./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1396373507 <...> Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. execve("./syz-executor1396373507", ["./syz-executor1396373507"], 0x7fff949bba00 /* 10 vars */) = 0 brk(NULL) = 0x55555acdb000 brk(0x55555acdbd00) = 0x55555acdbd00 arch_prctl(ARCH_SET_FS, 0x55555acdb380) = 0 set_tid_address(0x55555acdb650) = 5822 set_robust_list(0x55555acdb660, 24) = 0 rseq(0x55555acdbca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1396373507", 4096) = 28 getrandom("\xfb\x59\xe8\xe1\x16\x6d\xe7\x41", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555acdbd00 brk(0x55555acfcd00) = 0x55555acfcd00 brk(0x55555acfd000) = 0x55555acfd000 mprotect(0x7f3bf038a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached [pid 5823] set_robust_list(0x55555acdb660, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555acdb650) = 5823 [pid 5823] <... set_robust_list resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached [pid 5823] mkdir("./syzkaller.t4yZrZ", 0700 [pid 5822] <... clone resumed>, child_tidptr=0x55555acdb650) = 5824 [pid 5824] set_robust_list(0x55555acdb660, 24 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] <... set_robust_list resumed>) = 0 [pid 5823] <... mkdir resumed>) = 0 [pid 5824] mkdir("./syzkaller.OKS2gO", 0700 [pid 5823] chmod("./syzkaller.t4yZrZ", 0777./strace-static-x86_64: Process 5825 attached ) = 0 [pid 5825] set_robust_list(0x55555acdb660, 24 [pid 5824] <... mkdir resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555acdb650) = 5825 [pid 5825] <... set_robust_list resumed>) = 0 [pid 5824] chmod("./syzkaller.OKS2gO", 0777 [pid 5823] chdir("./syzkaller.t4yZrZ" [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5825] mkdir("./syzkaller.7Ub3gi", 0700 [pid 5824] <... chmod resumed>) = 0 [pid 5823] <... chdir resumed>) = 0 [pid 5824] chdir("./syzkaller.OKS2gO" [pid 5823] mkdir("./0", 0777./strace-static-x86_64: Process 5826 attached [pid 5822] <... clone resumed>, child_tidptr=0x55555acdb650) = 5826 [pid 5825] <... mkdir resumed>) = 0 [pid 5824] <... chdir resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] set_robust_list(0x55555acdb660, 24 [pid 5825] chmod("./syzkaller.7Ub3gi", 0777 [pid 5824] mkdir("./0", 0777 [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] <... chmod resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 [pid 5823] <... mkdir resumed>) = 0 [pid 5826] mkdir("./syzkaller.ZtAdiI", 0700 [pid 5825] chdir("./syzkaller.7Ub3gi") = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5827 attached [pid 5825] mkdir("./0", 0777 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] <... openat resumed>) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555acdb650) = 5827 [pid 5827] set_robust_list(0x55555acdb660, 24 [pid 5825] <... mkdir resumed>) = 0 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5823] ioctl(3, LOOP_CLR_FD [pid 5827] mkdir("./syzkaller.mk2dqX", 0700 [pid 5826] <... mkdir resumed>) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5824] <... openat resumed>) = 3 [pid 5823] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5826] chmod("./syzkaller.ZtAdiI", 0777 [pid 5825] <... openat resumed>) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD [pid 5823] close(3 [pid 5827] <... mkdir resumed>) = 0 [pid 5826] <... chmod resumed>) = 0 [pid 5827] chmod("./syzkaller.mk2dqX", 0777 [pid 5825] ioctl(3, LOOP_CLR_FD [pid 5824] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5823] <... close resumed>) = 0 [pid 5826] chdir("./syzkaller.ZtAdiI" [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5827] <... chmod resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached [pid 5826] <... chdir resumed>) = 0 [pid 5825] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5827] chdir("./syzkaller.mk2dqX" [pid 5828] set_robust_list(0x55555acdb660, 24 [pid 5826] mkdir("./0", 0777./strace-static-x86_64: Process 5829 attached [pid 5828] <... set_robust_list resumed>) = 0 [pid 5827] <... chdir resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5825] close(3 [pid 5828] chdir("./0" [pid 5827] mkdir("./0", 0777 [pid 5824] <... clone resumed>, child_tidptr=0x55555acdb650) = 5829 [pid 5823] <... clone resumed>, child_tidptr=0x55555acdb650) = 5828 [pid 5829] set_robust_list(0x55555acdb660, 24) = 0 [pid 5829] chdir("./0" [pid 5828] <... chdir resumed>) = 0 [pid 5827] <... mkdir resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5825] <... close resumed>) = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] <... chdir resumed>) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... prctl resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4 [pid 5829] write(3, "1000", 4 [pid 5828] <... write resumed>) = 4 ./strace-static-x86_64: Process 5830 attached [pid 5829] <... write resumed>) = 4 [pid 5828] close(3 [pid 5827] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5830] set_robust_list(0x55555acdb660, 24 [pid 5829] close(3 [pid 5828] <... close resumed>) = 0 [pid 5827] <... openat resumed>) = 3 [pid 5826] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] <... set_robust_list resumed>) = 0 [pid 5826] close(3 [pid 5825] <... clone resumed>, child_tidptr=0x55555acdb650) = 5830 [pid 5830] chdir("./0" [pid 5827] ioctl(3, LOOP_CLR_FD [pid 5826] <... close resumed>) = 0 [pid 5830] <... chdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs" [pid 5827] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5832 attached [pid 5830] <... prctl resumed>) = 0 [pid 5827] close(3 [pid 5830] setpgid(0, 0 [pid 5827] <... close resumed>) = 0 [pid 5830] <... setpgid resumed>) = 0 [pid 5829] write(1, "executing program\n", 18 [pid 5828] write(1, "executing program\n", 18 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program executing program ./strace-static-x86_64: Process 5833 attached [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... write resumed>) = 18 [pid 5828] <... write resumed>) = 18 [pid 5832] set_robust_list(0x55555acdb660, 24 [pid 5830] <... openat resumed>) = 3 [pid 5829] memfd_create("syzkaller", 0 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5830] write(3, "1000", 4 [pid 5828] memfd_create("syzkaller", 0 [pid 5833] set_robust_list(0x55555acdb660, 24 [pid 5832] chdir("./0" [pid 5830] <... write resumed>) = 4 [pid 5829] <... memfd_create resumed>) = 3 [pid 5828] <... memfd_create resumed>) = 3 [pid 5826] <... clone resumed>, child_tidptr=0x55555acdb650) = 5832 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5830] close(3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] chdir("./0" [pid 5832] <... chdir resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... mmap resumed>) = 0x7f3be7e00000 [pid 5828] <... mmap resumed>) = 0x7f3be7e00000 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5830] symlink("/dev/binderfs", "./binderfs" [pid 5827] <... clone resumed>, child_tidptr=0x55555acdb650) = 5833 [pid 5832] <... prctl resumed>) = 0 [pid 5830] <... symlink resumed>) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5830] write(1, "executing program\n", 18executing program [pid 5832] <... openat resumed>) = 3 [pid 5830] <... write resumed>) = 18 [pid 5830] memfd_create("syzkaller", 0 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... memfd_create resumed>) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5832] <... symlink resumed>) = 0 [pid 5830] <... mmap resumed>) = 0x7f3be7e00000 [pid 5833] <... chdir resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... prctl resumed>) = 0 [pid 5832] <... mmap resumed>) = 0x7f3be7e00000 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3be7e00000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5830] <... write resumed>) = 16777216 [pid 5832] <... write resumed>) = 16777216 [pid 5830] munmap(0x7f3be7e00000, 138412032 [pid 5832] munmap(0x7f3be7e00000, 138412032 [pid 5828] <... write resumed>) = 16777216 [pid 5832] <... munmap resumed>) = 0 [pid 5830] <... munmap resumed>) = 0 [pid 5828] munmap(0x7f3be7e00000, 138412032 [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5832] <... openat resumed>) = 4 [pid 5830] <... openat resumed>) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3 [pid 5830] ioctl(4, LOOP_SET_FD, 3 [pid 5829] <... write resumed>) = 16777216 [pid 5829] munmap(0x7f3be7e00000, 138412032 [pid 5830] <... ioctl resumed>) = 0 [pid 5828] <... munmap resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5830] close(3 [pid 5829] <... munmap resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file1", 0777) = 0 [pid 5832] close(3 [pid 5830] mount("/dev/loop2", "./file1", "jfs", MS_NODIRATIME|MS_SILENT, "nodiscard,quota,iocharset=cp950,grpquota,quota,noquota,nointegrity" [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5833] <... write resumed>) = 16777216 [pid 5832] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5832] close(4 [pid 5828] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... close resumed>) = 0 [ 88.125330][ T5830] loop2: detected capacity change from 0 to 32768 [ 88.133704][ T5832] loop3: detected capacity change from 0 to 32768 [pid 5833] munmap(0x7f3be7e00000, 138412032 [pid 5832] mkdir("./file1", 0777 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5832] <... mkdir resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3 [pid 5832] mount("/dev/loop3", "./file1", "jfs", MS_NODIRATIME|MS_SILENT, "nodiscard,quota,iocharset=cp950,grpquota,quota,noquota,nointegrity" [pid 5828] <... ioctl resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file1") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] exit_group(0) = ? [pid 5828] close(3 [pid 5830] +++ exited with 0 +++ [pid 5825] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=26 /* 0.26 s */} --- [pid 5825] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5825] newfstatat(3, "", [pid 5828] <... close resumed>) = 0 [pid 5825] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(4) = 0 [pid 5825] getdents64(3, [pid 5829] <... ioctl resumed>) = 0 [pid 5828] mkdir("./file1", 0777 [pid 5825] <... getdents64 resumed>0x55555acdc6f0 /* 4 entries */, 32768) = 112 [pid 5829] close(3 [pid 5825] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... mount resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] <... mkdir resumed>) = 0 [ 88.185694][ T5828] loop0: detected capacity change from 0 to 32768 [ 88.203661][ T5829] loop1: detected capacity change from 0 to 32768 [pid 5832] chdir("./file1" [pid 5833] <... munmap resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5829] close(4 [pid 5828] mount("/dev/loop0", "./file1", "jfs", MS_NODIRATIME|MS_SILENT, "nodiscard,quota,iocharset=cp950,grpquota,quota,noquota,nointegrity" [pid 5832] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... close resumed>) = 0 [pid 5829] mkdir("./file1", 0777 [pid 5832] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... mkdir resumed>) = 0 [pid 5825] <... umount2 resumed>) = 0 [pid 5832] exit_group(0 [pid 5825] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5832] <... exit_group resumed>) = ? [pid 5825] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5825] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(4, 0x55555ace4730 /* 2 entries */, 32768) = 48 [pid 5825] getdents64(4, 0x55555ace4730 /* 0 entries */, 32768) = 0 [pid 5825] close(4) = 0 [pid 5825] rmdir("./0/file1") = 0 [pid 5832] +++ exited with 0 +++ [pid 5829] mount("/dev/loop1", "./file1", "jfs", MS_NODIRATIME|MS_SILENT, "nodiscard,quota,iocharset=cp950,grpquota,quota,noquota,nointegrity" [pid 5833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... mount resumed>) = 0 [pid 5826] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- [pid 5825] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5826] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5826] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5826] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5833] <... openat resumed>) = 4 [pid 5828] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5833] ioctl(4, LOOP_SET_FD, 3 [pid 5828] chdir("./file1" [pid 5826] newfstatat(3, "", [pid 5825] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... chdir resumed>) = 0 [pid 5826] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5826] getdents64(3, [pid 5825] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5826] <... getdents64 resumed>0x55555acdc6f0 /* 4 entries */, 32768) = 112 [pid 5825] unlink("./0/binderfs" [pid 5826] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5825] <... unlink resumed>) = 0 [pid 5825] getdents64(3, 0x55555acdc6f0 /* 0 entries */, 32768) = 0 [pid 5828] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5825] close(3 [pid 5828] exit_group(0 [pid 5825] <... close resumed>) = 0 [pid 5828] <... exit_group resumed>) = ? [pid 5825] rmdir("./0") = 0 [pid 5828] +++ exited with 0 +++ [pid 5825] mkdir("./1", 0777 [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...> [pid 5825] <... mkdir resumed>) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5823] <... restart_syscall resumed>) = 0 [pid 5825] <... openat resumed>) = 3 [pid 5825] ioctl(3, LOOP_CLR_FD [pid 5823] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5833] <... ioctl resumed>) = 0 [pid 5825] <... ioctl resumed>) = 0 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] close(3 [pid 5823] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5825] <... close resumed>) = 0 [pid 5823] <... openat resumed>) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] getdents64(3, [pid 5829] <... mount resumed>) = 0 [pid 5823] <... getdents64 resumed>0x55555acdc6f0 /* 4 entries */, 32768) = 112 [ 88.292907][ T5833] loop4: detected capacity change from 0 to 32768 [ 88.327690][ T5823] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI [ 88.339650][ T5823] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 88.348093][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor139 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 88.360534][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.370630][ T5823] RIP: 0010:lmLogSync+0x1f1/0x9d0 [ 88.375816][ T5823] Code: 43 82 fe 4d 8d 7e d8 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 9d 9b e3 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 81 9b e3 fe 49 8b 3f e8 09 09 b9 fe [ 88.395454][ T5823] RSP: 0018:ffffc9000407fa80 EFLAGS: 00010206 [ 88.401531][ T5823] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88802ccc3c00 [ 88.409503][ T5823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.417496][ T5823] RBP: ffffc9000407fb88 R08: ffffc9000407f9df R09: 0000000000000000 [ 88.425555][ T5823] R10: ffffc9000407f868 R11: fffff5200080ff3c R12: ffff888030a10800 [ 88.433531][ T5823] R13: dffffc0000000000 R14: ffff8880313d9838 R15: 0000000000000030 [ 88.441506][ T5823] FS: 000055555acdb380(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 88.450438][ T5823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.457108][ T5823] CR2: 00007f6185150000 CR3: 00000000772ae000 CR4: 00000000003526f0 [ 88.465171][ T5823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 88.473241][ T5823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 88.481251][ T5823] Call Trace: [ 88.484531][ T5823] [ 88.487463][ T5823] ? __pfx___mutex_lock+0x10/0x10 [ 88.492523][ T5823] ? __pfx_lmLogSync+0x10/0x10 [ 88.497290][ T5823] ? __pfx_dquot_writeback_dquots+0x10/0x10 [ 88.503193][ T5823] ? __pfx___writeback_inodes_sb_nr+0x10/0x10 [ 88.509359][ T5823] jfs_syncpt+0x7b/0x90 [ 88.513517][ T5823] jfs_sync_fs+0x87/0xa0 [ 88.517938][ T5823] sync_filesystem+0xeb/0x230 [ 88.522625][ T5823] generic_shutdown_super+0x6f/0x2c0 [ 88.527913][ T5823] kill_block_super+0x44/0x90 [ 88.532592][ T5823] deactivate_locked_super+0xbc/0x130 [ 88.537969][ T5823] cleanup_mnt+0x425/0x4c0 [ 88.542392][ T5823] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.547605][ T5823] task_work_run+0x1d1/0x260 [ 88.552206][ T5823] ? __pfx_task_work_run+0x10/0x10 [ 88.557405][ T5823] ? __x64_sys_umount+0x122/0x160 [ 88.562446][ T5823] ptrace_notify+0x281/0x2c0 [ 88.567069][ T5823] ? __pfx_ptrace_notify+0x10/0x10 [ 88.572192][ T5823] ? __x64_sys_umount+0x122/0x160 [ 88.577315][ T5823] ? __pfx___x64_sys_umount+0x10/0x10 [ 88.582703][ T5823] ? rcu_is_watching+0x15/0xb0 [ 88.587477][ T5823] syscall_exit_work+0xc6/0x1d0 [ 88.592336][ T5823] do_syscall_64+0x2ad/0x3b0 [ 88.596944][ T5823] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.602162][ T5823] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.608234][ T5823] ? clear_bhb_loop+0x60/0xb0 [ 88.612930][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.618920][ T5823] RIP: 0033:0x7f3bf03114f7 [ 88.623455][ T5823] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 88.643325][ T5823] RSP: 002b:00007ffc7101e0c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 88.651742][ T5823] RAX: 0000000000000000 RBX: 00000000000154c6 RCX: 00007f3bf03114f7 [ 88.659716][ T5823] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc7101e180 [ 88.667686][ T5823] RBP: 00007ffc7101e180 R08: 0000000000000000 R09: 0000000000000000 [ 88.675658][ T5823] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffc7101f1f0 [ 88.683723][ T5823] R13: 000055555acdc6c0 R14: 0000000000000001 R15: 431bde82d7b634db [ 88.691725][ T5823] [pid 5823] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5837 attached [pid 5833] close(3 [pid 5829] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5833] <... close resumed>) = 0 [pid 5833] close(4) = 0 [pid 5825] <... clone resumed>, child_tidptr=0x55555acdb650) = 5837 [pid 5833] mkdir("./file1", 0777) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5833] mount("/dev/loop4", "./file1", "jfs", MS_NODIRATIME|MS_SILENT, "nodiscard,quota,iocharset=cp950,grpquota,quota,noquota,nointegrity" [pid 5829] chdir("./file1") = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5829] exit_group(0) = ? [pid 5829] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=19 /* 0.19 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 5837] set_robust_list(0x55555acdb660, 24) = 0 [pid 5837] chdir("./1" [pid 5824] <... restart_syscall resumed>) = 0 [pid 5824] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55555acdc6f0 /* 4 entries */, 32768) = 112 [pid 5824] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5837] <... chdir resumed>) = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5837] write(1, "executing program\n", 18) = 18 [pid 5837] memfd_create("syzkaller", 0) = 3 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3be7e00000 [ 88.694753][ T5823] Modules linked in: [ 88.699244][ T5823] ---[ end trace 0000000000000000 ]--- [ 88.710665][ T5823] RIP: 0010:lmLogSync+0x1f1/0x9d0 [ 88.716867][ T5823] Code: 43 82 fe 4d 8d 7e d8 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 9d 9b e3 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 81 9b e3 fe 49 8b 3f e8 09 09 b9 fe [ 88.771420][ T5823] RSP: 0018:ffffc9000407fa80 EFLAGS: 00010206 [ 88.777565][ T5823] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88802ccc3c00 [ 88.785978][ T5823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.794906][ T5823] RBP: ffffc9000407fb88 R08: ffffc9000407f9df R09: 0000000000000000 [ 88.818727][ T5823] R10: ffffc9000407f868 R11: fffff5200080ff3c R12: ffff888030a10800 [ 88.839556][ T5823] R13: dffffc0000000000 R14: ffff8880313d9838 R15: 0000000000000030 [ 88.851219][ T5823] FS: 000055555acdb380(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 88.870719][ T5823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.881110][ T5823] CR2: 00007ffc0d71cb58 CR3: 00000000772ae000 CR4: 00000000003526f0 [ 88.897428][ T5823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 88.905713][ T5823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 88.921155][ T5823] Kernel panic - not syncing: Fatal exception [ 88.927410][ T5823] Kernel Offset: disabled [ 88.931774][ T5823] Rebooting in 86400 seconds..