./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3260705767

<...>
Warning: Permanently added '10.128.1.97' (ED25519) to the list of known hosts.
execve("./syz-executor3260705767", ["./syz-executor3260705767"], 0x7ffd3356ada0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556f65000
brk(0x555556f65d40)                     = 0x555556f65d40
arch_prctl(ARCH_SET_FS, 0x555556f653c0) = 0
set_tid_address(0x555556f65690)         = 5016
set_robust_list(0x555556f656a0, 24)     = 0
rseq(0x555556f65ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3260705767", 4096) = 28
getrandom("\xf0\x78\x0c\xb4\x95\x60\x02\xe9", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555556f65d40
brk(0x555556f86d40)                     = 0x555556f86d40
brk(0x555556f87000)                     = 0x555556f87000
mprotect(0x7ff9046be000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
mkdir("./syzkaller.FTKYL8", 0700)       = 0
chmod("./syzkaller.FTKYL8", 0777)       = 0
chdir("./syzkaller.FTKYL8")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f65690) = 5017
./strace-static-x86_64: Process 5017 attached
[pid  5017] set_robust_list(0x555556f656a0, 24) = 0
[pid  5017] chdir("./0")                = 0
[pid  5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5017] setpgid(0, 0)               = 0
[pid  5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5017] write(3, "1000", 4)         = 4
[pid  5017] close(3)                    = 0
[pid  5017] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5017] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5017] rt_sigaction(SIGRT_1, {sa_handler=0x7ff90465cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff90464e1a0}, NULL, 8) = 0
[pid  5017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff9045d3000
[pid  5017] mprotect(0x7ff9045d4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff9045f3990, parent_tid=0x7ff9045f3990, exit_signal=0, stack=0x7ff9045d3000, stack_size=0x20300, tls=0x7ff9045f36c0}./strace-static-x86_64: Process 5019 attached
 <unfinished ...>
[pid  5019] rseq(0x7ff9045f3fe0, 0x20, 0, 0x53053053) = 0
[pid  5019] set_robust_list(0x7ff9045f39a0, 24) = 0
[pid  5019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5019] futex(0x7ff9046c46a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5017] <... clone3 resumed> => {parent_tid=[5019]}, 88) = 5019
[pid  5017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5017] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5019] <... futex resumed>)        = 0
[pid  5017] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5019] memfd_create("syzkaller", 0) = 3
[pid  5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff8fc1d3000
[   57.041917][ T5019] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5019 'syz-executor326'
[pid  5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5019] munmap(0x7ff8fc1d3000, 16777216) = 0
[pid  5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5019] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5019] close(3)                    = 0
[pid  5019] mkdir("./file0", 0777)      = 0
[pid  5019] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_MANDLOCK, "iocharset=macgaelic,quota,errors=remount-ro,grpquota,quota,integrity,errors=remount-ro,iocharset=mac"...) = 0
[pid  5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5019] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5019] close(4)                    = 0
[pid  5019] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5019] futex(0x7ff9046c46a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5017] <... futex resumed>)        = 0
[pid  5017] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5017] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5019] write(4, "2", 1)            = 1
[   57.225456][ T5019] loop0: detected capacity change from 0 to 32768
[   57.236260][ T5019] =======================================================
[   57.236260][ T5019] WARNING: The mand mount option has been deprecated and
[   57.236260][ T5019]          and is ignored by this kernel. Remove the mand
[   57.236260][ T5019]          option from the mount to silence this warning.
[   57.236260][ T5019] =======================================================
[   57.288435][ T5019] FAULT_INJECTION: forcing a failure.
[   57.288435][ T5019] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   57.302350][ T5019] CPU: 1 PID: 5019 Comm: syz-executor326 Not tainted 6.5.0-rc4-syzkaller-00009-g4b954598a47b #0
[   57.312793][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   57.322863][ T5019] Call Trace:
[   57.326131][ T5019]  <TASK>
[   57.329050][ T5019]  dump_stack_lvl+0x1e7/0x2d0
[   57.333739][ T5019]  ? nf_tcp_handle_invalid+0x650/0x650
[   57.339184][ T5019]  ? panic+0x770/0x770
[   57.343240][ T5019]  ? __lock_acquire+0x7f70/0x7f70
[   57.348262][ T5019]  should_fail_ex+0x3aa/0x4e0
[   57.352930][ T5019]  _copy_from_user+0x2f/0xe0
[   57.357596][ T5019]  __se_sys_mount+0x17d/0x3c0
[   57.362294][ T5019]  ? __x64_sys_mount+0xc0/0xc0
[   57.367047][ T5019]  ? syscall_enter_from_user_mode+0x32/0x230
[   57.373020][ T5019]  ? __x64_sys_mount+0x20/0xc0
[   57.377774][ T5019]  do_syscall_64+0x41/0xc0
[   57.382179][ T5019]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.388147][ T5019] RIP: 0033:0x7ff904636bd9
[   57.392552][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.412414][ T5019] RSP: 002b:00007ff9045f3208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   57.420840][ T5019] RAX: ffffffffffffffda RBX: 00007ff9046c46a8 RCX: 00007ff904636bd9
[   57.428804][ T5019] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
[pid  5019] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_MOVE|MS_KERNMOUNT, "" <unfinished ...>
[pid  5017] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5019] <... mount resumed>)        = 0
[pid  5019] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5017] exit_group(0)               = ?
[pid  5019] +++ exited with 0 +++
[pid  5017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556f66730 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
[   57.436855][ T5019] RBP: 00007ff9046c46a0 R08: 0000000020000000 R09: 0000000000000032
[   57.444818][ T5019] R10: 0000000000402020 R11: 0000000000000246 R12: 00007ff9045f3210
[   57.452784][ T5019] R13: 0000000000000001 R14: 6573726168636f69 R15: 0030656c69662f2e
[   57.460760][ T5019]  </TASK>
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556f6e770 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556f6e770 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555556f66730 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f65690) = 5020
./strace-static-x86_64: Process 5020 attached
[pid  5020] set_robust_list(0x555556f656a0, 24) = 0
[pid  5020] chdir("./1")                = 0
[pid  5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5020] setpgid(0, 0)               = 0
[pid  5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5020] write(3, "1000", 4)         = 4
[pid  5020] close(3)                    = 0
[pid  5020] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5020] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] rt_sigaction(SIGRT_1, {sa_handler=0x7ff90465cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff90464e1a0}, NULL, 8) = 0
[pid  5020] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff9045d3000
[pid  5020] mprotect(0x7ff9045d4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5020] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5020] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff9045f3990, parent_tid=0x7ff9045f3990, exit_signal=0, stack=0x7ff9045d3000, stack_size=0x20300, tls=0x7ff9045f36c0}./strace-static-x86_64: Process 5021 attached
 => {parent_tid=[5021]}, 88) = 5021
[pid  5021] rseq(0x7ff9045f3fe0, 0x20, 0, 0x53053053) = 0
[pid  5021] set_robust_list(0x7ff9045f39a0, 24) = 0
[pid  5021] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5020] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5021] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5020] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5020] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5021] memfd_create("syzkaller", 0) = 3
[pid  5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff8fc1d3000
[pid  5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5021] munmap(0x7ff8fc1d3000, 16777216) = 0
[pid  5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5021] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5021] close(3)                    = 0
[pid  5021] mkdir("./file0", 0777)      = 0
[pid  5021] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_MANDLOCK, "iocharset=macgaelic,quota,errors=remount-ro,grpquota,quota,integrity,errors=remount-ro,iocharset=mac"...) = 0
[pid  5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5021] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5021] close(4)                    = 0
[pid  5021] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5021] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid  5020] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5021] <... openat resumed>)       = 4
[pid  5020] <... futex resumed>)        = 0
[pid  5020] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5021] write(4, "2", 1)            = 1
[   57.742069][ T5021] loop0: detected capacity change from 0 to 32768
[   57.765594][ T5021] FAULT_INJECTION: forcing a failure.
[   57.765594][ T5021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   57.778895][ T5021] CPU: 0 PID: 5021 Comm: syz-executor326 Not tainted 6.5.0-rc4-syzkaller-00009-g4b954598a47b #0
[   57.789594][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   57.799672][ T5021] Call Trace:
[   57.802956][ T5021]  <TASK>
[   57.805904][ T5021]  dump_stack_lvl+0x1e7/0x2d0
[   57.810639][ T5021]  ? nf_tcp_handle_invalid+0x650/0x650
[   57.816093][ T5021]  ? panic+0x770/0x770
[   57.820159][ T5021]  ? __lock_acquire+0x7f70/0x7f70
[   57.825191][ T5021]  should_fail_ex+0x3aa/0x4e0
[   57.829882][ T5021]  _copy_from_user+0x2f/0xe0
[   57.835008][ T5021]  __se_sys_mount+0x17d/0x3c0
[   57.839701][ T5021]  ? __x64_sys_mount+0xc0/0xc0
[   57.844471][ T5021]  ? syscall_enter_from_user_mode+0x32/0x230
[   57.850456][ T5021]  ? __x64_sys_mount+0x20/0xc0
[   57.855232][ T5021]  do_syscall_64+0x41/0xc0
[   57.859642][ T5021]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.865539][ T5021] RIP: 0033:0x7ff904636bd9
[   57.869959][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[pid  5021] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_MOVE|MS_KERNMOUNT, "" <unfinished ...>
[pid  5020] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5021] <... mount resumed>)        = 0
[pid  5021] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] exit_group(0)               = ?
[pid  5021] +++ exited with 0 +++
[pid  5020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556f66730 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
[   57.889571][ T5021] RSP: 002b:00007ff9045f3208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   57.898008][ T5021] RAX: ffffffffffffffda RBX: 00007ff9046c46a8 RCX: 00007ff904636bd9
[   57.905974][ T5021] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
[   57.913941][ T5021] RBP: 00007ff9046c46a0 R08: 0000000020000000 R09: 0000000000000032
[   57.921925][ T5021] R10: 0000000000402020 R11: 0000000000000246 R12: 00007ff9045f3210
[   57.929907][ T5021] R13: 0000000000000001 R14: 6573726168636f69 R15: 0030656c69662f2e
[   57.937894][ T5021]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556f6e770 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556f6e770 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555556f66730 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f65690) = 5022
./strace-static-x86_64: Process 5022 attached
[pid  5022] set_robust_list(0x555556f656a0, 24) = 0
[pid  5022] chdir("./2")                = 0
[pid  5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5022] setpgid(0, 0)               = 0
[pid  5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5022] write(3, "1000", 4)         = 4
[pid  5022] close(3)                    = 0
[pid  5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5022] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5022] rt_sigaction(SIGRT_1, {sa_handler=0x7ff90465cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff90464e1a0}, NULL, 8) = 0
[pid  5022] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff9045d3000
[pid  5022] mprotect(0x7ff9045d4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5022] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5022] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff9045f3990, parent_tid=0x7ff9045f3990, exit_signal=0, stack=0x7ff9045d3000, stack_size=0x20300, tls=0x7ff9045f36c0}./strace-static-x86_64: Process 5023 attached
 <unfinished ...>
[pid  5023] rseq(0x7ff9045f3fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5022] <... clone3 resumed> => {parent_tid=[5023]}, 88) = 5023
[pid  5023] <... rseq resumed>)         = 0
[pid  5022] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5023] set_robust_list(0x7ff9045f39a0, 24 <unfinished ...>
[pid  5022] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5023] <... set_robust_list resumed>) = 0
[pid  5022] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5023] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5022] <... futex resumed>)        = 0
[pid  5023] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5022] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5023] memfd_create("syzkaller", 0) = 3
[pid  5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff8fc1d3000
[pid  5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5023] munmap(0x7ff8fc1d3000, 16777216) = 0
[pid  5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5023] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5023] close(3)                    = 0
[pid  5023] mkdir("./file0", 0777)      = 0
[pid  5023] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_MANDLOCK, "iocharset=macgaelic,quota,errors=remount-ro,grpquota,quota,integrity,errors=remount-ro,iocharset=mac"...) = 0
[pid  5023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5023] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5023] close(4)                    = 0
[pid  5023] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5023] futex(0x7ff9046c46a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5022] <... futex resumed>)        = 0
[pid  5022] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5022] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5023] <... futex resumed>)        = 0
[pid  5023] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid  5023] write(4, "2", 1)            = 1
[pid  5023] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_MOVE|MS_KERNMOUNT, "") = 0
[pid  5023] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5022] <... futex resumed>)        = 0
[pid  5022] exit_group(0)               = ?
[pid  5023] <... futex resumed>)        = ?
[pid  5023] +++ exited with 0 +++
[pid  5022] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556f66730 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556f6e770 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556f6e770 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555556f66730 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
[   58.205779][ T5023] loop0: detected capacity change from 0 to 32768
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f65690) = 5024
./strace-static-x86_64: Process 5024 attached
[pid  5024] set_robust_list(0x555556f656a0, 24) = 0
[pid  5024] chdir("./3")                = 0
[pid  5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5024] setpgid(0, 0)               = 0
[pid  5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1000", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5024] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] rt_sigaction(SIGRT_1, {sa_handler=0x7ff90465cff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff90464e1a0}, NULL, 8) = 0
[pid  5024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff9045d3000
[pid  5024] mprotect(0x7ff9045d4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff9045f3990, parent_tid=0x7ff9045f3990, exit_signal=0, stack=0x7ff9045d3000, stack_size=0x20300, tls=0x7ff9045f36c0} => {parent_tid=[5025]}, 88) = 5025
[pid  5024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5024] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached
 <unfinished ...>
[pid  5025] rseq(0x7ff9045f3fe0, 0x20, 0, 0x53053053) = 0
[pid  5025] set_robust_list(0x7ff9045f39a0, 24) = 0
[pid  5025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5025] memfd_create("syzkaller", 0) = 3
[pid  5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff8fc1d3000
[pid  5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5025] munmap(0x7ff8fc1d3000, 16777216) = 0
[pid  5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5025] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5025] close(3)                    = 0
[pid  5025] mkdir("./file0", 0777)      = 0
[pid  5025] mount("/dev/loop0", "./file0", "jfs", MS_RDONLY|MS_MANDLOCK, "iocharset=macgaelic,quota,errors=remount-ro,grpquota,quota,integrity,errors=remount-ro,iocharset=mac"...) = 0
[pid  5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5025] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5025] close(4)                    = 0
[pid  5025] futex(0x7ff9046c46ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] <... futex resumed>)        = 0
[pid  5025] futex(0x7ff9046c46a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5024] futex(0x7ff9046c46a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5025] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5025] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR <unfinished ...>
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7ff9046c46ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5025] <... openat resumed>)       = 4
[pid  5025] write(4, "2", 1)            = 1
[   58.502215][ T5025] loop0: detected capacity change from 0 to 32768
[   58.528334][ T5025] FAULT_INJECTION: forcing a failure.
[   58.528334][ T5025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.541789][ T5025] CPU: 0 PID: 5025 Comm: syz-executor326 Not tainted 6.5.0-rc4-syzkaller-00009-g4b954598a47b #0
[pid  5025] mount(NULL, "./file0", NULL, MS_REMOUNT|MS_MOVE|MS_KERNMOUNT, "" <unfinished ...>
[pid  5024] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   58.552323][ T5025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   58.562377][ T5025] Call Trace:
[   58.565649][ T5025]  <TASK>
[   58.568565][ T5025]  dump_stack_lvl+0x1e7/0x2d0
[   58.573232][ T5025]  ? nf_tcp_handle_invalid+0x650/0x650
[   58.578687][ T5025]  ? panic+0x770/0x770
[   58.582757][ T5025]  ? __lock_acquire+0x7f70/0x7f70
[   58.587783][ T5025]  should_fail_ex+0x3aa/0x4e0
[   58.592459][ T5025]  _copy_from_user+0x2f/0xe0
[   58.597044][ T5025]  __se_sys_mount+0x17d/0x3c0
[   58.601721][ T5025]  ? __x64_sys_mount+0xc0/0xc0
[   58.606511][ T5025]  ? syscall_enter_from_user_mode+0x32/0x230
[   58.612507][ T5025]  ? __x64_sys_mount+0x20/0xc0
[   58.617270][ T5025]  do_syscall_64+0x41/0xc0
[   58.621683][ T5025]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.627598][ T5025] RIP: 0033:0x7ff904636bd9
[   58.632012][ T5025] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   58.651792][ T5025] RSP: 002b:00007ff9045f3208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   58.660207][ T5025] RAX: ffffffffffffffda RBX: 00007ff9046c46a8 RCX: 00007ff904636bd9
[   58.668212][ T5025] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
[   58.676196][ T5025] RBP: 00007ff9046c46a0 R08: 0000000020000000 R09: 0000000000000032
[   58.684161][ T5025] R10: 0000000000402020 R11: 0000000000000246 R12: 00007ff9045f3210
[   58.692159][ T5025] R13: 0000000000000001 R14: 6573726168636f69 R15: 0030656c69662f2e
[   58.700159][ T5025]  </TASK>
[pid  5024] exit_group(0)               = ?
[pid  5025] <... mount resumed>)        = ?
[pid  5025] +++ exited with 0 +++
[pid  5024] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5024, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555556f66730 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
[   58.707142][ T5025] read_mapping_page failed!
[   58.711932][ T5025] jfs_mount_rw: diMount failed!
[   58.725930][ T5016] ------------[ cut here ]------------
[   58.731611][ T5016] WARNING: CPU: 1 PID: 5016 at mm/slab_common.c:953 free_large_kmalloc+0x3d/0x190
[   58.741295][ T5016] Modules linked in:
[   58.745177][ T5016] CPU: 1 PID: 5016 Comm: syz-executor326 Not tainted 6.5.0-rc4-syzkaller-00009-g4b954598a47b #0
[   58.755623][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   58.765896][ T5016] RIP: 0010:free_large_kmalloc+0x3d/0x190
[   58.771757][ T5016] Code: 48 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 4e 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 00 00 01 00 75 25 <0f> 0b 31 db 80 3d 0c d4 b9 0c 00 75 21 c6 05 03 d4 b9 0c 01 48 c7
[   58.791433][ T5016] RSP: 0018:ffffc900038ffb08 EFLAGS: 00010246
[   58.797527][ T5016] RAX: ffffea0001da2008 RBX: ffff888075c11f70 RCX: ffffea0001da2008
[   58.805560][ T5016] RDX: ffffea0000000000 RSI: ffff88807ca20000 RDI: ffffea0001f28800
[   58.813595][ T5016] RBP: ffff88802c72fc30 R08: ffffffff813d86bc R09: 1ffffffff1d30c35
[   58.821648][ T5016] R10: dffffc0000000000 R11: fffffbfff1d30c36 R12: ffff888075c12020
[   58.829640][ T5016] R13: dffffc0000000000 R14: ffff88807ca20000 R15: ffffea0001f28800
[   58.837661][ T5016] FS:  0000555556f653c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   58.846624][ T5016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.853254][ T5016] CR2: 00007ffe99c94d28 CR3: 0000000074eea000 CR4: 00000000003506e0
[   58.861286][ T5016] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   58.869263][ T5016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   58.877283][ T5016] Call Trace:
[   58.880604][ T5016]  <TASK>
[   58.883541][ T5016]  ? __warn+0x162/0x4a0
[   58.887689][ T5016]  ? free_large_kmalloc+0x3d/0x190
[   58.892865][ T5016]  ? report_bug+0x2b3/0x500
[   58.897392][ T5016]  ? free_large_kmalloc+0x3d/0x190
[   58.902575][ T5016]  ? handle_bug+0x3d/0x70
[   58.906940][ T5016]  ? exc_invalid_op+0x1a/0x50
[   58.911718][ T5016]  ? asm_exc_invalid_op+0x1a/0x20
[   58.916779][ T5016]  ? __phys_addr+0xac/0x170
[   58.921552][ T5016]  ? free_large_kmalloc+0x3d/0x190
[   58.926785][ T5016]  ? __phys_addr+0xba/0x170
[   58.931378][ T5016]  diUnmount+0xf3/0x100
[   58.935687][ T5016]  jfs_umount+0x186/0x3a0
[   58.940052][ T5016]  jfs_put_super+0x8a/0x190
[   58.944704][ T5016]  ? jfs_free_inode+0x30/0x30
[   58.949411][ T5016]  generic_shutdown_super+0x134/0x340
[   58.954852][ T5016]  kill_block_super+0x68/0xa0
[   58.959677][ T5016]  deactivate_locked_super+0xa4/0x110
[   58.965248][ T5016]  cleanup_mnt+0x426/0x4c0
[   58.969731][ T5016]  ? _raw_spin_unlock_irq+0x23/0x50
[   58.975012][ T5016]  task_work_run+0x24a/0x300
[   58.979614][ T5016]  ? dput+0x3a1/0x420
[   58.983939][ T5016]  ? task_work_cancel+0x2b0/0x2b0
[   58.989155][ T5016]  ? __x64_sys_umount+0x126/0x170
[   58.994268][ T5016]  ptrace_notify+0x2cd/0x380
[   58.998877][ T5016]  ? do_notify_parent+0xf50/0xf50
[   59.004089][ T5016]  ? user_path_at_empty+0x12f/0x180
[   59.009565][ T5016]  ? __x64_sys_umount+0x126/0x170
[   59.014740][ T5016]  ? path_umount+0xf40/0xf40
[   59.019467][ T5016]  ? syscall_enter_from_user_mode+0x32/0x230
[   59.025615][ T5016]  syscall_exit_to_user_mode+0x157/0x280
[   59.031369][ T5016]  do_syscall_64+0x4d/0xc0
[   59.035806][ T5016]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.041843][ T5016] RIP: 0033:0x7ff904637e37
[   59.046481][ T5016] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   59.066499][ T5016] RSP: 002b:00007ffe99c954d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   59.075070][ T5016] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff904637e37
[   59.083110][ T5016] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe99c95590
[   59.091167][ T5016] RBP: 00007ffe99c95590 R08: 0000000000000000 R09: 0000000000000000
[   59.099153][ T5016] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe99c96650
[   59.107206][ T5016] R13: 0000555556f66700 R14: 00007ffe99c965f4 R15: 00007ffe99c96670
[   59.115342][ T5016]  </TASK>
[   59.118523][ T5016] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   59.125815][ T5016] CPU: 1 PID: 5016 Comm: syz-executor326 Not tainted 6.5.0-rc4-syzkaller-00009-g4b954598a47b #0
[   59.136233][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
[   59.146277][ T5016] Call Trace:
[   59.149562][ T5016]  <TASK>
[   59.152480][ T5016]  dump_stack_lvl+0x1e7/0x2d0
[   59.157178][ T5016]  ? nf_tcp_handle_invalid+0x650/0x650
[   59.162625][ T5016]  ? panic+0x770/0x770
[   59.166685][ T5016]  ? vscnprintf+0x5d/0x80
[   59.171015][ T5016]  panic+0x30f/0x770
[   59.174943][ T5016]  ? __warn+0x171/0x4a0
[   59.179117][ T5016]  ? __memcpy_flushcache+0x2b0/0x2b0
[   59.184436][ T5016]  __warn+0x314/0x4a0
[   59.188425][ T5016]  ? free_large_kmalloc+0x3d/0x190
[   59.193531][ T5016]  report_bug+0x2b3/0x500
[   59.197845][ T5016]  ? free_large_kmalloc+0x3d/0x190
[   59.202943][ T5016]  handle_bug+0x3d/0x70
[   59.207084][ T5016]  exc_invalid_op+0x1a/0x50
[   59.211593][ T5016]  asm_exc_invalid_op+0x1a/0x20
[   59.216527][ T5016] RIP: 0010:free_large_kmalloc+0x3d/0x190
[   59.222239][ T5016] Code: 48 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 4e 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 00 00 01 00 75 25 <0f> 0b 31 db 80 3d 0c d4 b9 0c 00 75 21 c6 05 03 d4 b9 0c 01 48 c7
[   59.241837][ T5016] RSP: 0018:ffffc900038ffb08 EFLAGS: 00010246
[   59.247943][ T5016] RAX: ffffea0001da2008 RBX: ffff888075c11f70 RCX: ffffea0001da2008
[   59.255909][ T5016] RDX: ffffea0000000000 RSI: ffff88807ca20000 RDI: ffffea0001f28800
[   59.263871][ T5016] RBP: ffff88802c72fc30 R08: ffffffff813d86bc R09: 1ffffffff1d30c35
[   59.271835][ T5016] R10: dffffc0000000000 R11: fffffbfff1d30c36 R12: ffff888075c12020
[   59.279799][ T5016] R13: dffffc0000000000 R14: ffff88807ca20000 R15: ffffea0001f28800
[   59.287771][ T5016]  ? __phys_addr+0xac/0x170
[   59.292279][ T5016]  ? __phys_addr+0xba/0x170
[   59.296777][ T5016]  diUnmount+0xf3/0x100
[   59.300968][ T5016]  jfs_umount+0x186/0x3a0
[   59.305308][ T5016]  jfs_put_super+0x8a/0x190
[   59.309804][ T5016]  ? jfs_free_inode+0x30/0x30
[   59.314480][ T5016]  generic_shutdown_super+0x134/0x340
[   59.319870][ T5016]  kill_block_super+0x68/0xa0
[   59.324563][ T5016]  deactivate_locked_super+0xa4/0x110
[   59.329935][ T5016]  cleanup_mnt+0x426/0x4c0
[   59.334367][ T5016]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.339567][ T5016]  task_work_run+0x24a/0x300
[   59.344170][ T5016]  ? dput+0x3a1/0x420
[   59.348148][ T5016]  ? task_work_cancel+0x2b0/0x2b0
[   59.353169][ T5016]  ? __x64_sys_umount+0x126/0x170
[   59.358188][ T5016]  ptrace_notify+0x2cd/0x380
[   59.362866][ T5016]  ? do_notify_parent+0xf50/0xf50
[   59.367882][ T5016]  ? user_path_at_empty+0x12f/0x180
[   59.373076][ T5016]  ? __x64_sys_umount+0x126/0x170
[   59.378093][ T5016]  ? path_umount+0xf40/0xf40
[   59.382678][ T5016]  ? syscall_enter_from_user_mode+0x32/0x230
[   59.388661][ T5016]  syscall_exit_to_user_mode+0x157/0x280
[   59.394299][ T5016]  do_syscall_64+0x4d/0xc0
[   59.398709][ T5016]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.404603][ T5016] RIP: 0033:0x7ff904637e37
[   59.409009][ T5016] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   59.428619][ T5016] RSP: 002b:00007ffe99c954d8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[   59.437029][ T5016] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff904637e37
[   59.444996][ T5016] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe99c95590
[   59.452958][ T5016] RBP: 00007ffe99c95590 R08: 0000000000000000 R09: 0000000000000000
[   59.460924][ T5016] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe99c96650
[   59.468890][ T5016] R13: 0000555556f66700 R14: 00007ffe99c965f4 R15: 00007ffe99c96670
[   59.476865][ T5016]  </TASK>
[   59.480112][ T5016] Kernel Offset: disabled
[   59.484501][ T5016] Rebooting in 86400 seconds..