./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4018739823 <...> Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts. execve("./syz-executor4018739823", ["./syz-executor4018739823"], 0x7fffac784fd0 /* 10 vars */) = 0 brk(NULL) = 0x555583483000 brk(0x555583483d00) = 0x555583483d00 arch_prctl(ARCH_SET_FS, 0x555583483380) = 0 set_tid_address(0x555583483650) = 5213 set_robust_list(0x555583483660, 24) = 0 rseq(0x555583483ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4018739823", 4096) = 28 getrandom("\xc6\xce\xe3\xeb\xd2\xfd\xd7\x79", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583483d00 brk(0x5555834a4d00) = 0x5555834a4d00 brk(0x5555834a5000) = 0x5555834a5000 mprotect(0x7f80d07e4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.UdA4oH", 0700) = 0 chmod("./syzkaller.UdA4oH", 0777) = 0 chdir("./syzkaller.UdA4oH") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x555583483660, 24 [pid 5213] <... clone resumed>, child_tidptr=0x555583483650) = 5214 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5214] chdir("./0") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5214] write(1, "executing program\n", 18) = 18 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f80c8200000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 24449) = 24449 [pid 5214] munmap(0x7f80c8200000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] close(4) = 0 [ 68.060006][ T5214] loop0: detected capacity change from 0 to 47 [ 68.081819][ T5214] ======================================================= [ 68.081819][ T5214] WARNING: The mand mount option has been deprecated and [ 68.081819][ T5214] and is ignored by this kernel. Remove the mand [ 68.081819][ T5214] option from the mount to silence this warning. [pid 5214] mkdir("./file1", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file1", "minix", MS_NOSUID|MS_MANDLOCK, "") = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file1") = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5214] openat(AT_FDCWD, "blkio.bfq.io_queued_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5214] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT, 000) = 5 [pid 5214] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555834846f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=288, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=288, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558348c730 /* 9 entries */, 32768) = 280 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 68.081819][ T5214] ======================================================= newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=012, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 umount2("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x31\x2f\x66\x69\x03\x1f", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x31\x2f\x66\x69\x03\x1f", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("\x2e\x2f\x30\x2f\x66\x69\x6c\x65\x31\x2f\x66\x69\x03\x1f") = 0 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 umount2("./0/file1/blkio.bfq.io_queued_recursive", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/blkio.bfq.io_queued_recursive", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/blkio.bfq.io_queued_recursive") = 0 umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 68.182305][ T5213] minix_free_block (loop0:20): bit already cleared [ 68.189342][ T5213] minix_free_block (loop0:21): bit already cleared [ 68.195950][ T5213] minix_free_block (loop0:19): bit already cleared [ 68.206523][ T5213] minix_free_block (loop0:22): bit already cleared [ 68.222411][ T5213] ------------[ cut here ]------------ [ 68.228109][ T5213] WARNING: CPU: 0 PID: 5213 at fs/inode.c:334 drop_nlink+0xc4/0x110 [ 68.236258][ T5213] Modules linked in: [ 68.240318][ T5213] CPU: 0 UID: 0 PID: 5213 Comm: syz-executor401 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 68.251408][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 68.261640][ T5213] RIP: 0010:drop_nlink+0xc4/0x110 [ 68.266714][ T5213] Code: bb 70 07 00 00 be 08 00 00 00 e8 67 a3 e6 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 8d 3f 82 ff 90 <0f> 0b 90 eb 83 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 5c ff ff ff [ 68.286461][ T5213] RSP: 0018:ffffc9000368fc30 EFLAGS: 00010293 [ 68.292710][ T5213] RAX: ffffffff82127f43 RBX: 1ffff1100ef77163 RCX: ffff88802d829e00 [ 68.300792][ T5213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.308893][ T5213] RBP: 0000000000000000 R08: ffffffff82127ec3 R09: 1ffffd40003b8ca6 [ 68.316987][ T5213] R10: dffffc0000000000 R11: fffff940003b8ca7 R12: ffff888077bb8b18 [ 68.325039][ T5213] R13: 0000000066ecec3c R14: ffff888077bb8ad0 R15: dffffc0000000000 [ 68.333083][ T5213] FS: 0000555583483380(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 68.342106][ T5213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.348816][ T5213] CR2: 0000555583494738 CR3: 0000000074976000 CR4: 00000000003506f0 [ 68.356850][ T5213] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.365104][ T5213] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.373168][ T5213] Call Trace: [ 68.376515][ T5213] [ 68.379529][ T5213] ? __warn+0x168/0x4e0 [ 68.383741][ T5213] ? drop_nlink+0xc4/0x110 [ 68.388195][ T5213] ? report_bug+0x2b3/0x500 [ 68.392793][ T5213] ? drop_nlink+0xc4/0x110 [ 68.397439][ T5213] ? handle_bug+0x60/0x90 [ 68.401863][ T5213] ? exc_invalid_op+0x1a/0x50 [ 68.406619][ T5213] ? asm_exc_invalid_op+0x1a/0x20 [ 68.411739][ T5213] ? drop_nlink+0x43/0x110 [ 68.416218][ T5213] ? drop_nlink+0xc3/0x110 [ 68.420746][ T5213] ? drop_nlink+0xc4/0x110 [ 68.425247][ T5213] minix_unlink+0x25b/0x320 [ 68.429890][ T5213] ? __pfx_minix_unlink+0x10/0x10 [ 68.434967][ T5213] ? bpf_lsm_inode_unlink+0x9/0x10 [ 68.440151][ T5213] ? security_inode_unlink+0xd9/0x340 [ 68.445579][ T5213] vfs_unlink+0x365/0x650 [ 68.450048][ T5213] do_unlinkat+0x4ae/0x830 [ 68.454523][ T5213] ? __pfx_do_unlinkat+0x10/0x10 [ 68.459605][ T5213] ? __check_object_size+0x49c/0x900 [ 68.465011][ T5213] ? getname_flags+0x1e3/0x540 [ 68.469866][ T5213] __x64_sys_unlink+0x47/0x50 [ 68.474603][ T5213] do_syscall_64+0xf3/0x230 [ 68.479193][ T5213] ? clear_bhb_loop+0x35/0x90 [ 68.483923][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.489962][ T5213] RIP: 0033:0x7f80d076fb97 [ 68.494438][ T5213] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.514233][ T5213] RSP: 002b:00007fff00d34fc8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 68.522762][ T5213] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80d076fb97 [ 68.530905][ T5213] RDX: 00007fff00d34ff0 RSI: 00007fff00d35080 RDI: 00007fff00d35080 [ 68.539129][ T5213] RBP: 00007fff00d35080 R08: 0000000000000000 R09: 0000000000000000 [ 68.547125][ T5213] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff00d36170 [ 68.555179][ T5213] R13: 000055558348c700 R14: 0000000000000001 R15: 431bde82d7b634db [ 68.563283][ T5213] [ 68.566333][ T5213] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.573623][ T5213] CPU: 0 UID: 0 PID: 5213 Comm: syz-executor401 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 68.584413][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 68.594495][ T5213] Call Trace: [ 68.597811][ T5213] [ 68.600748][ T5213] dump_stack_lvl+0x241/0x360 [ 68.605469][ T5213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.610695][ T5213] ? __pfx__printk+0x10/0x10 [ 68.615319][ T5213] ? _printk+0xd5/0x120 [ 68.619500][ T5213] ? __init_begin+0x41000/0x41000 [ 68.624564][ T5213] ? vscnprintf+0x5d/0x90 [ 68.628914][ T5213] panic+0x349/0x880 [ 68.632834][ T5213] ? __warn+0x177/0x4e0 [ 68.637008][ T5213] ? __pfx_panic+0x10/0x10 [ 68.641443][ T5213] ? show_trace_log_lvl+0x3b2/0x410 [ 68.646682][ T5213] __warn+0x34b/0x4e0 [ 68.650683][ T5213] ? drop_nlink+0xc4/0x110 [ 68.655129][ T5213] report_bug+0x2b3/0x500 [ 68.659480][ T5213] ? drop_nlink+0xc4/0x110 [ 68.663975][ T5213] handle_bug+0x60/0x90 [ 68.668261][ T5213] exc_invalid_op+0x1a/0x50 [ 68.672817][ T5213] asm_exc_invalid_op+0x1a/0x20 [ 68.677720][ T5213] RIP: 0010:drop_nlink+0xc4/0x110 [ 68.682799][ T5213] Code: bb 70 07 00 00 be 08 00 00 00 e8 67 a3 e6 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc e8 8d 3f 82 ff 90 <0f> 0b 90 eb 83 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 5c ff ff ff [ 68.702515][ T5213] RSP: 0018:ffffc9000368fc30 EFLAGS: 00010293 [ 68.708958][ T5213] RAX: ffffffff82127f43 RBX: 1ffff1100ef77163 RCX: ffff88802d829e00 [ 68.716944][ T5213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.724947][ T5213] RBP: 0000000000000000 R08: ffffffff82127ec3 R09: 1ffffd40003b8ca6 [ 68.732938][ T5213] R10: dffffc0000000000 R11: fffff940003b8ca7 R12: ffff888077bb8b18 [ 68.740947][ T5213] R13: 0000000066ecec3c R14: ffff888077bb8ad0 R15: dffffc0000000000 [ 68.749025][ T5213] ? drop_nlink+0x43/0x110 [ 68.753466][ T5213] ? drop_nlink+0xc3/0x110 [ 68.757939][ T5213] minix_unlink+0x25b/0x320 [ 68.762762][ T5213] ? __pfx_minix_unlink+0x10/0x10 [ 68.767833][ T5213] ? bpf_lsm_inode_unlink+0x9/0x10 [ 68.772968][ T5213] ? security_inode_unlink+0xd9/0x340 [ 68.778403][ T5213] vfs_unlink+0x365/0x650 [ 68.782767][ T5213] do_unlinkat+0x4ae/0x830 [ 68.787216][ T5213] ? __pfx_do_unlinkat+0x10/0x10 [ 68.792263][ T5213] ? __check_object_size+0x49c/0x900 [ 68.797572][ T5213] ? getname_flags+0x1e3/0x540 [ 68.802355][ T5213] __x64_sys_unlink+0x47/0x50 [ 68.807056][ T5213] do_syscall_64+0xf3/0x230 [ 68.811586][ T5213] ? clear_bhb_loop+0x35/0x90 [ 68.816286][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.822203][ T5213] RIP: 0033:0x7f80d076fb97 [ 68.826634][ T5213] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.846256][ T5213] RSP: 002b:00007fff00d34fc8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 68.854698][ T5213] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80d076fb97 [ 68.862689][ T5213] RDX: 00007fff00d34ff0 RSI: 00007fff00d35080 RDI: 00007fff00d35080 [ 68.870681][ T5213] RBP: 00007fff00d35080 R08: 0000000000000000 R09: 0000000000000000 [ 68.878757][ T5213] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fff00d36170 [ 68.886743][ T5213] R13: 000055558348c700 R14: 0000000000000001 R15: 431bde82d7b634db [ 68.894745][ T5213] [ 68.898114][ T5213] Kernel Offset: disabled [ 68.902498][ T5213] Rebooting in 86400 seconds..