./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor573067617 <...> Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. execve("./syz-executor573067617", ["./syz-executor573067617"], 0x7ffeb1344300 /* 10 vars */) = 0 brk(NULL) = 0x55555d0eb000 brk(0x55555d0ebd00) = 0x55555d0ebd00 arch_prctl(ARCH_SET_FS, 0x55555d0eb380) = 0 set_tid_address(0x55555d0eb650) = 5841 set_robust_list(0x55555d0eb660, 24) = 0 rseq(0x55555d0ebca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor573067617", 4096) = 27 getrandom("\x7e\x0a\x02\xae\xc2\x43\x86\xa7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d0ebd00 brk(0x55555d10cd00) = 0x55555d10cd00 brk(0x55555d10d000) = 0x55555d10d000 mprotect(0x7fe99f528000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.II1jqM", 0700) = 0 chmod("./syzkaller.II1jqM", 0777) = 0 chdir("./syzkaller.II1jqM") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5843] chdir("./0") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] <... clone resumed>, child_tidptr=0x55555d0eb650) = 5843 [pid 5843] <... prctl resumed>) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5843] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5843] munmap(0x7fe997000000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [ 90.484636][ T5843] loop0: detected capacity change from 0 to 128 [ 90.521379][ T5843] ======================================================= [ 90.521379][ T5843] WARNING: The mand mount option has been deprecated and [ 90.521379][ T5843] and is ignored by this kernel. Remove the mand [ 90.521379][ T5843] option from the mount to silence this warning. [ 90.521379][ T5843] ======================================================= [ 90.559150][ T5843] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 90.571760][ T5843] hpfs: filesystem error: improperly stopped [ 90.577917][ T5843] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 90.585732][ T5843] hpfs: You really don't want any checks? You are crazy... [ 90.593233][ T5843] hpfs: hpfs_map_sector(): read error [ 90.598947][ T5843] hpfs: code page support is disabled [ 90.605093][ T5843] hpfs: hpfs_map_sector(): read error [ 90.610503][ T5843] hpfs: hpfs_map_sector(): read error [ 90.615953][ T5843] hpfs: hpfs_map_sector(): read error [ 90.621376][ T5843] hpfs: hpfs_map_sector(): read error [ 90.626872][ T5843] hpfs: hpfs_map_4sectors(): unaligned read [pid 5843] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ [ 90.632967][ T5843] hpfs: hpfs_map_4sectors(): unaligned read [ 90.639023][ T5843] hpfs: filesystem error: unable to find root dir --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x55555d0eb650) = 5844 [pid 5844] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5844] chdir("./1") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] write(1, "executing program\n", 18executing program ) = 18 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5844] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5844] munmap(0x7fe997000000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file0", 0777) = 0 [ 91.043203][ T5844] loop0: detected capacity change from 0 to 128 [ 91.089297][ T5844] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 91.102636][ T5844] hpfs: filesystem error: improperly stopped [ 91.113002][ T5844] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 91.121208][ T5844] hpfs: You really don't want any checks? You are crazy... [ 91.129302][ T5844] hpfs: hpfs_map_sector(): read error [pid 5844] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file0") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5844] exit_group(0) = ? [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 91.134712][ T5844] hpfs: code page support is disabled [ 91.141042][ T5844] hpfs: hpfs_map_sector(): read error [ 91.146658][ T5844] hpfs: hpfs_map_sector(): read error [ 91.152040][ T5844] hpfs: hpfs_map_sector(): read error [ 91.157503][ T5844] hpfs: hpfs_map_sector(): read error [ 91.162906][ T5844] hpfs: hpfs_map_4sectors(): unaligned read [ 91.168908][ T5844] hpfs: hpfs_map_4sectors(): unaligned read [ 91.174823][ T5844] hpfs: filesystem error: unable to find root dir umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x55555d0eb650) = 5845 [pid 5845] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5845] chdir("./2") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5845] write(1, "executing program\n", 18) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5845] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5845] munmap(0x7fe997000000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file0", 0777) = 0 [ 91.585056][ T5845] loop0: detected capacity change from 0 to 128 [ 91.619316][ T5845] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 91.631217][ T5845] hpfs: filesystem error: improperly stopped [ 91.637497][ T5845] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 91.646318][ T5845] hpfs: You really don't want any checks? You are crazy... [ 91.653785][ T5845] hpfs: hpfs_map_sector(): read error [ 91.659522][ T5845] hpfs: code page support is disabled [ 91.665461][ T5845] hpfs: hpfs_map_sector(): read error [ 91.670969][ T5845] hpfs: hpfs_map_sector(): read error [ 91.676470][ T5845] hpfs: hpfs_map_sector(): read error [pid 5845] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file0") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 91.681883][ T5845] hpfs: hpfs_map_sector(): read error [ 91.687404][ T5845] hpfs: hpfs_map_4sectors(): unaligned read [ 91.693357][ T5845] hpfs: hpfs_map_4sectors(): unaligned read [ 91.699542][ T5845] hpfs: filesystem error: unable to find root dir umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555d0eb650) = 5846 [pid 5846] chdir("./3") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] write(1, "executing program\n", 18) = 18 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5846] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5846] munmap(0x7fe997000000, 138412032) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 91.898120][ T9] cfg80211: failed to load regulatory.db [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [ 91.950325][ T5846] loop0: detected capacity change from 0 to 128 [ 92.009400][ T5846] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 92.022819][ T5846] hpfs: filesystem error: improperly stopped [ 92.029804][ T5846] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 92.037650][ T5846] hpfs: You really don't want any checks? You are crazy... [ 92.045420][ T5846] hpfs: hpfs_map_sector(): read error [ 92.050824][ T5846] hpfs: code page support is disabled [pid 5846] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./file0") = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5846] exit_group(0) = ? [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 92.057242][ T5846] hpfs: hpfs_map_sector(): read error [ 92.062654][ T5846] hpfs: hpfs_map_sector(): read error [ 92.068130][ T5846] hpfs: hpfs_map_sector(): read error [ 92.073542][ T5846] hpfs: hpfs_map_sector(): read error [ 92.078997][ T5846] hpfs: hpfs_map_4sectors(): unaligned read [ 92.084993][ T5846] hpfs: hpfs_map_4sectors(): unaligned read [ 92.090981][ T5846] hpfs: filesystem error: unable to find root dir umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d0eb650) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5849] chdir("./4") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5849] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5849] munmap(0x7fe997000000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./file0", 0777) = 0 [ 92.397570][ T5849] loop0: detected capacity change from 0 to 128 [ 92.439269][ T5849] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 92.452562][ T5849] hpfs: filesystem error: improperly stopped [ 92.458990][ T5849] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 92.467142][ T5849] hpfs: You really don't want any checks? You are crazy... [ 92.476590][ T5849] hpfs: hpfs_map_sector(): read error [ 92.482010][ T5849] hpfs: code page support is disabled [pid 5849] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file0") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.487904][ T5849] hpfs: hpfs_map_sector(): read error [ 92.493324][ T5849] hpfs: hpfs_map_sector(): read error [ 92.498798][ T5849] hpfs: hpfs_map_sector(): read error [ 92.504234][ T5849] hpfs: hpfs_map_sector(): read error [ 92.509676][ T5849] hpfs: hpfs_map_4sectors(): unaligned read [ 92.515675][ T5849] hpfs: hpfs_map_4sectors(): unaligned read [ 92.521578][ T5849] hpfs: filesystem error: unable to find root dir [pid 5849] exit_group(0) = ? [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555d0eb650) = 5850 [pid 5850] chdir("./5") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] write(1, "executing program\n", 18executing program ) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5850] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5850] munmap(0x7fe997000000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 92.916890][ T5850] loop0: detected capacity change from 0 to 128 [ 92.958598][ T5850] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 92.971532][ T5850] hpfs: filesystem error: improperly stopped [ 92.980665][ T5850] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 92.989940][ T5850] hpfs: You really don't want any checks? You are crazy... [ 92.997872][ T5850] hpfs: hpfs_map_sector(): read error [ 93.003295][ T5850] hpfs: code page support is disabled [pid 5850] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.009090][ T5850] hpfs: hpfs_map_sector(): read error [ 93.014513][ T5850] hpfs: hpfs_map_sector(): read error [ 93.020239][ T5850] hpfs: hpfs_map_sector(): read error [ 93.025716][ T5850] hpfs: hpfs_map_sector(): read error [ 93.031111][ T5850] hpfs: hpfs_map_4sectors(): unaligned read [ 93.037174][ T5850] hpfs: hpfs_map_4sectors(): unaligned read [ 93.043084][ T5850] hpfs: filesystem error: unable to find root dir newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x55555d0eb650) = 5851 [pid 5851] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5851] chdir("./6") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] write(1, "executing program\n", 18executing program ) = 18 [pid 5851] memfd_create("syzkaller", 0) = 3 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5851] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5851] munmap(0x7fe997000000, 138412032) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] close(3) = 0 [pid 5851] close(4) = 0 [pid 5851] mkdir("./file0", 0777) = 0 [ 93.407833][ T5851] loop0: detected capacity change from 0 to 128 [ 93.442399][ T5851] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 93.455298][ T5851] hpfs: filesystem error: improperly stopped [ 93.461332][ T5851] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 93.469254][ T5851] hpfs: You really don't want any checks? You are crazy... [ 93.476745][ T5851] hpfs: hpfs_map_sector(): read error [ 93.482131][ T5851] hpfs: code page support is disabled [ 93.488242][ T5851] hpfs: hpfs_map_sector(): read error [ 93.493676][ T5851] hpfs: hpfs_map_sector(): read error [ 93.499167][ T5851] hpfs: hpfs_map_sector(): read error [pid 5851] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] chdir("./file0") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5851] exit_group(0) = ? [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.504599][ T5851] hpfs: hpfs_map_sector(): read error [ 93.510061][ T5851] hpfs: hpfs_map_4sectors(): unaligned read [ 93.516723][ T5851] hpfs: hpfs_map_4sectors(): unaligned read [ 93.522714][ T5851] hpfs: filesystem error: unable to find root dir newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached , child_tidptr=0x55555d0eb650) = 5853 [pid 5853] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5853] chdir("./7") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] write(1, "executing program\n", 18executing program ) = 18 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5853] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5853] munmap(0x7fe997000000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file0", 0777) = 0 [ 93.963607][ T5853] loop0: detected capacity change from 0 to 128 [ 94.009725][ T5853] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 94.022076][ T5853] hpfs: filesystem error: improperly stopped [ 94.029310][ T5853] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 94.038736][ T5853] hpfs: You really don't want any checks? You are crazy... [ 94.046621][ T5853] hpfs: hpfs_map_sector(): read error [ 94.052031][ T5853] hpfs: code page support is disabled [pid 5853] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file0") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.057795][ T5853] hpfs: hpfs_map_sector(): read error [ 94.063233][ T5853] hpfs: hpfs_map_sector(): read error [ 94.068713][ T5853] hpfs: hpfs_map_sector(): read error [ 94.074123][ T5853] hpfs: hpfs_map_sector(): read error [ 94.079743][ T5853] hpfs: hpfs_map_4sectors(): unaligned read [ 94.085981][ T5853] hpfs: hpfs_map_4sectors(): unaligned read [ 94.091955][ T5853] hpfs: filesystem error: unable to find root dir [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d0eb650) = 5854 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5854] chdir("./8") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] write(1, "executing program\n", 18executing program ) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5854] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5854] munmap(0x7fe997000000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file0", 0777) = 0 [ 94.583040][ T5854] loop0: detected capacity change from 0 to 128 [ 94.617994][ T5854] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 94.630100][ T5854] hpfs: filesystem error: improperly stopped [ 94.636545][ T5854] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 94.644309][ T5854] hpfs: You really don't want any checks? You are crazy... [ 94.652435][ T5854] hpfs: hpfs_map_sector(): read error [ 94.657897][ T5854] hpfs: code page support is disabled [ 94.663735][ T5854] hpfs: hpfs_map_sector(): read error [ 94.669198][ T5854] hpfs: hpfs_map_sector(): read error [ 94.674635][ T5854] hpfs: hpfs_map_sector(): read error [pid 5854] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file0") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.680062][ T5854] hpfs: hpfs_map_sector(): read error [ 94.685480][ T5854] hpfs: hpfs_map_4sectors(): unaligned read [ 94.691427][ T5854] hpfs: hpfs_map_4sectors(): unaligned read [ 94.697452][ T5854] hpfs: filesystem error: unable to find root dir [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached [pid 5858] set_robust_list(0x55555d0eb660, 24 [pid 5841] <... clone resumed>, child_tidptr=0x55555d0eb650) = 5858 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5858] chdir("./9") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5858] write(1, "executing program\n", 18) = 18 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5858] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5858] munmap(0x7fe997000000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [ 95.171821][ T5858] loop0: detected capacity change from 0 to 128 [ 95.207053][ T5858] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 95.219276][ T5858] hpfs: filesystem error: improperly stopped [ 95.225342][ T5858] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 95.233108][ T5858] hpfs: You really don't want any checks? You are crazy... [ 95.240916][ T5858] hpfs: hpfs_map_sector(): read error [ 95.246683][ T5858] hpfs: code page support is disabled [ 95.252598][ T5858] hpfs: hpfs_map_sector(): read error [ 95.259290][ T5858] hpfs: hpfs_map_sector(): read error [ 95.264727][ T5858] hpfs: hpfs_map_sector(): read error [pid 5858] mount("/dev/loop0", "./file0", "hpfs", MS_RDONLY|MS_MANDLOCK, "gid=0x000000000000ee00,check=none,chkdsk=errors,uid=0x0000000000000000,") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555d0ec6f0 /* 4 entries */, 32768) = 112 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555d0f4730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555d0f4730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 95.271191][ T5858] hpfs: hpfs_map_sector(): read error [ 95.276670][ T5858] hpfs: hpfs_map_4sectors(): unaligned read [ 95.282607][ T5858] hpfs: hpfs_map_4sectors(): unaligned read [ 95.288572][ T5858] hpfs: filesystem error: unable to find root dir rmdir("./9/file0") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x55555d0ec6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached [pid 5861] set_robust_list(0x55555d0eb660, 24) = 0 [pid 5841] <... clone resumed>, child_tidptr=0x55555d0eb650) = 5861 [pid 5861] chdir("./10") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] write(1, "executing program\n", 18executing program ) = 18 [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe997000000 [pid 5861] write(3, "\xb5\x84\x31\x7b\xb6\x84\x31\x7b\xb7\x84\x31\x7b\xb8\x84\x31\x7b\xb9\x84\x31\x7b\xba\x84\x31\x7b\xbb\x84\x31\x7b\xbc\x84\x31\x7b\xbd\x84\x31\x7b\xbe\x84\x31\x7b\xbf\x84\x31\x7b\xc0\x84\x31\x7b\xc1\x84\x31\x7b\xc2\x84\x31\x7b\xc3\x84\x31\x7b\xc4\x84\x31\x7b\xc5\x84\x31\x7b\xc6\x84\x31\x7b\xc7\x84\x31\x7b\xc8\x84\x31\x7b\xc9\x84\x31\x7b\xca\x84\x31\x7b\xcb\x84\x31\x7b\xcc\x84\x31\x7b\xcd\x84\x31\x7b"..., 65536) = 65536 [pid 5861] munmap(0x7fe997000000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./file0", 0777) = 0 [ 95.385362][ T5861] loop0: detected capacity change from 0 to 128 [ 95.399631][ T5861] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 95.411800][ T5861] hpfs: filesystem error: improperly stopped [ 95.420676][ T5861] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 95.429073][ T5861] hpfs: You really don't want any checks? You are crazy... [ 95.438160][ T5861] hpfs: hpfs_map_sector(): read error [ 95.443590][ T5861] hpfs: code page support is disabled [ 95.450035][ T5861] ================================================================== [ 95.458170][ T5861] BUG: KASAN: use-after-free in strcmp+0x6f/0xc0 [ 95.464555][ T5861] Read of size 1 at addr ffff8880715478a6 by task syz-executor573/5861 [ 95.472816][ T5861] [ 95.475191][ T5861] CPU: 0 UID: 0 PID: 5861 Comm: syz-executor573 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 95.475216][ T5861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 95.475237][ T5861] Call Trace: [ 95.475250][ T5861] [ 95.475259][ T5861] dump_stack_lvl+0x189/0x250 [ 95.475285][ T5861] ? __virt_addr_valid+0x1c8/0x5c0 [ 95.475310][ T5861] ? rcu_is_watching+0x15/0xb0 [ 95.475331][ T5861] ? __kasan_check_byte+0x12/0x40 [ 95.475367][ T5861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.475388][ T5861] ? rcu_is_watching+0x15/0xb0 [ 95.475407][ T5861] ? lock_release+0x4b/0x3e0 [ 95.475426][ T5861] ? __virt_addr_valid+0x1c8/0x5c0 [ 95.475449][ T5861] ? __virt_addr_valid+0x4a5/0x5c0 [ 95.475472][ T5861] print_report+0xca/0x230 [ 95.475499][ T5861] ? strcmp+0x6f/0xc0 [ 95.475517][ T5861] kasan_report+0x118/0x150 [ 95.475545][ T5861] ? strcmp+0x6f/0xc0 [ 95.475568][ T5861] strcmp+0x6f/0xc0 [ 95.475600][ T5861] hpfs_get_ea+0x114/0xdb0 [ 95.475625][ T5861] ? __pfx_hpfs_get_ea+0x10/0x10 [ 95.475645][ T5861] ? bdev_getblk+0x7b/0x690 [ 95.475662][ T5861] ? __pfx___might_resched+0x10/0x10 [ 95.475688][ T5861] ? __bread_gfp+0xc3/0x3c0 [ 95.475707][ T5861] ? hpfs_map_sector+0x14f/0x380 [ 95.475739][ T5861] ? hpfs_map_fnode+0x27e/0x6a0 [ 95.475760][ T5861] ? set_normalized_timespec64+0xf0/0x1a0 [ 95.475790][ T5861] ? __lock_acquire+0xab9/0xd20 [ 95.475809][ T5861] hpfs_read_inode+0x19d/0x1010 [ 95.475833][ T5861] ? __pfx_hpfs_read_inode+0x10/0x10 [ 95.475853][ T5861] ? inode_set_ctime_to_ts+0x126/0x2f0 [ 95.475876][ T5861] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 95.475901][ T5861] ? do_raw_spin_unlock+0x122/0x240 [ 95.475931][ T5861] ? hpfs_init_inode+0x216/0x350 [ 95.475952][ T5861] hpfs_fill_super+0x12bd/0x2070 [ 95.475989][ T5861] ? __pfx_hpfs_fill_super+0x10/0x10 [ 95.476009][ T5861] ? __pfx_snprintf+0x10/0x10 [ 95.476026][ T5861] ? set_blocksize+0x21e/0x500 [ 95.476042][ T5861] ? sb_set_blocksize+0x104/0x180 [ 95.476056][ T5861] ? setup_bdev_super+0x4c1/0x5b0 [ 95.476078][ T5861] get_tree_bdev_flags+0x40e/0x4d0 [ 95.476098][ T5861] ? __pfx_hpfs_fill_super+0x10/0x10 [ 95.476117][ T5861] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 95.476136][ T5861] ? cap_capable+0x11f/0x460 [ 95.476156][ T5861] ? safesetid_security_capable+0xa9/0x1a0 [ 95.476180][ T5861] vfs_get_tree+0x92/0x2b0 [ 95.476200][ T5861] do_new_mount+0x24a/0xa40 [ 95.476225][ T5861] __se_sys_mount+0x317/0x410 [ 95.476240][ T5861] ? __pfx___se_sys_mount+0x10/0x10 [ 95.476252][ T5861] ? rcu_is_watching+0x15/0xb0 [ 95.476269][ T5861] ? __x64_sys_mount+0x20/0xc0 [ 95.476282][ T5861] do_syscall_64+0xfa/0x3b0 [ 95.476294][ T5861] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.476316][ T5861] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.476329][ T5861] ? clear_bhb_loop+0x60/0xb0 [ 95.476345][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.476359][ T5861] RIP: 0033:0x7fe99f4ac56a [ 95.476379][ T5861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 95.476396][ T5861] RSP: 002b:00007fff60e54968 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 95.476411][ T5861] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe99f4ac56a [ 95.476421][ T5861] RDX: 0000200000009e80 RSI: 0000200000009ec0 RDI: 00007fff60e549b0 [ 95.476432][ T5861] RBP: 0000000000000004 R08: 00007fff60e549f0 R09: 0000000000009dfd [ 95.476441][ T5861] R10: 0000000000000041 R11: 0000000000000286 R12: 0000000000010000 [ 95.476449][ T5861] R13: 00007fff60e549f0 R14: 0000200000009ec0 R15: 0000000000000003 [ 95.476465][ T5861] [ 95.476470][ T5861] [ 95.835037][ T5861] The buggy address belongs to the physical page: [ 95.841469][ T5861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71547 [ 95.850257][ T5861] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 95.857388][ T5861] raw: 00fff00000000000 ffffea0001c55208 ffffea0001c55188 0000000000000000 [ 95.865994][ T5861] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 95.874586][ T5861] page dumped because: kasan: bad access detected [ 95.881014][ T5861] page_owner tracks the page as freed [ 95.886392][ T5861] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 1, tgid 1 (swapper/0), ts 28343383888, free_ts 30507687649 [ 95.901423][ T5861] post_alloc_hook+0x240/0x2a0 [ 95.906206][ T5861] split_free_pages+0xd7/0x2f0 [ 95.910979][ T5861] alloc_contig_range_noprof+0xd29/0x1210 [ 95.916737][ T5861] alloc_contig_pages_noprof+0x47b/0x5a0 [ 95.922414][ T5861] debug_vm_pgtable_alloc_huge_page+0xb5/0x110 [ 95.928587][ T5861] init_args+0x95f/0xd70 [ 95.932844][ T5861] debug_vm_pgtable+0xc0/0x450 [ 95.937625][ T5861] do_one_initcall+0x233/0x820 [ 95.942399][ T5861] do_initcall_level+0x137/0x1f0 [ 95.947345][ T5861] do_initcalls+0x69/0xd0 [ 95.951689][ T5861] kernel_init_freeable+0x3d9/0x570 [ 95.956899][ T5861] kernel_init+0x1d/0x1d0 [ 95.961240][ T5861] ret_from_fork+0x3fc/0x770 [ 95.965841][ T5861] ret_from_fork_asm+0x1a/0x30 [ 95.970620][ T5861] page last free pid 1 tgid 1 stack trace: [ 95.976426][ T5861] __free_frozen_pages+0xc65/0xe60 [ 95.981558][ T5861] free_contig_range+0x1bd/0x4a0 [ 95.986507][ T5861] destroy_args+0x7e/0x5d0 [ 95.990936][ T5861] debug_vm_pgtable+0x412/0x450 [ 95.995807][ T5861] do_one_initcall+0x233/0x820 [ 96.000596][ T5861] do_initcall_level+0x137/0x1f0 [ 96.005545][ T5861] do_initcalls+0x69/0xd0 [ 96.009882][ T5861] kernel_init_freeable+0x3d9/0x570 [ 96.015094][ T5861] kernel_init+0x1d/0x1d0 [ 96.019446][ T5861] ret_from_fork+0x3fc/0x770 [ 96.024041][ T5861] ret_from_fork_asm+0x1a/0x30 [ 96.028817][ T5861] [ 96.031147][ T5861] Memory state around the buggy address: [ 96.036786][ T5861] ffff888071547780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.045294][ T5861] ffff888071547800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.053362][ T5861] >ffff888071547880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.061431][ T5861] ^ [ 96.066632][ T5861] ffff888071547900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.074698][ T5861] ffff888071547980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 96.082764][ T5861] ================================================================== [ 96.091318][ T5861] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.098615][ T5861] CPU: 1 UID: 0 PID: 5861 Comm: syz-executor573 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 96.111036][ T5861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.121191][ T5861] Call Trace: [ 96.124498][ T5861] [ 96.127450][ T5861] dump_stack_lvl+0x99/0x250 [ 96.132083][ T5861] ? __asan_memcpy+0x40/0x70 [ 96.136712][ T5861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.141933][ T5861] ? __pfx__printk+0x10/0x10 [ 96.146552][ T5861] panic+0x2db/0x790 [ 96.150476][ T5861] ? __pfx_preempt_schedule+0x10/0x10 [ 96.156051][ T5861] ? __pfx_panic+0x10/0x10 [ 96.160580][ T5861] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 96.166514][ T5861] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 96.173043][ T5861] ? strcmp+0x6f/0xc0 [ 96.177044][ T5861] check_panic_on_warn+0x89/0xb0 [ 96.182006][ T5861] ? strcmp+0x6f/0xc0 [ 96.186002][ T5861] end_report+0x78/0x160 [ 96.190268][ T5861] kasan_report+0x129/0x150 [ 96.194792][ T5861] ? strcmp+0x6f/0xc0 [ 96.198797][ T5861] strcmp+0x6f/0xc0 [ 96.202622][ T5861] hpfs_get_ea+0x114/0xdb0 [ 96.207057][ T5861] ? __pfx_hpfs_get_ea+0x10/0x10 [ 96.212009][ T5861] ? bdev_getblk+0x7b/0x690 [ 96.216729][ T5861] ? __pfx___might_resched+0x10/0x10 [ 96.222062][ T5861] ? __bread_gfp+0xc3/0x3c0 [ 96.226663][ T5861] ? hpfs_map_sector+0x14f/0x380 [ 96.231623][ T5861] ? hpfs_map_fnode+0x27e/0x6a0 [ 96.236516][ T5861] ? set_normalized_timespec64+0xf0/0x1a0 [ 96.242281][ T5861] ? __lock_acquire+0xab9/0xd20 [ 96.247189][ T5861] hpfs_read_inode+0x19d/0x1010 [ 96.252072][ T5861] ? __pfx_hpfs_read_inode+0x10/0x10 [ 96.257386][ T5861] ? inode_set_ctime_to_ts+0x126/0x2f0 [ 96.262862][ T5861] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 96.268686][ T5861] ? do_raw_spin_unlock+0x122/0x240 [ 96.273909][ T5861] ? hpfs_init_inode+0x216/0x350 [ 96.278872][ T5861] hpfs_fill_super+0x12bd/0x2070 [ 96.283857][ T5861] ? __pfx_hpfs_fill_super+0x10/0x10 [ 96.289162][ T5861] ? __pfx_snprintf+0x10/0x10 [ 96.293851][ T5861] ? set_blocksize+0x21e/0x500 [ 96.298631][ T5861] ? sb_set_blocksize+0x104/0x180 [ 96.303667][ T5861] ? setup_bdev_super+0x4c1/0x5b0 [ 96.308710][ T5861] get_tree_bdev_flags+0x40e/0x4d0 [ 96.313856][ T5861] ? __pfx_hpfs_fill_super+0x10/0x10 [ 96.319163][ T5861] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 96.324812][ T5861] ? cap_capable+0x11f/0x460 [ 96.329442][ T5861] ? safesetid_security_capable+0xa9/0x1a0 [ 96.335449][ T5861] vfs_get_tree+0x92/0x2b0 [ 96.339917][ T5861] do_new_mount+0x24a/0xa40 [ 96.344471][ T5861] __se_sys_mount+0x317/0x410 [ 96.349175][ T5861] ? __pfx___se_sys_mount+0x10/0x10 [ 96.354395][ T5861] ? rcu_is_watching+0x15/0xb0 [ 96.359184][ T5861] ? __x64_sys_mount+0x20/0xc0 [ 96.363978][ T5861] do_syscall_64+0xfa/0x3b0 [ 96.368499][ T5861] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.373809][ T5861] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.379914][ T5861] ? clear_bhb_loop+0x60/0xb0 [ 96.384628][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.390559][ T5861] RIP: 0033:0x7fe99f4ac56a [ 96.395003][ T5861] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 96.414639][ T5861] RSP: 002b:00007fff60e54968 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 96.423093][ T5861] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe99f4ac56a [ 96.431088][ T5861] RDX: 0000200000009e80 RSI: 0000200000009ec0 RDI: 00007fff60e549b0 [ 96.439087][ T5861] RBP: 0000000000000004 R08: 00007fff60e549f0 R09: 0000000000009dfd [ 96.447079][ T5861] R10: 0000000000000041 R11: 0000000000000286 R12: 0000000000010000 [ 96.455244][ T5861] R13: 00007fff60e549f0 R14: 0000200000009ec0 R15: 0000000000000003 [ 96.463244][ T5861] [ 96.466575][ T5861] Kernel Offset: disabled [ 96.470918][ T5861] Rebooting in 86400 seconds..