit_group resumed>) = ? [pid 5041] <... prctl resumed>) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] +++ exited with 0 +++ [pid 5041] setpgid(0, 0 [pid 5039] <... openat resumed>) = 3 [pid 5041] <... setpgid resumed>) = 0 [pid 5039] write(3, "1000", 4 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5039] <... write resumed>) = 4 [pid 5041] <... openat resumed>) = 3 [pid 5039] close(3 [pid 5041] write(3, "1000", 4 [pid 5039] <... close resumed>) = 0 [pid 5041] <... write resumed>) = 4 [pid 5039] symlink("/dev/binderfs", "./binderfs" [pid 5041] close(3 [pid 5039] <... symlink resumed>) = 0 [pid 5041] <... close resumed>) = 0 [pid 5039] creat("./bus", 000 [pid 5041] symlink("/dev/binderfs", "./binderfs" [pid 5039] <... creat resumed>) = 3 [pid 5041] <... symlink resumed>) = 0 [pid 5039] open("./bus", O_RDONLY [pid 5041] creat("./bus", 000 [pid 5039] <... open resumed>) = 4 [pid 5041] <... creat resumed>) = 3 [pid 5039] finit_module(4, NULL, 0 [pid 5041] open("./bus", O_RDONLY [pid 5039] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5041] <... open resumed>) = 4 [pid 5039] exit_group(0 [pid 5041] finit_module(4, NULL, 0 [pid 5039] <... exit_group resumed>) = ? [pid 5041] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5039] +++ exited with 0 +++ [pid 5041] exit_group(0 [pid 5034] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5041] <... exit_group resumed>) = ? [pid 5034] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5041] +++ exited with 0 +++ [pid 5040] <... chdir resumed>) = 0 [pid 5038] setpgid(0, 0 [pid 5037] <... close resumed>) = 0 [pid 5030] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5034] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5034] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5034] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5034] getdents64(3, 0x555555701620 /* 4 entries */, 32768) = 104 [pid 5034] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5034] lstat("./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5034] unlink("./0/bus") = 0 [pid 5034] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) syzkaller login: [ 75.035506][ T27] audit: type=1804 audit(1688160054.417:2): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.8ukcXx/0/bus" dev="sda1" ino=1940 res=1 errno=0 [ 75.058826][ T27] audit: type=1804 audit(1688160054.417:3): pid=5039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.2LPouR/0/bus" dev="sda1" ino=1942 res=1 errno=0 [pid 5034] lstat("./0/binderfs", [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5038] <... setpgid resumed>) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs" [pid 5035] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5034] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5034] unlink("./0/binderfs") = 0 [pid 5034] getdents64(3, 0x555555701620 /* 0 entries */, 32768) = 0 [pid 5034] close(3) = 0 [pid 5034] rmdir("./0") = 0 [pid 5034] mkdir("./1", 0777) = 0 [pid 5034] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557005d0) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] chdir("./1") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3 [pid 5040] <... prctl resumed>) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5042] <... close resumed>) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs" [pid 5037] <... symlink resumed>) = 0 [pid 5035] restart_syscall(<... resuming interrupted clone ...> [pid 5040] setpgid(0, 0) = 0 [pid 5035] <... restart_syscall resumed>) = 0 [pid 5030] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5038] <... openat resumed>) = 3 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5035] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5040] <... openat resumed>) = 3 [pid 5030] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5040] write(3, "1000", 4 [pid 5038] write(3, "1000", 4 [pid 5037] creat("./bus", 000 [pid 5035] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] <... openat resumed>) = 3 [pid 5038] <... write resumed>) = 4 [pid 5035] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5040] <... write resumed>) = 4 [pid 5042] <... symlink resumed>) = 0 [pid 5042] creat("./bus", 000 [pid 5037] <... creat resumed>) = 3 [pid 5035] <... openat resumed>) = 3 [pid 5040] close(3 [pid 5038] close(3 [pid 5037] open("./bus", O_RDONLY [pid 5035] fstat(3, [pid 5030] fstat(3, [pid 5040] <... close resumed>) = 0 [pid 5038] <... close resumed>) = 0 [pid 5035] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5042] <... creat resumed>) = 3 [pid 5037] <... open resumed>) = 4 [pid 5038] symlink("/dev/binderfs", "./binderfs" [pid 5042] open("./bus", O_RDONLY [pid 5040] symlink("/dev/binderfs", "./binderfs" [pid 5030] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 75.083117][ T27] audit: type=1804 audit(1688160054.417:4): pid=5041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.74MUxT/0/bus" dev="sda1" ino=1944 res=1 errno=0 [pid 5042] <... open resumed>) = 4 [pid 5038] <... symlink resumed>) = 0 [pid 5035] getdents64(3, [pid 5040] <... symlink resumed>) = 0 [pid 5037] finit_module(4, NULL, 0 [pid 5038] creat("./bus", 000 [pid 5030] getdents64(3, [pid 5040] creat("./bus", 000 [pid 5035] <... getdents64 resumed>0x555555701620 /* 4 entries */, 32768) = 104 [pid 5030] <... getdents64 resumed>0x555555701620 /* 4 entries */, 32768) = 104 [pid 5042] finit_module(4, NULL, 0 [pid 5038] <... creat resumed>) = 3 [pid 5035] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5040] <... creat resumed>) = 3 [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5035] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5038] open("./bus", O_RDONLY [pid 5037] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5035] lstat("./0/bus", [pid 5030] lstat("./0/bus", [pid 5040] open("./bus", O_RDONLY [pid 5035] <... lstat resumed>{st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5042] exit_group(0 [pid 5035] unlink("./0/bus" [pid 5030] <... lstat resumed>{st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5042] <... exit_group resumed>) = ? [pid 5040] <... open resumed>) = 4 [pid 5042] +++ exited with 0 +++ [pid 5038] <... open resumed>) = 4 [pid 5037] exit_group(0 [pid 5035] <... unlink resumed>) = 0 [pid 5030] unlink("./0/bus" [pid 5034] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5040] finit_module(4, NULL, 0) = -1 ETXTBSY (Text file busy) [pid 5040] exit_group(0) = ? [pid 5040] +++ exited with 0 +++ [pid 5034] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5034] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5033] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5040, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5034] <... openat resumed>) = 3 [pid 5033] restart_syscall(<... resuming interrupted clone ...> [pid 5034] fstat(3, [pid 5033] <... restart_syscall resumed>) = 0 [pid 5034] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5034] getdents64(3, 0x555555701620 /* 4 entries */, 32768) = 104 [pid 5033] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5033] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5034] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5033] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5034] lstat("./1/bus", [pid 5033] <... openat resumed>) = 3 [pid 5034] <... lstat resumed>{st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5033] fstat(3, [pid 5034] unlink("./1/bus" [pid 5033] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5034] <... unlink resumed>) = 0 [pid 5033] getdents64(3, [pid 5034] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5033] <... getdents64 resumed>0x555555701620 /* 4 entries */, 32768) = 104 [pid 5034] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5033] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] lstat("./1/binderfs", [pid 5033] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5034] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5033] lstat("./0/bus", [pid 5034] unlink("./1/binderfs" [pid 5033] <... lstat resumed>{st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5038] finit_module(4, NULL, 0 [pid 5037] <... exit_group resumed>) = ? [pid 5035] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] <... unlink resumed>) = 0 [pid 5033] unlink("./0/bus" [pid 5030] <... unlink resumed>) = 0 [pid 5034] getdents64(3, [pid 5033] <... unlink resumed>) = 0 [pid 5034] <... getdents64 resumed>0x555555701620 /* 0 entries */, 32768) = 0 [pid 5033] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] close(3 [pid 5033] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5034] <... close resumed>) = 0 [pid 5033] lstat("./0/binderfs", [pid 5034] rmdir("./1" [pid 5033] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5034] <... rmdir resumed>) = 0 [pid 5033] unlink("./0/binderfs" [pid 5034] mkdir("./2", 0777 [pid 5033] <... unlink resumed>) = 0 [pid 5034] <... mkdir resumed>) = 0 [pid 5033] getdents64(3, [pid 5034] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5033] <... getdents64 resumed>0x555555701620 /* 0 entries */, 32768) = 0 [pid 5033] close(3 [pid 5034] <... clone resumed>, child_tidptr=0x5555557005d0) = 5043 [pid 5033] <... close resumed>) = 0 [pid 5033] rmdir("./0") = 0 [ 75.118342][ T27] audit: type=1804 audit(1688160054.497:5): pid=5037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.UqxWoC/0/bus" dev="sda1" ino=1945 res=1 errno=0 [ 75.146833][ T27] audit: type=1804 audit(1688160054.497:6): pid=5042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.2LPouR/1/bus" dev="sda1" ino=1946 res=1 errno=0 [pid 5033] mkdir("./1", 0777) = 0 [pid 5033] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557005d0) = 5044 ./strace-static-x86_64: Process 5043 attached [pid 5043] chdir("./2" [pid 5038] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5037] +++ exited with 0 +++ [pid 5035] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5038] exit_group(0 [pid 5030] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5044 attached [pid 5043] <... chdir resumed>) = 0 [pid 5031] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5044] chdir("./1" [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] restart_syscall(<... resuming interrupted clone ...> [pid 5044] <... chdir resumed>) = 0 [pid 5043] <... prctl resumed>) = 0 [pid 5031] <... restart_syscall resumed>) = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5043] setpgid(0, 0 [pid 5044] <... prctl resumed>) = 0 [pid 5043] <... setpgid resumed>) = 0 [pid 5044] setpgid(0, 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5044] <... setpgid resumed>) = 0 [pid 5043] <... openat resumed>) = 3 [pid 5031] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5043] write(3, "1000", 4 [pid 5031] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5044] <... openat resumed>) = 3 [pid 5043] <... write resumed>) = 4 [pid 5031] <... openat resumed>) = 3 [pid 5044] write(3, "1000", 4 [pid 5043] close(3 [pid 5031] fstat(3, [pid 5044] <... write resumed>) = 4 [pid 5043] <... close resumed>) = 0 [pid 5031] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5044] close(3 [pid 5043] symlink("/dev/binderfs", "./binderfs" [pid 5031] getdents64(3, [pid 5044] <... close resumed>) = 0 [pid 5043] <... symlink resumed>) = 0 [pid 5031] <... getdents64 resumed>0x555555701620 /* 4 entries */, 32768) = 104 [pid 5044] symlink("/dev/binderfs", "./binderfs" [pid 5043] creat("./bus", 000 [pid 5031] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5044] <... symlink resumed>) = 0 [pid 5043] <... creat resumed>) = 3 [pid 5031] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 75.170658][ T27] audit: type=1804 audit(1688160054.527:8): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.AeEtDL/0/bus" dev="sda1" ino=1950 res=1 errno=0 [ 75.195535][ T27] audit: type=1804 audit(1688160054.527:7): pid=5038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.NWfjlJ/0/bus" dev="sda1" ino=1949 res=1 errno=0 [pid 5044] creat("./bus", 000 [pid 5043] open("./bus", O_RDONLY [pid 5038] <... exit_group resumed>) = ? [pid 5035] lstat("./0/binderfs", [pid 5031] lstat("./0/bus", [pid 5030] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5044] <... creat resumed>) = 3 [pid 5043] <... open resumed>) = 4 [pid 5038] +++ exited with 0 +++ [pid 5031] <... lstat resumed>{st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5044] open("./bus", O_RDONLY [pid 5043] finit_module(4, NULL, 0 [pid 5035] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5032] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5031] unlink("./0/bus" [pid 5030] lstat("./0/binderfs", [pid 5044] <... open resumed>) = 4 [pid 5043] <... finit_module resumed>) = -1 ETXTBSY (Text file busy) [pid 5031] <... unlink resumed>) = 0 [pid 5044] finit_module(4, NULL, 0 [pid 5043] exit_group(0 [pid 5031] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5035] unlink("./0/binderfs" [pid 5030] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5035] <... unlink resumed>) = 0 [pid 5030] unlink("./0/binderfs" [pid 5035] getdents64(3, [pid 5032] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] <... unlink resumed>) = 0 [pid 5035] <... getdents64 resumed>0x555555701620 /* 0 entries */, 32768) = 0 [pid 5032] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] getdents64(3, [pid 5035] close(3 [ 75.221085][ T27] audit: type=1804 audit(1688160054.597:9): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.2LPouR/2/bus" dev="sda1" ino=1944 res=1 errno=0 [ 75.223852][ T5044] general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN [ 75.244236][ T27] audit: type=1804 audit(1688160054.597:10): pid=5044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.AeEtDL/1/bus" dev="sda1" ino=1946 res=1 errno=0 [ 75.255112][ T5044] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [pid 5032] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5030] <... getdents64 resumed>0x555555701620 /* 0 entries */, 32768) = 0 [pid 5035] <... close resumed>) = 0 [pid 5032] <... openat resumed>) = 3 [pid 5030] close(3 [pid 5035] rmdir("./0" [pid 5032] fstat(3, [pid 5030] <... close resumed>) = 0 [pid 5035] <... rmdir resumed>) = 0 [pid 5032] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5030] rmdir("./0" [pid 5035] mkdir("./1", 0777 [pid 5032] getdents64(3, [ 75.255133][ T5044] CPU: 0 PID: 5044 Comm: syz-executor157 Not tainted 6.4.0-next-20230630-syzkaller #0 [ 75.255162][ T5044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 75.305582][ T5044] RIP: 0010:init_module_from_file+0x1c1/0x6a0 [ 75.309588][ T27] audit: type=1804 audit(1688160054.687:11): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor157" name="/root/syzkaller.8ukcXx/1/bus" dev="sda1" ino=1943 res=1 errno=0 [ 75.311693][ T5044] Code: 0f 84 c0 01 00 00 e8 de f1 12 00 4d 89 e7 49 83 ef 08 74 61 e8 d0 f1 12 00 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 59 04 00 00 4d 3b 2f 0f 84 ae 00 00 00 e8 a7 f1 [ 75.311721][ T5044] RSP: 0018:ffffc90003a7fd28 EFLAGS: 00010203 [ 75.359848][ T5044] RAX: dffffc0000000000 RBX: 00000000000000f1 RCX: 0000000000000000 [ 75.367817][ T5044] RDX: 0000000000000007 RSI: ffffffff81722200 RDI: ffffc90003a4fe28 [ 75.376222][ T5044] RBP: ffff88802a2f4000 R08: 0000000000000001 R09: fffff5200074ff97 [ 75.384199][ T5044] R10: 0000000000000003 R11: 0000000000000001 R12: ffffc90003a4fe28 [ 75.392170][ T5044] R13: ffff888077bfd2b0 R14: ffffffff921588a8 R15: 000000000000003e [ 75.400146][ T5044] FS: 0000555555700300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 75.409087][ T5044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.415679][ T5044] CR2: 00007f7a4b634290 CR3: 000000002a24a000 CR4: 00000000003506f0 [ 75.423658][ T5044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.431624][ T5044] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.439596][ T5044] Call Trace: [ 75.442870][ T5044] [ 75.445797][ T5044] ? die_addr+0x3c/0xa0 [ 75.449968][ T5044] ? exc_general_protection+0x129/0x230 [ 75.455537][ T5044] ? asm_exc_general_protection+0x26/0x30 [ 75.461271][ T5044] ? init_module_from_file+0x1b0/0x6a0 [ 75.466736][ T5044] ? init_module_from_file+0x1c1/0x6a0 [ 75.472660][ T5044] ? init_module_from_file+0x1b0/0x6a0 [ 75.478129][ T5044] ? __do_sys_init_module+0x2e0/0x2e0 [ 75.483503][ T5044] ? _raw_spin_lock_irq+0x45/0x50 [ 75.488563][ T5044] ? xfs_bmap_add_extent_hole_real+0x370/0x1e30 [ 75.494841][ T5044] ? bpf_lsm_capable+0x9/0x10 [ 75.499533][ T5044] ? security_capable+0x93/0xc0 [ 75.504400][ T5044] __x64_sys_finit_module+0xfd/0x190 [ 75.509691][ T5044] do_syscall_64+0x39/0xb0 [ 75.514131][ T5044] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.520046][ T5044] RIP: 0033:0x7f7a4b5c05b9 [ 75.524460][ T5044] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 75.544065][ T5044] RSP: 002b:00007ffec98a1ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 75.552475][ T5044] RAX: ffffffffffffffda RBX: 00000000000124f4 RCX: 00007f7a4b5c05b9 [ 75.560443][ T5044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 75.568417][ T5044] RBP: 0000000000000000 R08: 00007ffec98a1ed0 R09: 00007ffec98a1ed0 [ 75.576387][ T5044] R10: 00007ffec98a1ed0 R11: 0000000000000246 R12: 00007ffec98a1ecc [pid 5030] <... rmdir resumed>) = 0 [pid 5035] <... mkdir resumed>) = 0 [pid 5032] <... getdents64 resumed>0x555555701620 /* 4 entries */, 32768) = 104 [pid 5030] mkdir("./1", 0777 [pid 5035] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5032] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5030] <... mkdir resumed>) = 0 [pid 5032] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5030] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5035] <... clone resumed>, child_tidptr=0x5555557005d0) = 5045 [pid 5032] lstat("./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}) = 0 [pid 5030] <... clone resumed>, child_tidptr=0x5555557005d0) = 5046 [pid 5032] unlink("./0/bus") = 0 [pid 5032] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5032] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5032] unlink("./0/binderfs") = 0 [pid 5032] getdents64(3, 0x555555701620 /* 0 entries */, 32768) = 0 [pid 5032] close(3) = 0 [pid 5032] rmdir("./0") = 0 [pid 5032] mkdir("./1", 0777) = 0 [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557005d0) = 5047 ./strace-static-x86_64: Process 5046 attached [pid 5046] chdir("./1") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] creat("./bus", 000) = 3 [pid 5046] open("./bus", O_RDONLY) = 4 [ 75.584361][ T5044] R13: 00007ffec98a1f00 R14: 00007ffec98a1ee0 R15: 0000000000000001 [ 75.592337][ T5044] [ 75.595376][ T5044] Modules linked in: [ 75.599413][ T5044] ---[ end trace 0000000000000000 ]--- [ 75.605875][ T5044] RIP: 0010:init_module_from_file+0x1c1/0x6a0 [ 75.611972][ T5044] Code: 0f 84 c0 01 00 00 e8 de f1 12 00 4d 89 e7 49 83 ef 08 74 61 e8 d0 f1 12 00 4c 89 fa 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 59 04 00 00 4d 3b 2f 0f 84 ae 00 00 00 e8 a7 f1 [ 75.631633][ T5044] RSP: 0018:ffffc90003a7fd28 EFLAGS: 00010203 [ 75.637716][ T5044] RAX: dffffc0000000000 RBX: 00000000000000f1 RCX: 0000000000000000 [ 75.645791][ T5044] RDX: 0000000000000007 RSI: ffffffff81722200 RDI: ffffc90003a4fe28 [ 75.653769][ T5044] RBP: ffff88802a2f4000 R08: 0000000000000001 R09: fffff5200074ff97 [ 75.661756][ T5044] R10: 0000000000000003 R11: 0000000000000001 R12: ffffc90003a4fe28 [ 75.669744][ T5044] R13: ffff888077bfd2b0 R14: ffffffff921588a8 R15: 000000000000003e [ 75.677729][ T5044] FS: 0000555555700300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 75.686681][ T5044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.693258][ T5044] CR2: 00007f7a4b634290 CR3: 000000002a24a000 CR4: 00000000003506f0 [ 75.701238][ T5044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.709249][ T5044] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.717251][ T5044] Kernel panic - not syncing: Fatal exception [ 75.723648][ T5044] Kernel Offset: disabled [ 75.727985][ T5044] Rebooting in 86400 seconds..