./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2250876614 <...> Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts. execve("./syz-executor2250876614", ["./syz-executor2250876614"], 0x7ffeab7b6c30 /* 10 vars */) = 0 brk(NULL) = 0x555555822000 brk(0x555555822d40) = 0x555555822d40 arch_prctl(ARCH_SET_FS, 0x5555558223c0) = 0 set_tid_address(0x555555822690) = 5042 set_robust_list(0x5555558226a0, 24) = 0 rseq(0x555555822ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2250876614", 4096) = 28 getrandom("\x74\x8e\x6d\xc4\xbe\x2e\x18\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555822d40 brk(0x555555843d40) = 0x555555843d40 brk(0x555555844000) = 0x555555844000 mprotect(0x7fa04dcfb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.Oso3LE", 0700) = 0 chmod("./syzkaller.Oso3LE", 0777) = 0 chdir("./syzkaller.Oso3LE") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555822690) = 5043 ./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x5555558226a0, 24) = 0 [pid 5043] chdir("./0") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] rt_sigaction(SIGRT_1, {sa_handler=0x7fa04dc8ce70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa04dc7e020}, NULL, 8) = 0 [pid 5043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa04dc03000 [pid 5043] mprotect(0x7fa04dc04000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa04dc23990, parent_tid=0x7fa04dc23990, exit_signal=0, stack=0x7fa04dc03000, stack_size=0x20300, tls=0x7fa04dc236c0}./strace-static-x86_64: Process 5044 attached => {parent_tid=[5044]}, 88) = 5044 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7fa04dd016ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5044] rseq(0x7fa04dc23fe0, 0x20, 0, 0x53053053) = 0 [pid 5044] set_robust_list(0x7fa04dc239a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] memfd_create("syzkaller", 0) = 3 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa045803000 [ 88.017533][ T5044] syz-executor225[5044]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5044] munmap(0x7fa045803000, 16777216) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5044] close(3) = 0 [pid 5044] mkdir("./bus", 0777) = 0 [ 88.346026][ T5044] loop0: detected capacity change from 0 to 32768 [ 88.359249][ T5044] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 88.367510][ T5044] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 88.378247][ T5044] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 88.387390][ T54] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 88.394184][ T54] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 88.450900][ T54] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 56ms [ 88.458729][ T54] gfs2: fsid=syz:syz.0: jid=0: Done [ 88.463988][ T5044] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5044] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5044] chdir("./bus") = 0 [pid 5044] ioctl(4, LOOP_CLR_FD) = 0 [pid 5044] close(4) = 0 [pid 5044] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5043] futex(0x7fa04dd016bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] mkdir("./file0", 000 [pid 5043] <... futex resumed>) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0467e2000 [pid 5043] mprotect(0x7fa0467e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa046802990, parent_tid=0x7fa046802990, exit_signal=0, stack=0x7fa0467e2000, stack_size=0x20300, tls=0x7fa0468026c0}./strace-static-x86_64: Process 5049 attached [pid 5049] rseq(0x7fa046802fe0, 0x20, 0, 0x53053053) = 0 [pid 5043] <... clone3 resumed> => {parent_tid=[5049]}, 88) = 5049 [pid 5049] set_robust_list(0x7fa0468029a0, 24 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... set_robust_list resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] futex(0x7fa04dd016b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7fa04dd016bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... mkdir resumed>) = 0 [pid 5044] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] creat("./file0/file1", 000) = 4 [pid 5049] futex(0x7fa04dd016bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5043] <... exit_group resumed>) = ? [pid 5049] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555823730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555582b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555582b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x555555823730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555822690) = 5052 ./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x5555558226a0, 24) = 0 [pid 5052] chdir("./1") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] rt_sigaction(SIGRT_1, {sa_handler=0x7fa04dc8ce70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa04dc7e020}, NULL, 8) = 0 [pid 5052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa04dc03000 [pid 5052] mprotect(0x7fa04dc04000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa04dc23990, parent_tid=0x7fa04dc23990, exit_signal=0, stack=0x7fa04dc03000, stack_size=0x20300, tls=0x7fa04dc236c0} => {parent_tid=[5053]}, 88) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] rseq(0x7fa04dc23fe0, 0x20, 0, 0x53053053 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] <... rseq resumed>) = 0 [pid 5053] set_robust_list(0x7fa04dc239a0, 24 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fa04dd016ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa045803000 [ 88.898679][ T5053] syz-executor225[5053]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5053] munmap(0x7fa045803000, 16777216) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./bus", 0777) = 0 [ 89.218389][ T5053] loop0: detected capacity change from 0 to 32768 [ 89.240319][ T5053] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 89.248542][ T5053] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 89.259599][ T5053] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 89.268888][ T54] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 89.276117][ T54] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 89.329475][ T54] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 53ms [ 89.337256][ T54] gfs2: fsid=syz:syz.0: jid=0: Done [ 89.342520][ T5053] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5053] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./bus") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fa04dd016bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] mkdir("./file0", 000 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0467e2000 [pid 5052] mprotect(0x7fa0467e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa046802990, parent_tid=0x7fa046802990, exit_signal=0, stack=0x7fa0467e2000, stack_size=0x20300, tls=0x7fa0468026c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7fa046802fe0, 0x20, 0, 0x53053053) = 0 [pid 5053] <... mkdir resumed>) = 0 [pid 5052] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] futex(0x7fa04dd016b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fa04dd016bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] set_robust_list(0x7fa0468029a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] creat("./file0/file1", 000) = 4 [pid 5057] futex(0x7fa04dd016bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7fa04dd016b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = 0 [pid 5052] exit_group(0) = ? [pid 5053] <... futex resumed>) = ? [pid 5057] <... futex resumed>) = ? [pid 5053] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555823730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555582b770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555582b770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x555555823730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555822690) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x5555558226a0, 24) = 0 [pid 5058] chdir("./2") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7fa04dc8ce70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa04dc7e020}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa04dc03000 [pid 5058] mprotect(0x7fa04dc04000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa04dc23990, parent_tid=0x7fa04dc23990, exit_signal=0, stack=0x7fa04dc03000, stack_size=0x20300, tls=0x7fa04dc236c0} => {parent_tid=[5059]}, 88) = 5059 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7fa04dd016ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7fa04dc23fe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7fa04dc239a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa045803000 [ 89.755791][ T5059] syz-executor225[5059]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5059] munmap(0x7fa045803000, 16777216) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] mkdir("./bus", 0777) = 0 [ 90.072383][ T5059] loop0: detected capacity change from 0 to 32768 [ 90.084113][ T5059] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 90.092582][ T5059] gfs2: fsid=syz:syz: Now mounting FS (format 1802)... [ 90.103353][ T5059] gfs2: fsid=syz:syz.0: journal 0 mapped with 14 extents in 0ms [ 90.112356][ T1148] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 90.119204][ T1148] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 90.172061][ T1148] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 52ms [ 90.180053][ T1148] gfs2: fsid=syz:syz.0: jid=0: Done [ 90.185341][ T5059] gfs2: fsid=syz:syz.0: first mount done, others may mount [pid 5059] mount("/dev/loop0", "./bus", "gfs2", 0, "") = 0 [pid 5059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./bus") = 0 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [pid 5059] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5059] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7fa04dd016a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5059] mkdir("./file0", 000 [pid 5058] futex(0x7fa04dd016bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa0467e2000 [pid 5058] mprotect(0x7fa0467e3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa046802990, parent_tid=0x7fa046802990, exit_signal=0, stack=0x7fa0467e2000, stack_size=0x20300, tls=0x7fa0468026c0}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7fa046802fe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7fa0468029a0, 24 [pid 5058] <... clone3 resumed> => {parent_tid=[5063]}, 88) = 5063 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7fa04dd016b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] futex(0x7fa04dd016bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] creat("./file0/file1", 000 [pid 5059] <... mkdir resumed>) = 0 [pid 5059] futex(0x7fa04dd016ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7fa04dd016a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5058] futex(0x7fa04dd016bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 90.401129][ T5063] ------------[ cut here ]------------ [ 90.407062][ T5063] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff888075c05838, owner = 0x0, curr 0xffff88802548d940, list empty [ 90.426134][ T5063] WARNING: CPU: 0 PID: 5063 at kernel/locking/rwsem.c:1369 up_write+0x458/0x510 [ 90.435269][ T5063] Modules linked in: [ 90.439193][ T5063] CPU: 0 PID: 5063 Comm: syz-executor225 Not tainted 6.5.0-next-20230831-syzkaller #0 [ 90.450005][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 90.460187][ T5063] RIP: 0010:up_write+0x458/0x510 [ 90.465231][ T5063] Code: c1 ea 03 80 3c 02 00 75 50 48 8b 13 4d 89 f1 41 55 4d 89 f8 4c 89 e1 48 c7 c6 40 a2 8c 8a 48 c7 c7 60 a1 8c 8a e8 08 db e6 ff <0f> 0b 5a e9 aa fc ff ff 48 89 ef e8 f8 7b 76 00 e9 17 fd ff ff 48 [ 90.484925][ T5063] RSP: 0018:ffffc90003a0fac0 EFLAGS: 00010286 [ 90.491044][ T5063] RAX: 0000000000000000 RBX: ffff888075c05838 RCX: 0000000000000000 [ 90.499077][ T5063] RDX: ffff88802548d940 RSI: ffffffff814e0186 RDI: 0000000000000001 [ 90.507101][ T5063] RBP: ffff888075c05840 R08: 0000000000000001 R09: 0000000000000000 [ 90.515132][ T5063] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888075c05838 [ 90.523128][ T5063] R13: ffffffff8a8ca0a0 R14: ffff88802548d940 R15: 0000000000000000 [ 90.531227][ T5063] FS: 00007fa0468026c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 90.540232][ T5063] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5058] exit_group(0) = ? [pid 5059] <... futex resumed>) = ? [pid 5059] +++ exited with 0 +++ [ 90.546933][ T5063] CR2: 00007fa045880000 CR3: 00000000724fc000 CR4: 00000000003506f0 [ 90.554984][ T5063] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.563001][ T5063] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.571066][ T5063] Call Trace: [ 90.574380][ T5063] [ 90.577391][ T5063] ? show_regs+0x8f/0xa0 [ 90.581722][ T5063] ? __warn+0xe6/0x380 [ 90.585884][ T5063] ? up_write+0x458/0x510 [ 90.590494][ T5063] ? report_bug+0x3bc/0x580 [ 90.595079][ T5063] ? handle_bug+0x3c/0x70 [ 90.599653][ T5063] ? exc_invalid_op+0x17/0x40 [ 90.604345][ T5063] ? asm_exc_invalid_op+0x1a/0x20 [ 90.609463][ T5063] ? __warn_printk+0x1a6/0x350 [ 90.614263][ T5063] ? up_write+0x458/0x510 [ 90.618653][ T5063] path_openat+0x9f0/0x29c0 [ 90.623222][ T5063] ? path_lookupat+0x770/0x770 [ 90.628177][ T5063] do_filp_open+0x1de/0x430 [ 90.632728][ T5063] ? may_open_dev+0xf0/0xf0 [ 90.637297][ T5063] ? expand_files+0x442/0x910 [ 90.642050][ T5063] ? _raw_spin_unlock+0x28/0x40 [ 90.647054][ T5063] ? alloc_fd+0x2da/0x6c0 [ 90.651432][ T5063] do_sys_openat2+0x176/0x1e0 [ 90.656187][ T5063] ? build_open_flags+0x690/0x690 [ 90.661260][ T5063] ? ptrace_notify+0xf4/0x130 [ 90.666012][ T5063] ? reacquire_held_locks+0x4b0/0x4b0 [ 90.671544][ T5063] __x64_sys_creat+0xcd/0x120 [ 90.676302][ T5063] ? __x64_compat_sys_openat+0x200/0x200 [ 90.681986][ T5063] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 90.688059][ T5063] ? _raw_spin_unlock_irq+0x2e/0x50 [ 90.693344][ T5063] ? ptrace_notify+0xf4/0x130 [ 90.698090][ T5063] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 90.704394][ T5063] do_syscall_64+0x38/0xb0 [ 90.708937][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.714900][ T5063] RIP: 0033:0x7fa04dc66a59 [ 90.719347][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 90.739053][ T5063] RSP: 002b:00007fa046802218 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 90.747537][ T5063] RAX: ffffffffffffffda RBX: 00007fa04dd016b8 RCX: 00007fa04dc66a59 [ 90.755595][ T5063] RDX: 00007fa04dc40096 RSI: 0000000000000000 RDI: 0000000020000040 [ 90.763590][ T5063] RBP: 00007fa04dd016b0 R08: 00007ffd2ba73377 R09: 0000000000000000 [ 90.771627][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa04dcbb0c0 [ 90.779645][ T5063] R13: 0031656c69662f30 R14: 2f30656c69662f2e R15: 0030656c69662f2e [ 90.787676][ T5063] [ 90.790718][ T5063] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 90.798016][ T5063] CPU: 0 PID: 5063 Comm: syz-executor225 Not tainted 6.5.0-next-20230831-syzkaller #0 [ 90.807578][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 90.817652][ T5063] Call Trace: [ 90.820939][ T5063] [ 90.823914][ T5063] dump_stack_lvl+0xd9/0x1b0 [ 90.828540][ T5063] panic+0x6a6/0x750 [ 90.832457][ T5063] ? panic_smp_self_stop+0xa0/0xa0 [ 90.837592][ T5063] ? up_write+0x458/0x510 [ 90.841944][ T5063] check_panic_on_warn+0xab/0xb0 [ 90.846936][ T5063] __warn+0xf2/0x380 [ 90.850849][ T5063] ? up_write+0x458/0x510 [ 90.855205][ T5063] report_bug+0x3bc/0x580 [ 90.859572][ T5063] handle_bug+0x3c/0x70 [ 90.863745][ T5063] exc_invalid_op+0x17/0x40 [ 90.868266][ T5063] asm_exc_invalid_op+0x1a/0x20 [ 90.873130][ T5063] RIP: 0010:up_write+0x458/0x510 [ 90.878094][ T5063] Code: c1 ea 03 80 3c 02 00 75 50 48 8b 13 4d 89 f1 41 55 4d 89 f8 4c 89 e1 48 c7 c6 40 a2 8c 8a 48 c7 c7 60 a1 8c 8a e8 08 db e6 ff <0f> 0b 5a e9 aa fc ff ff 48 89 ef e8 f8 7b 76 00 e9 17 fd ff ff 48 [ 90.897718][ T5063] RSP: 0018:ffffc90003a0fac0 EFLAGS: 00010286 [ 90.903904][ T5063] RAX: 0000000000000000 RBX: ffff888075c05838 RCX: 0000000000000000 [ 90.911898][ T5063] RDX: ffff88802548d940 RSI: ffffffff814e0186 RDI: 0000000000000001 [ 90.919883][ T5063] RBP: ffff888075c05840 R08: 0000000000000001 R09: 0000000000000000 [ 90.927876][ T5063] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888075c05838 [ 90.935863][ T5063] R13: ffffffff8a8ca0a0 R14: ffff88802548d940 R15: 0000000000000000 [ 90.943862][ T5063] ? __warn_printk+0x1a6/0x350 [ 90.948753][ T5063] path_openat+0x9f0/0x29c0 [ 90.953329][ T5063] ? path_lookupat+0x770/0x770 [ 90.958129][ T5063] do_filp_open+0x1de/0x430 [ 90.962668][ T5063] ? may_open_dev+0xf0/0xf0 [ 90.967203][ T5063] ? expand_files+0x442/0x910 [ 90.971916][ T5063] ? _raw_spin_unlock+0x28/0x40 [ 90.976797][ T5063] ? alloc_fd+0x2da/0x6c0 [ 90.981179][ T5063] do_sys_openat2+0x176/0x1e0 [ 90.985878][ T5063] ? build_open_flags+0x690/0x690 [ 90.990950][ T5063] ? ptrace_notify+0xf4/0x130 [ 90.995651][ T5063] ? reacquire_held_locks+0x4b0/0x4b0 [ 91.001056][ T5063] __x64_sys_creat+0xcd/0x120 [ 91.005758][ T5063] ? __x64_compat_sys_openat+0x200/0x200 [ 91.011408][ T5063] ? trace_irq_enable.constprop.0+0xd0/0x100 [ 91.017412][ T5063] ? _raw_spin_unlock_irq+0x2e/0x50 [ 91.022642][ T5063] ? ptrace_notify+0xf4/0x130 [ 91.027337][ T5063] ? syscall_trace_enter.constprop.0+0xaf/0x1e0 [ 91.033604][ T5063] do_syscall_64+0x38/0xb0 [ 91.038040][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.043961][ T5063] RIP: 0033:0x7fa04dc66a59 [ 91.048421][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 91.068059][ T5063] RSP: 002b:00007fa046802218 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 91.076491][ T5063] RAX: ffffffffffffffda RBX: 00007fa04dd016b8 RCX: 00007fa04dc66a59 [ 91.084497][ T5063] RDX: 00007fa04dc40096 RSI: 0000000000000000 RDI: 0000000020000040 [ 91.092492][ T5063] RBP: 00007fa04dd016b0 R08: 00007ffd2ba73377 R09: 0000000000000000 [ 91.100483][ T5063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa04dcbb0c0 [ 91.108562][ T5063] R13: 0031656c69662f30 R14: 2f30656c69662f2e R15: 0030656c69662f2e [ 91.116563][ T5063] [ 91.119987][ T5063] Kernel Offset: disabled [ 91.124310][ T5063] Rebooting in 86400 seconds..