./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3510833418 <...> Warning: Permanently added '10.128.10.3' (ED25519) to the list of known hosts. execve("./syz-executor3510833418", ["./syz-executor3510833418"], 0x7ffd669e8020 /* 10 vars */) = 0 brk(NULL) = 0x555583149000 brk(0x555583149d40) = 0x555583149d40 arch_prctl(ARCH_SET_FS, 0x5555831493c0) = 0 set_tid_address(0x555583149690) = 287 set_robust_list(0x5555831496a0, 24) = 0 rseq(0x555583149ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3510833418", 4096) = 28 getrandom("\xbc\x57\x98\xdb\x82\x3e\x3f\xd1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555583149d40 brk(0x55558316ad40) = 0x55558316ad40 brk(0x55558316b000) = 0x55558316b000 mprotect(0x7f12a2670000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 288 ./strace-static-x86_64: Process 288 attached [pid 288] set_robust_list(0x5555831496a0, 24) = 0 [pid 288] mkdir("./syzkaller.bN2j6S", 0700 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... mkdir resumed>) = 0 [pid 288] chmod("./syzkaller.bN2j6S", 0777) = 0 [pid 288] chdir("./syzkaller.bN2j6S") = 0 [pid 287] <... clone resumed>, child_tidptr=0x555583149690) = 289 ./strace-static-x86_64: Process 289 attached [pid 288] mkdir("./0", 0777 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] <... mkdir resumed>) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 290 attached [pid 289] set_robust_list(0x5555831496a0, 24 [pid 287] <... clone resumed>, child_tidptr=0x555583149690) = 290 [pid 290] set_robust_list(0x5555831496a0, 24 [pid 289] <... set_robust_list resumed>) = 0 [pid 288] <... openat resumed>) = 3 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 291 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 292 [pid 289] mkdir("./syzkaller.7h9FWp", 0700) = 0 [pid 289] chmod("./syzkaller.7h9FWp", 0777) = 0 [pid 289] chdir("./syzkaller.7h9FWp"./strace-static-x86_64: Process 291 attached ./strace-static-x86_64: Process 292 attached ) = 0 [pid 292] set_robust_list(0x5555831496a0, 24 [pid 291] set_robust_list(0x5555831496a0, 24 [pid 289] mkdir("./0", 0777 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] <... set_robust_list resumed>) = 0 [pid 291] mkdir("./syzkaller.T18gzq", 0700 [pid 289] <... mkdir resumed>) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 293 [pid 290] <... set_robust_list resumed>) = 0 [pid 290] getrandom( [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... getrandom resumed>"\x4e\xd6\xe1\x8b\x21\x51\x71\xe7", 8, GRND_NONBLOCK) = 8 [pid 290] mkdir("./syzkaller.87k0Mb", 0700 [pid 288] <... clone resumed>, child_tidptr=0x555583149690) = 294 [pid 292] mkdir("./syzkaller.xQeVIV", 0700 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... mkdir resumed>) = 0 [pid 290] chmod("./syzkaller.87k0Mb", 0777) = 0 [pid 290] chdir("./syzkaller.87k0Mb") = 0 [pid 290] mkdir("./0", 0777) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 291] chmod("./syzkaller.T18gzq", 0777) = 0 [pid 291] chdir("./syzkaller.T18gzq") = 0 [pid 291] mkdir("./0", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 292] chmod("./syzkaller.xQeVIV", 0777) = 0 [pid 290] <... openat resumed>) = 3 [pid 290] ioctl(3, LOOP_CLR_FD [pid 292] chdir("./syzkaller.xQeVIV") = 0 [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 292] mkdir("./0", 0777 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... mkdir resumed>) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] <... clone resumed>, child_tidptr=0x555583149690) = 295 [pid 291] <... clone resumed>, child_tidptr=0x555583149690) = 296 [pid 292] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 297 ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x5555831496a0, 24) = 0 [pid 297] chdir("./0") = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 297] write(1, "executing program\n", 18) = 18 [pid 297] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 297] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[298]}, 88) = 298 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] memfd_create("syzkaller", 0) = 3 [pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 ./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x5555831496a0, 24 [pid 295] set_robust_list(0x5555831496a0, 24 [pid 293] set_robust_list(0x5555831496a0, 24 [pid 295] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 294 attached [pid 296] <... set_robust_list resumed>) = 0 [pid 295] chdir("./0" [pid 293] <... set_robust_list resumed>) = 0 [pid 296] chdir("./0" [pid 293] chdir("./0" [pid 296] <... chdir resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 294] set_robust_list(0x5555831496a0, 24 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] <... chdir resumed>) = 0 [pid 296] <... prctl resumed>) = 0 [pid 295] <... prctl resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] setpgid(0, 0 [pid 295] setpgid(0, 0 [pid 293] <... prctl resumed>) = 0 [pid 294] chdir("./0" [pid 296] <... setpgid resumed>) = 0 [pid 295] <... setpgid resumed>) = 0 [pid 294] <... chdir resumed>) = 0 [pid 293] setpgid(0, 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... setpgid resumed>) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 293] <... openat resumed>) = 3 [pid 295] write(3, "1000", 4 [pid 296] write(3, "1000", 4 [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 293] write(3, "1000", 4 [pid 296] <... write resumed>) = 4 [pid 295] <... write resumed>) = 4 [pid 294] <... prctl resumed>) = 0 [pid 296] close(3 [pid 295] close(3 [pid 294] setpgid(0, 0 [pid 293] <... write resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 294] <... setpgid resumed>) = 0 [pid 293] close(3 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 295] symlink("/dev/binderfs", "./binderfs" [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... close resumed>) = 0 executing program [pid 296] <... symlink resumed>) = 0 [pid 295] <... symlink resumed>) = 0 [pid 296] write(1, "executing program\n", 18 [pid 293] symlink("/dev/binderfs", "./binderfs" [pid 294] <... openat resumed>) = 3 [pid 293] <... symlink resumed>) = 0 [pid 295] write(1, "executing program\n", 18 [pid 296] <... write resumed>) = 18 [pid 294] write(3, "1000", 4 [pid 293] write(1, "executing program\n", 18executing program executing program [pid 295] <... write resumed>) = 18 [pid 293] <... write resumed>) = 18 [pid 296] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... write resumed>) = 4 [pid 296] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 293] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, [pid 295] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, [pid 294] close(3 [pid 296] <... rt_sigaction resumed>NULL, 8) = 0 [pid 295] <... rt_sigaction resumed>NULL, 8) = 0 [pid 293] <... futex resumed>) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 294] <... close resumed>) = 0 [pid 293] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] symlink("/dev/binderfs", "./binderfs" [pid 293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], executing program [pid 296] <... mmap resumed>) = 0x7f12a2586000 [pid 295] <... mmap resumed>) = 0x7f12a2586000 [pid 293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 294] <... symlink resumed>) = 0 [pid 295] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE [pid 296] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... mprotect resumed>) = 0 [pid 295] <... mprotect resumed>) = 0 [pid 294] write(1, "executing program\n", 18 [pid 293] <... mmap resumed>) = 0x7f12a2586000 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] <... rt_sigprocmask resumed>[], 8) = 0 [pid 294] <... write resumed>) = 18 [pid 293] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} [pid 294] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... mprotect resumed>) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] <... clone3 resumed> => {parent_tid=[300]}, 88) = 300 [pid 295] <... clone3 resumed> => {parent_tid=[301]}, 88) = 301 [pid 294] <... futex resumed>) = 0 [pid 296] rt_sigprocmask(SIG_SETMASK, [], [pid 295] rt_sigprocmask(SIG_SETMASK, [], [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 294] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... clone3 resumed> => {parent_tid=[302]}, 88) = 302 [pid 294] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 0 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 293] rt_sigprocmask(SIG_SETMASK, [], [pid 295] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 293] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... mmap resumed>) = 0x7f12a2586000 [pid 293] <... futex resumed>) = 0 [pid 294] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 294] <... mprotect resumed>) = 0 [pid 294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[304]}, 88) = 304 [pid 294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 ./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 304 attached ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x7f12a25a69a0, 24 [pid 304] set_robust_list(0x7f12a25a69a0, 24 [pid 300] set_robust_list(0x7f12a25a69a0, 24 [pid 302] <... set_robust_list resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 304] <... set_robust_list resumed>) = 0 [pid 300] rt_sigprocmask(SIG_SETMASK, [], [pid 302] rt_sigprocmask(SIG_SETMASK, [], [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 302] memfd_create("syzkaller", 0 [pid 300] memfd_create("syzkaller", 0 [pid 302] <... memfd_create resumed>) = 3 [pid 300] <... memfd_create resumed>) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 304] memfd_create("syzkaller", 0 [pid 300] <... mmap resumed>) = 0x7f129a186000 [pid 304] <... memfd_create resumed>) = 3 [pid 302] <... mmap resumed>) = 0x7f129a186000 [ 20.670635][ T24] audit: type=1400 audit(1740892503.819:66): avc: denied { execmem } for pid=287 comm="syz-executor351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.676653][ T24] audit: type=1400 audit(1740892503.829:67): avc: denied { read write } for pid=288 comm="syz-executor351" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.680095][ T24] audit: type=1400 audit(1740892503.829:68): avc: denied { open } for pid=288 comm="syz-executor351" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.685188][ T24] audit: type=1400 audit(1740892503.829:69): avc: denied { ioctl } for pid=289 comm="syz-executor351" path="/dev/loop1" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 298] <... write resumed>) = 20699119 [pid 298] munmap(0x7f129a186000, 138412032) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 298] ioctl(4, LOOP_SET_FD, 3 [pid 301] <... write resumed>) = 20699119 [pid 301] munmap(0x7f129a186000, 138412032) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 298] <... ioctl resumed>) = 0 [pid 298] close(3 [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... close resumed>) = 0 [pid 298] close(4 [pid 300] <... write resumed>) = 20699119 [pid 300] munmap(0x7f129a186000, 138412032) = 0 [pid 298] <... close resumed>) = 0 [pid 298] mkdir("./file2", 0777) = 0 [pid 298] mount("/dev/loop4", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 301] <... ioctl resumed>) = 0 [pid 301] close(3) = 0 [pid 301] close(4) = 0 [pid 301] mkdir("./file2", 0777) = 0 [pid 301] mount("/dev/loop2", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 304] <... write resumed>) = 20699119 [pid 304] munmap(0x7f129a186000, 138412032 [pid 302] <... write resumed>) = 20699119 [pid 304] <... munmap resumed>) = 0 [pid 302] munmap(0x7f129a186000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 302] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 304] <... openat resumed>) = 4 [pid 302] <... openat resumed>) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 302] ioctl(4, LOOP_SET_FD, 3 [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] close(4 [pid 300] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 302] <... ioctl resumed>) = 0 [pid 302] close(3) = 0 [ 21.215962][ T298] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 21.216216][ T24] audit: type=1400 audit(1740892504.369:70): avc: denied { mounton } for pid=297 comm="syz-executor351" path="/root/syzkaller.xQeVIV/0/file2" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.224299][ T301] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [pid 302] close(4) = 0 [pid 300] <... openat resumed>) = 4 [pid 302] mkdir("./file2", 0777 [pid 300] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... mkdir resumed>) = 0 [pid 302] mount("/dev/loop1", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 300] <... ioctl resumed>) = 0 [pid 304] <... close resumed>) = 0 [pid 300] close(3) = 0 [ 21.262558][ T298] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 21.270605][ T301] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 21.272516][ T298] F2FS-fs (loop4): invalid crc value [ 21.279711][ T301] F2FS-fs (loop2): invalid crc value [ 21.285275][ T298] F2FS-fs (loop4): Found nat_bits in checkpoint [ 21.290104][ T301] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 300] close(4 [pid 304] mkdir("./file2", 0777) = 0 [ 21.318758][ T302] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 21.324853][ T298] F2FS-fs (loop4): Start checkpoint disabled! [ 21.325522][ T302] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 21.340996][ T298] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 21.347751][ T302] F2FS-fs (loop1): invalid crc value [ 21.348073][ T298] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 21.356217][ T301] F2FS-fs (loop2): Start checkpoint disabled! [pid 304] mount("/dev/loop0", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 298] <... mount resumed>) = 0 [pid 298] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 298] chdir("./file2") = 0 [ 21.360823][ T24] audit: type=1400 audit(1740892504.509:71): avc: denied { mount } for pid=297 comm="syz-executor351" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.368472][ T301] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 21.389305][ T302] F2FS-fs (loop1): Found nat_bits in checkpoint [ 21.394953][ T301] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 21.409105][ T300] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [pid 298] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 300] <... close resumed>) = 0 [pid 300] mkdir("./file2", 0777) = 0 [pid 300] mount("/dev/loop3", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 298] <... openat resumed>) = 4 [pid 298] ioctl(4, LOOP_CLR_FD) = 0 [pid 298] close(4) = 0 [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 301] <... mount resumed>) = 0 [pid 301] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 301] chdir("./file2") = 0 [pid 301] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 301] ioctl(4, LOOP_CLR_FD) = 0 [pid 301] close(4 [pid 298] <... openat resumed>) = 4 [pid 301] <... close resumed>) = 0 [pid 301] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 301] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 0 [pid 298] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 295] <... futex resumed>) = 1 [pid 295] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 298] <... ioctl resumed>, 0x400000000180) = 0 [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 4 [pid 301] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 1 [pid 301] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 295] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... ioctl resumed>, 0x400000000180) = 0 [pid 301] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [ 21.415908][ T300] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 21.426801][ T24] audit: type=1400 audit(1740892504.579:72): avc: denied { write } for pid=297 comm="syz-executor351" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.426992][ T300] F2FS-fs (loop3): invalid crc value [pid 298] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 301] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] <... futex resumed>) = 0 [pid 298] <... futex resumed>) = 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] fspick(AT_FDCWD, ".", 0 [pid 297] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 1 [pid 298] <... fspick resumed>) = 5 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] <... futex resumed>) = 0 [ 21.480442][ T24] audit: type=1400 audit(1740892504.579:73): avc: denied { add_name } for pid=297 comm="syz-executor351" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.499212][ T302] F2FS-fs (loop1): Start checkpoint disabled! [ 21.501910][ T24] audit: type=1400 audit(1740892504.579:74): avc: denied { create } for pid=297 comm="syz-executor351" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 298] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 297] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 297] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] fspick(AT_FDCWD, ".", 0) = 5 [pid 297] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] <... futex resumed>) = 0 [pid 301] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2565000 [pid 295] mprotect(0x7f12a2566000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a2585990, parent_tid=0x7f12a2585990, exit_signal=0, stack=0x7f12a2565000, stack_size=0x20300, tls=0x7f12a25856c0} => {parent_tid=[322]}, 88) = 322 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7f12a26766d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.509687][ T298] F2FS-fs (loop4): switch discard_unit option is not allowed [ 21.529176][ T300] F2FS-fs (loop3): Found nat_bits in checkpoint [ 21.540678][ T304] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 21.540694][ T304] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 21.570374][ T302] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [pid 295] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7f12a25859a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 298] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] <... mount resumed>) = 0 [pid 298] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 322] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 322] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... openat resumed>) = 3 [pid 322] <... futex resumed>) = 0 [pid 302] chdir("./file2" [pid 322] futex(0x7f12a26766d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... chdir resumed>) = 0 [pid 297] exit_group(0 [pid 295] exit_group(0 [pid 302] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 322] <... futex resumed>) = ? [pid 302] <... openat resumed>) = 4 [pid 301] <... futex resumed>) = ? [pid 298] <... futex resumed>) = ? [pid 297] <... exit_group resumed>) = ? [pid 295] <... exit_group resumed>) = ? [pid 302] ioctl(4, LOOP_CLR_FD [pid 322] +++ exited with 0 +++ [pid 302] <... ioctl resumed>) = 0 [pid 301] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ [pid 297] +++ exited with 0 +++ [pid 295] +++ exited with 0 +++ [pid 302] close(4) = 0 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=13, si_stime=17} --- [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=7, si_stime=24} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 290] restart_syscall(<... resuming interrupted clone ...> [pid 302] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 21.582510][ T24] audit: type=1400 audit(1740892504.579:75): avc: denied { write open } for pid=297 comm="syz-executor351" path="/root/syzkaller.xQeVIV/0/file2/file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.584104][ T322] F2FS-fs (loop2): switch discard_unit option is not allowed [ 21.607785][ T302] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 21.622611][ T304] F2FS-fs (loop0): invalid crc value [pid 302] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202) = 4 [pid 302] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... ioctl resumed>, 0x400000000180) = 0 [pid 302] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 292] <... restart_syscall resumed>) = 0 [pid 290] <... restart_syscall resumed>) = 0 [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 290] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 290] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 292] newfstatat(3, "", [pid 290] newfstatat(3, "", [pid 292] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, [pid 290] getdents64(3, [pid 292] <... getdents64 resumed>0x55558314a730 /* 4 entries */, 32768) = 112 [pid 290] <... getdents64 resumed>0x55558314a730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 21.633407][ T304] F2FS-fs (loop0): Found nat_bits in checkpoint [ 21.665873][ T111] attempt to access beyond end of device [ 21.665873][ T111] loop2: rw=2049, want=40968, limit=40427 [ 21.668849][ T300] F2FS-fs (loop3): Start checkpoint disabled! [pid 290] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2565000 [pid 293] mprotect(0x7f12a2566000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a2585990, parent_tid=0x7f12a2585990, exit_signal=0, stack=0x7f12a2565000, stack_size=0x20300, tls=0x7f12a25856c0} => {parent_tid=[327]}, 88) = 327 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7f12a26766d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x7f12a25859a0, 24) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] fspick(AT_FDCWD, ".", 0) = 5 [pid 304] <... mount resumed>) = 0 [pid 302] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 304] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file2") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202) = 4 [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x400000000180) = 0 [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [ 21.685742][ T9] attempt to access beyond end of device [ 21.685742][ T9] loop4: rw=2049, want=40968, limit=40427 [ 21.703259][ T304] F2FS-fs (loop0): Start checkpoint disabled! [ 21.710182][ T304] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 21.717223][ T304] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 21.725211][ T300] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 304] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7f12a26766ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2544000 [pid 293] mprotect(0x7f12a2545000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a2564990, parent_tid=0x7f12a2564990, exit_signal=0, stack=0x7f12a2544000, stack_size=0x20300, tls=0x7f12a25646c0} => {parent_tid=[330]}, 88) = 330 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7f12a26766e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7f12a26766ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f12a26766d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7f12a25649a0, 24 [pid 300] <... mount resumed>) = 0 [pid 330] <... set_robust_list resumed>) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], [pid 300] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 330] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 300] <... openat resumed>) = 3 [pid 302] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 300] chdir("./file2") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4 [pid 330] futex(0x7f12a26766ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] exit_group(0 [pid 327] <... futex resumed>) = ? [pid 302] <... futex resumed>) = ? [pid 293] <... exit_group resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ [pid 330] <... futex resumed>) = ? [pid 330] +++ exited with 0 +++ [pid 293] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=0, si_utime=7, si_stime=22} --- [pid 289] restart_syscall(<... resuming interrupted clone ...> [pid 304] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] fspick(AT_FDCWD, ".", 0) = 5 [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... futex resumed>) = 0 [pid 294] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 304] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 289] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 304] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 304] <... futex resumed>) = 1 [pid 294] <... futex resumed>) = 0 [pid 289] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] exit_group(0) = ? [pid 289] <... openat resumed>) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 304] +++ exited with 0 +++ [pid 294] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=5, si_stime=17} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 288] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [ 21.738817][ T300] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 21.746992][ T330] F2FS-fs (loop1): switch discard_unit option is not allowed [ 21.767939][ T304] F2FS-fs (loop0): switch discard_unit option is not allowed [pid 288] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] <... close resumed>) = 0 [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = 1 [pid 300] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... openat resumed>) = 4 [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 300] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ioctl resumed>, 0x400000000180) = 0 [pid 296] <... futex resumed>) = 0 [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 290] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./0/file2") = 0 [pid 290] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./0/binderfs") = 0 [pid 290] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./0") = 0 [pid 290] mkdir("./1", 0777) = 0 [ 21.796656][ T111] attempt to access beyond end of device [ 21.796656][ T111] loop1: rw=2049, want=40968, limit=40427 [ 21.818265][ T9] attempt to access beyond end of device [ 21.818265][ T9] loop0: rw=2049, want=40968, limit=40427 [pid 290] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 300] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 292] rmdir("./0/file2" [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... rmdir resumed>) = 0 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./0/binderfs") = 0 [pid 292] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./0") = 0 [pid 292] mkdir("./1", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] fspick(AT_FDCWD, ".", 0) = 5 [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 292] <... openat resumed>) = 3 [pid 290] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 290] ioctl(3, LOOP_CLR_FD [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] close(3 [pid 290] close(3 [pid 300] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... close resumed>) = 0 [pid 290] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... futex resumed>) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] exit_group(0 [pid 292] <... clone resumed>, child_tidptr=0x555583149690) = 332 [pid 290] <... clone resumed>, child_tidptr=0x555583149690) = 331 [pid 296] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x5555831496a0, 24) = 0 [pid 331] chdir("./1") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 331] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[333]}, 88) = 333 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 300] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=8, si_stime=25} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 332 attached [pid 291] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 332] set_robust_list(0x5555831496a0, 24 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 332] <... set_robust_list resumed>) = 0 [pid 291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", [pid 332] chdir("./1" [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 332] <... chdir resumed>) = 0 [pid 291] getdents64(3, [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 291] <... getdents64 resumed>0x55558314a730 /* 4 entries */, 32768) = 112 [pid 332] <... prctl resumed>) = 0 [pid 291] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18executing program ) = 18 [pid 332] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 332] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[334]}, 88) = 334 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [ 21.885050][ T300] F2FS-fs (loop3): switch discard_unit option is not allowed [pid 289] <... umount2 resumed>) = 0 [pid 289] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./0/file2") = 0 [pid 289] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./0/binderfs") = 0 [pid 289] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./0") = 0 [pid 289] mkdir("./1", 0777) = 0 [ 21.968733][ T9] attempt to access beyond end of device [ 21.968733][ T9] loop3: rw=2049, want=40968, limit=40427 [pid 289] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 288] <... umount2 resumed>) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 288] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] <... clone resumed>, child_tidptr=0x555583149690) = 335 [pid 288] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 288] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 288] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 288] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 288] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 288] close(4) = 0 [pid 288] rmdir("./0/file2") = 0 [pid 288] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x5555831496a0, 24 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 335] <... set_robust_list resumed>) = 0 [pid 335] chdir("./1" [pid 288] newfstatat(AT_FDCWD, "./0/binderfs", [pid 335] <... chdir resumed>) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 288] unlink("./0/binderfs" [pid 335] <... setpgid resumed>) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 288] <... unlink resumed>) = 0 [pid 335] write(3, "1000", 4) = 4 [pid 288] getdents64(3, [pid 335] close(3) = 0 [pid 288] <... getdents64 resumed>0x55558314a730 /* 0 entries */, 32768) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 335] write(1, "executing program\n", 18) = 18 [pid 335] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 335] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [pid 288] close(3 [pid 335] <... rt_sigprocmask resumed>[], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[336]}, 88) = 336 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 288] <... close resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 288] rmdir("./0") = 0 [pid 288] mkdir("./1", 0777) = 0 [pid 288] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] memfd_create("syzkaller", 0) = 3 [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 288] <... openat resumed>) = 3 [pid 288] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 288] close(3) = 0 [pid 288] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x5555831496a0, 24) = 0 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 337] chdir("./1") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] write(1, "executing program\n", 18executing program ) = 18 [pid 337] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 337] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[338]}, 88) = 338 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./0/file2") = 0 [pid 291] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./0/binderfs") = 0 [pid 291] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./0") = 0 [pid 291] mkdir("./1", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x5555831496a0, 24) = 0 [pid 339] chdir("./1") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 339] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[340]}, 88) = 340 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7f12a25a69a0, 24) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] memfd_create("syzkaller", 0) = 3 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 334] <... write resumed>) = 20699119 [pid 334] munmap(0x7f129a186000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] close(4) = 0 [pid 334] mkdir("./file2", 0777) = 0 [pid 334] mount("/dev/loop4", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 333] <... write resumed>) = 20699119 [pid 333] munmap(0x7f129a186000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./file2", 0777) = 0 [ 22.272129][ T334] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 22.281254][ T334] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 22.301334][ T334] F2FS-fs (loop4): invalid crc value [ 22.321329][ T333] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 22.335936][ T333] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 22.344548][ T334] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 333] mount("/dev/loop2", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [ 22.385782][ T333] F2FS-fs (loop2): invalid crc value [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [ 22.406091][ T333] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 338] <... write resumed>) = 20699119 [pid 338] munmap(0x7f129a186000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [ 22.467024][ T334] F2FS-fs (loop4): Start checkpoint disabled! [ 22.483134][ T333] F2FS-fs (loop2): Start checkpoint disabled! [ 22.489551][ T334] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 22.505708][ T334] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [pid 338] close(4 [pid 334] <... mount resumed>) = 0 [pid 334] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file2") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 338] <... close resumed>) = 0 [pid 334] <... openat resumed>) = 4 [pid 338] mkdir("./file2", 0777 [pid 334] ioctl(4, LOOP_CLR_FD [pid 338] <... mkdir resumed>) = 0 [pid 338] mount("/dev/loop0", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 336] <... write resumed>) = 20699119 [pid 336] munmap(0x7f129a186000, 138412032) = 0 [pid 336] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 333] <... mount resumed>) = 0 [pid 333] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./file2") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 340] <... write resumed>) = 20699119 [pid 340] munmap(0x7f129a186000, 138412032) = 0 [ 22.506144][ T333] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 22.530177][ T333] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [pid 340] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 334] <... ioctl resumed>) = 0 [pid 334] close(4) = 0 [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 334] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... openat resumed>) = 4 [pid 332] <... futex resumed>) = 0 [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... ioctl resumed>, 0x400000000180) = 0 [pid 332] <... futex resumed>) = 0 [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... openat resumed>) = 4 [pid 336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 336] close(3) = 0 [pid 336] close(4 [pid 333] <... openat resumed>) = 4 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 333] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... openat resumed>) = 4 [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... openat resumed>) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x400000000180) = 0 [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 334] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] fspick(AT_FDCWD, ".", 0) = 5 [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 336] <... close resumed>) = 0 [pid 336] mkdir("./file2", 0777) = 0 [pid 336] mount("/dev/loop1", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 333] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 334] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 334] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] exit_group(0) = ? [pid 340] <... ioctl resumed>) = 0 [pid 340] close(3) = 0 [pid 340] close(4 [pid 334] <... futex resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 332] +++ exited with 0 +++ [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=6, si_stime=16} --- [pid 331] <... futex resumed>) = 1 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 333] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... restart_syscall resumed>) = 0 [pid 333] fspick(AT_FDCWD, ".", 0) = 5 [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... futex resumed>) = 1 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 331] <... futex resumed>) = 0 [pid 331] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 22.569319][ T338] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 22.581403][ T338] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 22.590718][ T338] F2FS-fs (loop0): invalid crc value [ 22.597036][ T338] F2FS-fs (loop0): Found nat_bits in checkpoint [ 22.607953][ T334] F2FS-fs (loop4): switch discard_unit option is not allowed [pid 333] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 292] <... openat resumed>) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 333] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... mount resumed>) = 0 [pid 331] <... futex resumed>) = 0 [pid 338] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("./file2") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 331] exit_group(0 [pid 333] <... futex resumed>) = ? [pid 331] <... exit_group resumed>) = ? [pid 333] +++ exited with 0 +++ [pid 340] <... close resumed>) = 0 [pid 340] mkdir("./file2", 0777 [pid 331] +++ exited with 0 +++ [pid 340] <... mkdir resumed>) = 0 [pid 340] mount("/dev/loop3", "./file2", "f2fs", 0, "noinline_xattr,active_logs=4,active_logs=4,jqfmt=vfsv1,noinline_data,user_xattr,checkpoint=disable,f"... [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=15, si_stime=18} --- [ 22.627909][ T333] F2FS-fs (loop2): switch discard_unit option is not allowed [ 22.638037][ T338] F2FS-fs (loop0): Start checkpoint disabled! [ 22.644564][ T338] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 22.651716][ T338] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 22.652256][ T9] attempt to access beyond end of device [ 22.652256][ T9] loop4: rw=2049, want=40968, limit=40427 [ 22.670608][ T336] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [pid 290] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 338] <... openat resumed>) = 4 [ 22.677903][ T336] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 22.687169][ T336] F2FS-fs (loop1): invalid crc value [ 22.697980][ T336] F2FS-fs (loop1): Found nat_bits in checkpoint [ 22.705614][ T9] attempt to access beyond end of device [ 22.705614][ T9] loop2: rw=2049, want=40968, limit=40427 [pid 338] ioctl(4, LOOP_CLR_FD [pid 336] <... mount resumed>) = 0 [pid 336] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 336] chdir("./file2") = 0 [pid 336] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 338] <... ioctl resumed>) = 0 [ 22.730962][ T340] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 22.739368][ T336] F2FS-fs (loop1): Start checkpoint disabled! [ 22.743557][ T340] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 22.749833][ T336] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 22.754371][ T340] F2FS-fs (loop3): invalid crc value [ 22.760638][ T336] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 22.767064][ T340] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 338] close(4 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./1/file2") = 0 [pid 292] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./1/binderfs") = 0 [pid 292] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./1") = 0 [pid 292] mkdir("./2", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 336] <... openat resumed>) = 4 [pid 336] ioctl(4, LOOP_CLR_FD) = 0 [pid 336] close(4) = 0 [pid 338] <... close resumed>) = 0 [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... openat resumed>) = 3 [pid 338] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... futex resumed>) = 0 [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 336] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202 [pid 337] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202) = 4 [pid 338] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] <... openat resumed>) = 4 [pid 337] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] ioctl(3, LOOP_CLR_FD [pid 337] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 1 [pid 336] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 338] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x400000000180) = 0 [pid 338] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... ioctl resumed>, 0x400000000180) = 0 [pid 292] close(3 [pid 337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 1 [pid 338] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 337] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 292] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x5555831496a0, 24) = 0 [pid 363] chdir("./2") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 363] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[364]}, 88) = 364 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.806930][ T340] F2FS-fs (loop3): Start checkpoint disabled! [ 22.815281][ T340] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 22.822301][ T340] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [pid 363] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 340] <... mount resumed>) = 0 [pid 340] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 340] chdir("./file2") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 364 attached [pid 340] close(4 [pid 364] set_robust_list(0x7f12a25a69a0, 24 [pid 336] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 364] <... set_robust_list resumed>) = 0 [pid 340] <... close resumed>) = 0 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] memfd_create("syzkaller", 0 [pid 340] <... futex resumed>) = 1 [pid 340] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... memfd_create resumed>) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f129a186000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] <... futex resumed>) = 0 [pid 340] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 0202) = 4 [pid 340] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 340] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x400000000180) = 0 [pid 340] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] fspick(AT_FDCWD, ".", 0 [pid 339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... fspick resumed>) = 5 [pid 340] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x4000000000c0 [pid 339] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = -1 EINVAL (Invalid argument) [pid 336] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 335] exit_group(0) = ? [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 337] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2565000 [pid 337] mprotect(0x7f12a2566000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a2585990, parent_tid=0x7f12a2585990, exit_signal=0, stack=0x7f12a2565000, stack_size=0x20300, tls=0x7f12a25856c0} => {parent_tid=[365]}, 88) = 365 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7f12a26766d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] +++ exited with 0 +++ [pid 335] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=9, si_stime=19} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 365 attached [pid 338] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 338] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] set_robust_list(0x7f12a25859a0, 24 [pid 338] futex(0x7f12a26766c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 365] <... set_robust_list resumed>) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] fspick(AT_FDCWD, ".", 0) = 5 [pid 365] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = 0 [pid 365] futex(0x7f12a26766d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 289] <... restart_syscall resumed>) = 0 [pid 289] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 339] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 339] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2565000 [pid 339] mprotect(0x7f12a2566000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a2585990, parent_tid=0x7f12a2585990, exit_signal=0, stack=0x7f12a2565000, stack_size=0x20300, tls=0x7f12a25856c0} => {parent_tid=[366]}, 88) = 366 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f12a26766d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... umount2 resumed>) = 0 [pid 338] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f12a25859a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] fspick(AT_FDCWD, ".", 0) = 5 [pid 290] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 366] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] newfstatat(AT_FDCWD, "./1/file2", [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f12a26766d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f12a26766dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 366] <... futex resumed>) = 1 [ 22.881713][ T336] F2FS-fs (loop1): switch discard_unit option is not allowed [ 22.906222][ T338] F2FS-fs (loop0): switch discard_unit option is not allowed [ 22.940497][ T366] F2FS-fs (loop3): switch discard_unit option is not allowed [ 22.940917][ T340] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 22.959254][ T340] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 22.965858][ T111] attempt to access beyond end of device [ 22.965858][ T111] loop1: rw=2049, want=40968, limit=40427 [ 22.967582][ T340] CPU: 0 PID: 340 Comm: syz-executor351 Not tainted 5.10.234-syzkaller-00023-g3f5f2283d684 #0 [pid 366] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0executing program [pid 338] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 290] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(4, 0x555583152770 /* 2 entries */, 32768) = 48 [pid 290] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 290] close(4) = 0 [pid 290] rmdir("./1/file2") = 0 [pid 290] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 290] unlink("./1/binderfs") = 0 [pid 290] getdents64(3, 0x55558314a730 /* 0 entries */, 32768) = 0 [pid 290] close(3) = 0 [pid 290] rmdir("./1") = 0 [pid 290] mkdir("./2", 0777) = 0 [pid 290] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 290] close(3) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555583149690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x5555831496a0, 24) = 0 [pid 367] chdir("./2") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18) = 18 [pid 367] futex(0x7f12a26766cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7f12a2610260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f12a2601410}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f12a2586000 [pid 367] mprotect(0x7f12a2587000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f12a25a6990, parent_tid=0x7f12a25a6990, exit_signal=0, stack=0x7f12a2586000, stack_size=0x20300, tls=0x7f12a25a66c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f12a26766c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f12a26766cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 366] <... fsconfig resumed>) = -1 EINVAL (Invalid argument) [pid 366] futex(0x7f12a26766dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 366] <... futex resumed>) = 1 [ 22.988668][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 22.998597][ T340] RIP: 0010:update_sit_entry+0x5df/0x1050 [ 23.004114][ T340] Code: 4d 90 48 8d 5c c8 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ee 93 88 ff 4c 8b 33 4d 01 fe 4d 89 f4 49 c1 ec 03 <43> 0f b6 04 2c 84 c0 0f 85 21 09 00 00 41 0f b6 1e 41 89 df 8b 45 [ 23.023557][ T340] RSP: 0018:ffffc90000e372b8 EFLAGS: 00010206 [ 23.029453][ T340] RAX: 1ffff11021dbbb35 RBX: ffff88810eddd9a8 RCX: 0000000000000032 [ 23.037263][ T340] RDX: ffff88810f2ccf00 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.045081][ T340] RBP: ffffc90000e37350 R08: ffffffff821fc9b0 R09: ffffffff821fc50d [ 23.052886][ T340] R10: 0000000000000003 R11: ffff88810f2ccf00 R12: 0000000000000005 [ 23.060698][ T340] R13: dffffc0000000000 R14: 000000000000002b R15: 000000000000002b [ 23.068510][ T340] FS: 00007f12a25a66c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.077279][ T340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.083697][ T340] CR2: 00007f12a2585d58 CR3: 000000010d73f000 CR4: 00000000003506b0 [ 23.091514][ T340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.099322][ T340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.107130][ T340] Call Trace: [ 23.110267][ T340] ? __die_body+0x62/0xb0 [ 23.114433][ T340] ? die_addr+0x9f/0xd0 [ 23.118421][ T340] ? exc_general_protection+0x3ff/0x490 [ 23.123803][ T340] ? asm_exc_general_protection+0x1e/0x30 [ 23.129357][ T340] ? update_sit_entry+0x2d/0x1050 [ 23.134217][ T340] ? update_sit_entry+0x4d0/0x1050 [ 23.139168][ T340] ? update_sit_entry+0x5df/0x1050 [ 23.144109][ T340] ? update_sit_entry+0x4d0/0x1050 [ 23.149060][ T340] f2fs_allocate_data_block+0x1512/0x3680 [ 23.154614][ T340] ? __kasan_check_write+0x14/0x20 [ 23.159559][ T340] ? _raw_spin_unlock+0x4d/0x70 [ 23.164246][ T340] ? f2fs_free_inode+0x30/0x30 [ 23.168847][ T340] ? f2fs_io_type_to_rw_hint+0x210/0x210 [ 23.174314][ T340] ? f2fs_mark_inode_dirty_sync+0x10d/0x140 [ 23.180042][ T340] ? inc_valid_block_count+0x583/0xb20 [ 23.185338][ T340] __allocate_data_block+0x5a7/0xb10 [ 23.190475][ T340] ? __kasan_check_write+0x14/0x20 [ 23.195419][ T340] ? f2fs_map_blocks+0x3e50/0x3e50 [ 23.200355][ T340] ? _raw_spin_unlock+0x4d/0x70 [ 23.205039][ T340] ? remove_wait_queue+0x140/0x140 [ 23.209989][ T340] f2fs_map_blocks+0x18ef/0x3e50 [ 23.214762][ T340] ? f2fs_do_map_lock+0x280/0x280 [ 23.219620][ T340] ? __kasan_check_write+0x14/0x20 [ 23.224573][ T340] expand_inode_data+0x682/0xc10 [ 23.229343][ T340] ? f2fs_insert_range+0x590/0x590 [ 23.234286][ T340] ? file_update_time+0x34e/0x460 [ 23.239148][ T340] ? file_remove_privs+0x570/0x570 [ 23.244097][ T340] f2fs_fallocate+0x429/0x7e0 [ 23.248611][ T340] vfs_fallocate+0x492/0x570 [ 23.253036][ T340] do_vfs_ioctl+0x1686/0x1a30 [ 23.257550][ T340] ? ioctl_has_perm+0x3f0/0x560 [ 23.262240][ T340] ? __x32_compat_sys_ioctl+0x90/0x90 [ 23.267441][ T340] ? has_cap_mac_admin+0x3c0/0x3c0 [ 23.272390][ T340] ? __kasan_check_write+0x14/0x20 [ 23.277338][ T340] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.282281][ T340] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 23.287230][ T340] ? selinux_file_ioctl+0x3cc/0x540 [ 23.292265][ T340] ? selinux_file_alloc_security+0x120/0x120 [ 23.298082][ T340] ? __fget_files+0x31e/0x380 [ 23.302593][ T340] ? security_file_ioctl+0x84/0xb0 [ 23.307538][ T340] __se_sys_ioctl+0x99/0x190 [ 23.311965][ T340] __x64_sys_ioctl+0x7b/0x90 [ 23.316392][ T340] do_syscall_64+0x34/0x70 [ 23.320644][ T340] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.326373][ T340] RIP: 0033:0x7f12a25e9e49 [ 23.330626][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 23.350066][ T340] RSP: 002b:00007f12a25a6218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 23.358311][ T340] RAX: ffffffffffffffda RBX: 00007f12a26766c8 RCX: 00007f12a25e9e49 [ 23.366121][ T340] RDX: 00004000000000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 23.373933][ T340] RBP: 00007f12a26766c0 R08: 0000000000000000 R09: 0000000000000000 [ 23.381746][ T340] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f12a26435f0 [pid 366] futex(0x7f12a26766d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 337] exit_group(0) = ? [pid 365] <... futex resumed>) = ? [pid 365] +++ exited with 0 +++ [pid 338] <... futex resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ [pid 288] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=9, si_stime=16} --- [pid 288] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7f12a25a69a0, 24 [pid 288] <... restart_syscall resumed>) = 0 [pid 368] <... set_robust_list resumed>) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] memfd_create("syzkaller", 0 [pid 288] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 368] <... memfd_create resumed>) = 3 [pid 288] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 23.389557][ T340] R13: 00004000000000c0 R14: 00004000000000e0 R15: 0000400000000000 [ 23.397366][ T340] Modules linked in: [ 23.413548][ T340] ---[ end trace 4205fd3784f46533 ]--- [ 23.420439][ T340] RIP: 0010:update_sit_entry+0x5df/0x1050 [pid 288] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 288] newfstatat(3, "", [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 288] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 368] <... mmap resumed>) = 0x7f129a186000 [pid 288] getdents64(3, 0x55558314a730 /* 4 entries */, 32768) = 112 [pid 288] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 23.426601][ T340] Code: 4d 90 48 8d 5c c8 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ee 93 88 ff 4c 8b 33 4d 01 fe 4d 89 f4 49 c1 ec 03 <43> 0f b6 04 2c 84 c0 0f 85 21 09 00 00 41 0f b6 1e 41 89 df 8b 45 [ 23.446484][ T340] RSP: 0018:ffffc90000e372b8 EFLAGS: 00010206 [ 23.475867][ T340] RAX: 1ffff11021dbbb35 RBX: ffff88810eddd9a8 RCX: 0000000000000032 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 339] exit_group(0 [pid 366] <... futex resumed>) = ? [pid 339] <... exit_group resumed>) = ? [pid 366] +++ exited with 0 +++ [ 23.485772][ T340] RDX: ffff88810f2ccf00 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.487821][ T9] attempt to access beyond end of device [ 23.487821][ T9] loop0: rw=2049, want=40968, limit=40427 [ 23.493552][ T340] RBP: ffffc90000e37350 R08: ffffffff821fc9b0 R09: ffffffff821fc50d [ 23.493566][ T340] R10: 0000000000000003 R11: ffff88810f2ccf00 R12: 0000000000000005 [pid 364] <... write resumed>) = 20699119 [pid 289] <... umount2 resumed>) = 0 [pid 364] munmap(0x7f129a186000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3 [pid 289] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, [pid 364] <... ioctl resumed>) = 0 [pid 289] <... getdents64 resumed>0x555583152770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555583152770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./1/file2" [pid 364] close(3) = 0 [pid 364] close(4 [pid 289] <... rmdir resumed>) = 0 [pid 289] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./1/binderfs"