./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor234867894 <...> Warning: Permanently added '10.128.1.140' (ED25519) to the list of known hosts. execve("./syz-executor234867894", ["./syz-executor234867894"], 0x7ffd4ccbb2e0 /* 10 vars */) = 0 brk(NULL) = 0x55557b55c000 brk(0x55557b55cd00) = 0x55557b55cd00 arch_prctl(ARCH_SET_FS, 0x55557b55c380) = 0 set_tid_address(0x55557b55c650) = 5825 set_robust_list(0x55557b55c660, 24) = 0 rseq(0x55557b55cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor234867894", 4096) = 27 getrandom("\x03\xf6\xb8\x1b\xcc\x3c\x89\x17", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b55cd00 brk(0x55557b57dd00) = 0x55557b57dd00 brk(0x55557b57e000) = 0x55557b57e000 mprotect(0x7f86aea73000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.ALnXsr", 0700) = 0 chmod("./syzkaller.ALnXsr", 0777) = 0 chdir("./syzkaller.ALnXsr") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached , child_tidptr=0x55557b55c650) = 5827 [pid 5827] set_robust_list(0x55557b55c660, 24) = 0 [pid 5827] chdir("./0") = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 [pid 5827] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5827] write(1, "executing program\n", 18) = 18 [pid 5827] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 5827] memfd_create("syzkaller", 0) = 4 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f86a6400000 [pid 5827] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 [pid 5827] munmap(0x7f86a6400000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5827] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5827] close(4) = 0 [pid 5827] close(5) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file0", "minix", MS_NOSUID|MS_POSIXACL|MS_I_VERSION|MS_STRICTATIME, "") = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5827] chdir("./file0") = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5827] mkdir("./bus", 000) = 0 [ 88.909827][ T5827] loop0: detected capacity change from 0 to 64 [pid 5827] rename("./file0", "./bus") = -1 EIO (Input/output error) [pid 5827] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5827] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [ 88.965580][ T5827] syz-executor234: attempt to access beyond end of device [ 88.965580][ T5827] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 92.013310][ T1213] cfg80211: failed to load regulatory.db [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5825] kill(-5827, SIGKILL) = 0 [pid 5827] <... openat resumed>) = ? [pid 5825] kill(5827, SIGKILL [pid 5827] +++ killed by SIGKILL +++ <... kill resumed>) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5827, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557b55d6f0 /* 4 entries */, 32768) = 112 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0755, st_size=512, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=512, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557b565730 /* 7 entries */, 32768) = 200 umount2("./0/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/file1") = 0 umount2("./0/file0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file2", {st_mode=S_IFREG|0400, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/file2") = 0 umount2("./0/file0/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file3", {st_mode=S_IFREG|0400, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/file3") = 0 umount2("./0/file0/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file0/file.cold") = 0 umount2("./0/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0/bus", {st_mode=S_IFDIR|000, st_size=128, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|000, st_size=128, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x55557b56d770 /* 2 entries */, 32768) = 48 getdents64(5, 0x55557b56d770 /* 0 entries */, 32768) = 0 close(5) = 0 [ 94.048080][ T5825] ------------[ cut here ]------------ [ 94.053677][ T5825] WARNING: CPU: 0 PID: 5825 at fs/inode.c:417 drop_nlink+0xc5/0x110 [ 94.061852][ T5825] Modules linked in: [ 94.065905][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: syz-executor234 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) [ 94.078028][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.088152][ T5825] RIP: 0010:drop_nlink+0xc5/0x110 [ 94.093255][ T5825] Code: 78 07 00 00 be 08 00 00 00 e8 c7 33 e8 ff f0 48 ff 83 78 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc e8 0c ea 86 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff [ 94.112957][ T5825] RSP: 0018:ffffc900043cfc90 EFLAGS: 00010293 [ 94.119037][ T5825] RAX: ffffffff823960c4 RBX: ffff88807684c588 RCX: ffff88802b5c8000 [ 94.127119][ T5825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 94.135155][ T5825] RBP: 0000000000000000 R08: ffffffff8f9fe7f7 R09: 1ffffffff1f3fcfe [ 94.143202][ T5825] R10: dffffc0000000000 R11: fffffbfff1f3fcff R12: 1ffff1100ed098ba [ 94.151268][ T5825] R13: ffffea0001ddc500 R14: ffff88807684c5d0 R15: dffffc0000000000 [ 94.159276][ T5825] FS: 000055557b55c380(0000) GS:ffff888125c87000(0000) knlGS:0000000000000000 [ 94.168274][ T5825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.174916][ T5825] CR2: 000055557b575778 CR3: 0000000077e28000 CR4: 00000000003526f0 [ 94.182952][ T5825] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 94.190970][ T5825] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 94.198955][ T5825] Call Trace: [ 94.202300][ T5825] [ 94.205255][ T5825] minix_unlink+0x1de/0x290 [ 94.209769][ T5825] ? minix_empty_dir+0x6ec/0x740 [ 94.214806][ T5825] ? __pfx_minix_unlink+0x10/0x10 [ 94.219870][ T5825] minix_rmdir+0x5d/0xd0 [ 94.224255][ T5825] vfs_rmdir+0x3b7/0x520 [ 94.228530][ T5825] do_rmdir+0x2ac/0x630 [ 94.232864][ T5825] ? __pfx_do_rmdir+0x10/0x10 [ 94.237579][ T5825] ? getname_flags+0x1e5/0x540 [ 94.242420][ T5825] __x64_sys_rmdir+0x47/0x50 [ 94.247040][ T5825] do_syscall_64+0xfa/0x3b0 [ 94.251605][ T5825] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.256847][ T5825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.262985][ T5825] ? clear_bhb_loop+0x60/0xb0 [ 94.267692][ T5825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.273674][ T5825] RIP: 0033:0x7f86ae9fedc7 [ 94.278134][ T5825] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.297806][ T5825] RSP: 002b:00007ffca1680a68 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 94.306296][ T5825] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f86ae9fedc7 [ 94.314340][ T5825] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffca1681c10 [ 94.322362][ T5825] RBP: 0000000000000065 R08: 000055557b56d79b R09: 0000000000000000 [ 94.330392][ T5825] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffca1681c10 [ 94.338386][ T5825] R13: 000055557b56d740 R14: 431bde82d7b634db R15: 00007ffca1683d90 [ 94.346429][ T5825] [ 94.349474][ T5825] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 94.356756][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: syz-executor234 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) [ 94.368827][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.378882][ T5825] Call Trace: [ 94.382181][ T5825] [ 94.385116][ T5825] dump_stack_lvl+0x99/0x250 [ 94.389725][ T5825] ? __asan_memcpy+0x40/0x70 [ 94.394324][ T5825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.399529][ T5825] ? __pfx__printk+0x10/0x10 [ 94.404129][ T5825] panic+0x2db/0x790 [ 94.408056][ T5825] ? __pfx_panic+0x10/0x10 [ 94.412498][ T5825] __warn+0x31b/0x4b0 [ 94.416486][ T5825] ? drop_nlink+0xc5/0x110 [ 94.420909][ T5825] ? drop_nlink+0xc5/0x110 [ 94.425326][ T5825] report_bug+0x2be/0x4f0 [ 94.429658][ T5825] ? drop_nlink+0xc5/0x110 [ 94.434078][ T5825] ? drop_nlink+0xc5/0x110 [ 94.438506][ T5825] ? drop_nlink+0xc7/0x110 [ 94.442925][ T5825] handle_bug+0x84/0x160 [ 94.447182][ T5825] exc_invalid_op+0x1a/0x50 [ 94.451695][ T5825] asm_exc_invalid_op+0x1a/0x20 [ 94.456559][ T5825] RIP: 0010:drop_nlink+0xc5/0x110 [ 94.461606][ T5825] Code: 78 07 00 00 be 08 00 00 00 e8 c7 33 e8 ff f0 48 ff 83 78 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc e8 0c ea 86 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff [ 94.481220][ T5825] RSP: 0018:ffffc900043cfc90 EFLAGS: 00010293 [ 94.487303][ T5825] RAX: ffffffff823960c4 RBX: ffff88807684c588 RCX: ffff88802b5c8000 [ 94.495288][ T5825] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 94.503265][ T5825] RBP: 0000000000000000 R08: ffffffff8f9fe7f7 R09: 1ffffffff1f3fcfe [ 94.511246][ T5825] R10: dffffc0000000000 R11: fffffbfff1f3fcff R12: 1ffff1100ed098ba [ 94.519224][ T5825] R13: ffffea0001ddc500 R14: ffff88807684c5d0 R15: dffffc0000000000 [ 94.527209][ T5825] ? drop_nlink+0xc4/0x110 [ 94.531650][ T5825] minix_unlink+0x1de/0x290 [ 94.536168][ T5825] ? minix_empty_dir+0x6ec/0x740 [ 94.541135][ T5825] ? __pfx_minix_unlink+0x10/0x10 [ 94.546186][ T5825] minix_rmdir+0x5d/0xd0 [ 94.550443][ T5825] vfs_rmdir+0x3b7/0x520 [ 94.554709][ T5825] do_rmdir+0x2ac/0x630 [ 94.558878][ T5825] ? __pfx_do_rmdir+0x10/0x10 [ 94.563564][ T5825] ? getname_flags+0x1e5/0x540 [ 94.568365][ T5825] __x64_sys_rmdir+0x47/0x50 [ 94.572967][ T5825] do_syscall_64+0xfa/0x3b0 [ 94.577478][ T5825] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.582693][ T5825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.588768][ T5825] ? clear_bhb_loop+0x60/0xb0 [ 94.593458][ T5825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.599360][ T5825] RIP: 0033:0x7f86ae9fedc7 [ 94.603812][ T5825] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.623442][ T5825] RSP: 002b:00007ffca1680a68 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 94.631903][ T5825] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f86ae9fedc7 [ 94.639898][ T5825] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffca1681c10 [ 94.647888][ T5825] RBP: 0000000000000065 R08: 000055557b56d79b R09: 0000000000000000 [ 94.655875][ T5825] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffca1681c10 [ 94.663860][ T5825] R13: 000055557b56d740 R14: 431bde82d7b634db R15: 00007ffca1683d90 [ 94.671880][ T5825] [ 94.675221][ T5825] Kernel Offset: disabled [ 94.679557][ T5825] Rebooting in 86400 seconds..