./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2133408660 <...> Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts. execve("./syz-executor2133408660", ["./syz-executor2133408660"], 0x7ffc60c03d30 /* 10 vars */) = 0 brk(NULL) = 0x55557e351000 brk(0x55557e351d40) = 0x55557e351d40 arch_prctl(ARCH_SET_FS, 0x55557e3513c0) = 0 set_tid_address(0x55557e351690) = 290 set_robust_list(0x55557e3516a0, 24) = 0 rseq(0x55557e351ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2133408660", 4096) = 28 getrandom("\x26\x13\xb9\x57\x75\xe6\xed\xbf", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557e351d40 brk(0x55557e372d40) = 0x55557e372d40 brk(0x55557e373000) = 0x55557e373000 mprotect(0x7f70b9193000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x55557e3516a0, 24) = 0 [pid 295] mkdir("./syzkaller.83NlVW", 0700) = 0 [pid 295] chmod("./syzkaller.83NlVW", 0777) = 0 [pid 295] chdir("./syzkaller.83NlVW") = 0 [pid 295] mkdir("./0", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x55557e3516a0, 24) = 0 executing program [pid 296] chdir("./0") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] write(1, "executing program\n", 18) = 18 [pid 296] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 296] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[297]}, 88) = 297 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 ./strace-static-x86_64: Process 291 attached ./strace-static-x86_64: Process 292 attached ./strace-static-x86_64: Process 293 attached ./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x55557e3516a0, 24 [pid 293] set_robust_list(0x55557e3516a0, 24 [pid 292] set_robust_list(0x55557e3516a0, 24 [pid 291] set_robust_list(0x55557e3516a0, 24 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] <... set_robust_list resumed>) = 0 [pid 292] <... set_robust_list resumed>) = 0 [pid 291] <... set_robust_list resumed>) = 0 [pid 294] mkdir("./syzkaller.3njL3S", 0700 [pid 293] mkdir("./syzkaller.UQKNlz", 0700 [pid 291] mkdir("./syzkaller.4YODlF", 0700 [pid 292] mkdir("./syzkaller.AXZic9", 0700 [pid 293] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 293] chmod("./syzkaller.UQKNlz", 0777 [pid 292] chmod("./syzkaller.AXZic9", 0777 [pid 294] chmod("./syzkaller.3njL3S", 0777 [pid 291] chmod("./syzkaller.4YODlF", 0777 [pid 293] <... chmod resumed>) = 0 [pid 292] <... chmod resumed>) = 0 [ 34.414453][ T28] audit: type=1400 audit(1750204221.112:64): avc: denied { execmem } for pid=290 comm="syz-executor213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 34.439296][ T28] audit: type=1400 audit(1750204221.122:65): avc: denied { read write } for pid=295 comm="syz-executor213" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 294] <... chmod resumed>) = 0 [pid 293] chdir("./syzkaller.UQKNlz" [pid 292] chdir("./syzkaller.AXZic9" [pid 291] <... chmod resumed>) = 0 [pid 294] chdir("./syzkaller.3njL3S" [pid 293] <... chdir resumed>) = 0 [pid 292] <... chdir resumed>) = 0 [pid 291] chdir("./syzkaller.4YODlF" [pid 293] mkdir("./0", 0777 [pid 294] <... chdir resumed>) = 0 [pid 291] <... chdir resumed>) = 0 [pid 292] mkdir("./0", 0777 [pid 293] <... mkdir resumed>) = 0 [pid 294] mkdir("./0", 0777 [pid 291] mkdir("./0", 0777 [pid 292] <... mkdir resumed>) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 294] <... openat resumed>) = 3 [pid 293] <... openat resumed>) = 3 [pid 292] <... openat resumed>) = 3 [pid 291] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] ioctl(3, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] close(3 [pid 294] close(3 [pid 293] close(3 [pid 291] close(3 [pid 292] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... close resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] <... clone resumed>, child_tidptr=0x55557e351690) = 300 [pid 293] <... clone resumed>, child_tidptr=0x55557e351690) = 302 [pid 292] <... clone resumed>, child_tidptr=0x55557e351690) = 299 [pid 291] <... clone resumed>, child_tidptr=0x55557e351690) = 301 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55557e3516a0, 24) = 0 [pid 299] chdir("./0") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 299] write(1, "executing program\n", 18) = 18 [pid 299] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 301 attached NULL, 8) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 301] set_robust_list(0x55557e3516a0, 24) = 0 [pid 299] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE [pid 301] chdir("./0" [pid 299] <... mprotect resumed>) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... chdir resumed>) = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0 [pid 299] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} [pid 301] <... setpgid resumed>) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] <... clone3 resumed> => {parent_tid=[303]}, 88) = 303 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 302 attached executing program ) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 301] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} [pid 302] set_robust_list(0x55557e3516a0, 24 [pid 301] <... clone3 resumed> => {parent_tid=[304]}, 88) = 304 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 300 attached [pid 302] <... set_robust_list resumed>) = 0 [pid 302] chdir("./0"./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] memfd_create("syzkaller", 0 [pid 300] set_robust_list(0x55557e3516a0, 24./strace-static-x86_64: Process 304 attached [pid 302] <... chdir resumed>) = 0 [pid 304] set_robust_list(0x7f70b90bd9a0, 24 [pid 303] <... memfd_create resumed>) = 3 [pid 304] <... set_robust_list resumed>) = 0 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 303] <... mmap resumed>) = 0x7f70b0c9d000 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... set_robust_list resumed>) = 0 [ 34.466686][ T28] audit: type=1400 audit(1750204221.122:66): avc: denied { open } for pid=295 comm="syz-executor213" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 304] memfd_create("syzkaller", 0) = 3 [pid 300] chdir("./0" [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 302] <... prctl resumed>) = 0 [pid 300] <... chdir resumed>) = 0 [pid 302] setpgid(0, 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 302] <... setpgid resumed>) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... prctl resumed>) = 0 [pid 302] <... openat resumed>) = 3 [pid 300] setpgid(0, 0) = 0 [pid 302] write(3, "1000", 4 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 302] <... write resumed>) = 4 [pid 302] close(3 [pid 300] <... openat resumed>) = 3 [pid 302] <... close resumed>) = 0 [pid 300] write(3, "1000", 4 [pid 302] symlink("/dev/binderfs", "./binderfs" [pid 300] <... write resumed>) = 4 [pid 302] <... symlink resumed>) = 0 [pid 300] close(3) = 0 [pid 302] write(1, "executing program\n", 18executing program [pid 300] symlink("/dev/binderfs", "./binderfs" [pid 302] <... write resumed>) = 18 [pid 300] <... symlink resumed>) = 0 [pid 302] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 300] write(1, "executing program\n", 18 [pid 302] <... futex resumed>) = 0 [pid 300] <... write resumed>) = 18 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, [pid 300] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] <... futex resumed>) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, [pid 302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... rt_sigaction resumed>NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 302] <... mmap resumed>) = 0x7f70b909d000 [pid 300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 302] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE [pid 300] <... mmap resumed>) = 0x7f70b909d000 [pid 302] <... mprotect resumed>) = 0 [pid 300] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [pid 302] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... rt_sigprocmask resumed>[], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[305]}, 88) = 305 [pid 302] <... clone3 resumed> => {parent_tid=[306]}, 88) = 306 [pid 300] rt_sigprocmask(SIG_SETMASK, [], [pid 302] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 302] <... futex resumed>) = 0 [pid 300] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 302] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7f70b90bd9a0, 24 [pid 305] set_robust_list(0x7f70b90bd9a0, 24 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 305] rt_sigprocmask(SIG_SETMASK, [], [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] memfd_create("syzkaller", 0 [pid 305] memfd_create("syzkaller", 0 [pid 306] <... memfd_create resumed>) = 3 [pid 305] <... memfd_create resumed>) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 306] <... mmap resumed>) = 0x7f70b0c9d000 [pid 305] <... mmap resumed>) = 0x7f70b0c9d000 [ 34.571206][ T28] audit: type=1400 audit(1750204221.122:67): avc: denied { ioctl } for pid=295 comm="syz-executor213" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 297] <... write resumed>) = 67108864 [pid 297] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("./file0", 0777) = 0 [ 35.744732][ T297] loop4: detected capacity change from 0 to 131072 [ 35.764756][ T297] ======================================================= [ 35.764756][ T297] WARNING: The mand mount option has been deprecated and [ 35.764756][ T297] and is ignored by this kernel. Remove the mand [ 35.764756][ T297] option from the mount to silence this warning. [ 35.764756][ T297] ======================================================= [ 35.767574][ T28] audit: type=1400 audit(1750204222.462:68): avc: denied { mounton } for pid=296 comm="syz-executor213" path="/root/syzkaller.83NlVW/0/file0" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 35.881878][ T297] F2FS-fs (loop4): invalid crc value [ 35.912006][ T297] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 297] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "") = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [ 36.021238][ T297] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 36.031431][ T28] audit: type=1400 audit(1750204222.732:69): avc: denied { mount } for pid=296 comm="syz-executor213" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 36.043294][ T297] F2FS-fs (loop4): access invalid blkaddr:2147563524 [pid 297] truncate("./file3", 7326 [pid 306] <... write resumed>) = 67108864 [pid 305] <... write resumed>) = 67108864 [pid 304] <... write resumed>) = 67108864 [pid 303] <... write resumed>) = 67108864 [ 36.076581][ T297] CPU: 0 PID: 297 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 36.086773][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.096845][ T297] Call Trace: [ 36.100129][ T297] [ 36.103047][ T297] __dump_stack+0x21/0x24 [ 36.107405][ T297] dump_stack_lvl+0xee/0x150 [ 36.111980][ T297] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.116984][ T297] ? __kasan_check_write+0x14/0x20 [ 36.122094][ T297] dump_stack+0x15/0x24 [pid 306] munmap(0x7f70b0c9d000, 138412032 [pid 305] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 306] <... munmap resumed>) = 0 [pid 304] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 305] <... openat resumed>) = 4 [pid 306] <... openat resumed>) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 305] ioctl(4, LOOP_SET_FD, 3 [pid 303] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 303] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3 [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] close(4) = 0 [ 36.126256][ T297] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 36.131815][ T297] f2fs_is_valid_blkaddr+0x23/0x30 [ 36.132099][ T306] loop2: detected capacity change from 0 to 131072 [ 36.136937][ T297] sanity_check_extent_cache+0x1c5/0x480 [ 36.136962][ T297] f2fs_iget+0x3312/0x4cb0 [ 36.136987][ T297] f2fs_lookup+0x366/0xab0 [ 36.137001][ T297] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 36.144060][ T305] loop3: detected capacity change from 0 to 131072 [ 36.149120][ T297] ? __cfi_f2fs_lookup+0x10/0x10 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 305] <... ioctl resumed>) = 0 [pid 305] close(3) = 0 [pid 305] close(4) = 0 [pid 305] mkdir("./file0", 0777) = 0 [pid 305] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 306] <... ioctl resumed>) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file0", 0777) = 0 [pid 306] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 303] <... ioctl resumed>) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file0", 0777) = 0 [ 36.149141][ T297] ? __cfi_d_alloc_parallel+0x10/0x10 [ 36.149161][ T297] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 36.149179][ T297] ? downgrade_write+0x350/0x350 [ 36.149200][ T297] __lookup_slow+0x2c7/0x3f0 [ 36.157824][ T304] loop0: detected capacity change from 0 to 131072 [ 36.158075][ T297] ? lookup_one_len+0x2d0/0x2d0 [ 36.164424][ T303] loop1: detected capacity change from 0 to 131072 [ 36.170001][ T297] ? down_read+0xa0/0xf0 [ 36.170025][ T297] lookup_slow+0x57/0x70 [ 36.170038][ T297] walk_component+0x2f4/0x420 [ 36.170058][ T297] path_lookupat+0x180/0x490 [ 36.170079][ T297] filename_lookup+0x1f0/0x500 [ 36.218726][ T305] F2FS-fs (loop3): invalid crc value [ 36.221792][ T297] ? __cfi_filename_lookup+0x10/0x10 [ 36.221823][ T297] ? strncpy_from_user+0x17a/0x2d0 [ 36.221844][ T297] user_path_at_empty+0x47/0x1c0 [ 36.221858][ T297] do_sys_truncate+0xa3/0x190 [ 36.226970][ T304] F2FS-fs (loop0): invalid crc value [ 36.231121][ T297] ? __cfi_do_sys_truncate+0x10/0x10 [ 36.272804][ T297] ? fpregs_restore_userregs+0x128/0x260 [ 36.278431][ T297] __x64_sys_truncate+0x5b/0x70 [ 36.283270][ T297] x64_sys_call+0x679/0x9a0 [ 36.287798][ T297] do_syscall_64+0x4c/0xa0 [ 36.292196][ T297] ? clear_bhb_loop+0x15/0x70 [ 36.296894][ T297] ? clear_bhb_loop+0x15/0x70 [ 36.301559][ T297] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.307437][ T297] RIP: 0033:0x7f70b9100b89 [ 36.311841][ T297] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.331430][ T297] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 36.339831][ T297] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 36.347783][ T297] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 36.355737][ T297] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 36.363687][ T297] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [pid 303] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 296] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[316]}, 88) = 316 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 297] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 297] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 36.371900][ T297] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 36.379855][ T297] [ 36.384005][ T306] F2FS-fs (loop2): invalid crc value [ 36.395787][ T297] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 36.396910][ T303] F2FS-fs (loop1): invalid crc value [pid 297] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 36.437357][ T316] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 36.438725][ T306] F2FS-fs (loop2): Found nat_bits in checkpoint [ 36.447047][ T316] CPU: 0 PID: 316 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 36.460474][ T316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.470532][ T316] Call Trace: [ 36.473804][ T316] [ 36.476731][ T316] __dump_stack+0x21/0x24 [pid 306] <... mount resumed>) = 0 [pid 306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file0") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [ 36.477802][ T306] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 36.481095][ T316] dump_stack_lvl+0xee/0x150 [ 36.492398][ T306] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 36.493104][ T316] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.504775][ T316] ? __kasan_check_write+0x14/0x20 [ 36.509908][ T316] dump_stack+0x15/0x24 [ 36.514076][ T316] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 36.519644][ T316] f2fs_is_valid_blkaddr+0x23/0x30 [ 36.524776][ T316] sanity_check_extent_cache+0x1c5/0x480 [ 36.530421][ T316] f2fs_iget+0x3312/0x4cb0 [pid 306] truncate("./file3", 7326 [pid 302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 302] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 302] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[329]}, 88) = 329 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 36.534873][ T316] f2fs_lookup+0x366/0xab0 [ 36.539315][ T316] ? __cfi_f2fs_lookup+0x10/0x10 [ 36.544262][ T316] ? __cfi_d_alloc_parallel+0x10/0x10 [ 36.549655][ T316] ? __cfi_f2fs_lookup+0x10/0x10 [ 36.554599][ T316] path_openat+0xff3/0x2f50 [ 36.559122][ T316] ? do_filp_open+0x3c0/0x3c0 [ 36.564016][ T316] do_filp_open+0x1c1/0x3c0 [ 36.568599][ T316] ? __cfi_do_filp_open+0x10/0x10 [ 36.573651][ T316] ? alloc_fd+0x4e6/0x590 [ 36.578002][ T316] do_sys_openat2+0x185/0x7e0 [ 36.582710][ T316] ? _raw_spin_unlock_irq+0x4d/0x70 [pid 329] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] exit_group(0 [pid 297] <... futex resumed>) = ? [pid 296] <... exit_group resumed>) = ? [pid 297] +++ exited with 0 +++ [ 36.587922][ T316] ? ptrace_notify+0x1d1/0x250 [ 36.592695][ T316] ? do_sys_open+0xe0/0xe0 [ 36.597113][ T316] ? __cfi_ptrace_notify+0x10/0x10 [ 36.602228][ T316] ? xfd_validate_state+0x70/0x150 [ 36.607345][ T316] __x64_sys_openat+0x136/0x160 [ 36.612206][ T316] x64_sys_call+0x783/0x9a0 [ 36.616723][ T316] do_syscall_64+0x4c/0xa0 [ 36.621141][ T316] ? clear_bhb_loop+0x15/0x70 [ 36.625924][ T316] ? clear_bhb_loop+0x15/0x70 [ 36.630605][ T316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.636511][ T316] RIP: 0033:0x7f70b9100b89 [ 36.640930][ T316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.660711][ T316] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 36.669177][ T316] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 36.677269][ T316] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 36.685422][ T316] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 36.693408][ T316] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 36.701419][ T316] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 36.709404][ T316] [ 36.714508][ T304] F2FS-fs (loop0): Found nat_bits in checkpoint [ 36.715917][ T316] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 316] <... openat resumed>) = ? [pid 302] exit_group(0) = ? [ 36.724146][ T303] F2FS-fs (loop1): Found nat_bits in checkpoint [ 36.735965][ T306] CPU: 0 PID: 306 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 36.742491][ T305] F2FS-fs (loop3): Found nat_bits in checkpoint [ 36.750485][ T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.766761][ T306] Call Trace: [ 36.770048][ T306] [ 36.772981][ T306] __dump_stack+0x21/0x24 [ 36.777321][ T306] dump_stack_lvl+0xee/0x150 [ 36.781929][ T306] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.786957][ T306] ? __kasan_check_write+0x14/0x20 [ 36.792071][ T306] dump_stack+0x15/0x24 [ 36.796232][ T306] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 36.801789][ T306] f2fs_is_valid_blkaddr+0x23/0x30 [ 36.806898][ T306] sanity_check_extent_cache+0x1c5/0x480 [ 36.812534][ T306] f2fs_iget+0x3312/0x4cb0 [ 36.816961][ T306] f2fs_lookup+0x366/0xab0 [ 36.821366][ T306] ? __cfi_f2fs_lookup+0x10/0x10 [ 36.826308][ T306] ? __cfi_d_alloc_parallel+0x10/0x10 [ 36.831682][ T306] ? __cfi_lockref_get_not_dead+0x10/0x10 [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [ 36.837414][ T306] ? downgrade_write+0x350/0x350 [ 36.842381][ T306] __lookup_slow+0x2c7/0x3f0 [ 36.846990][ T306] ? lookup_one_len+0x2d0/0x2d0 [ 36.851855][ T306] ? down_read+0xa0/0xf0 [ 36.856102][ T306] lookup_slow+0x57/0x70 [ 36.860347][ T306] walk_component+0x2f4/0x420 [ 36.861867][ T305] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 36.865042][ T306] path_lookupat+0x180/0x490 [ 36.865071][ T306] filename_lookup+0x1f0/0x500 [ 36.881935][ T306] ? __cfi_filename_lookup+0x10/0x10 [pid 305] close(4) = 0 [pid 305] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] truncate("./file3", 7326 [pid 316] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=30, si_stime=34} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 36.887235][ T306] ? strncpy_from_user+0x17a/0x2d0 [ 36.892376][ T306] user_path_at_empty+0x47/0x1c0 [ 36.892922][ T305] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 36.897332][ T306] do_sys_truncate+0xa3/0x190 [ 36.897368][ T306] ? __cfi_do_sys_truncate+0x10/0x10 [ 36.913981][ T306] ? fpregs_restore_userregs+0x128/0x260 [ 36.919614][ T306] __x64_sys_truncate+0x5b/0x70 [ 36.924464][ T306] x64_sys_call+0x679/0x9a0 [ 36.928957][ T306] do_syscall_64+0x4c/0xa0 [ 36.933455][ T306] ? clear_bhb_loop+0x15/0x70 [pid 295] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 300] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[334]}, 88) = 334 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 36.937899][ T28] audit: type=1400 audit(1750204223.632:70): avc: denied { unmount } for pid=295 comm="syz-executor213" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 36.938128][ T306] ? clear_bhb_loop+0x15/0x70 [ 36.962383][ T306] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.968306][ T306] RIP: 0033:0x7f70b9100b89 [ 36.972717][ T306] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.992322][ T306] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 37.000734][ T306] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 37.008709][ T306] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 37.016669][ T306] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 37.024637][ T306] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [pid 334] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 37.032614][ T306] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 37.040665][ T306] [ 37.044217][ T305] CPU: 0 PID: 305 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 37.054373][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.064421][ T305] Call Trace: [ 37.067681][ T305] [ 37.070600][ T305] __dump_stack+0x21/0x24 [ 37.074927][ T305] dump_stack_lvl+0xee/0x150 [ 37.079505][ T305] ? __cfi_dump_stack_lvl+0x8/0x8 [ 37.084513][ T305] ? __kasan_check_write+0x14/0x20 [ 37.089612][ T305] dump_stack+0x15/0x24 [ 37.093753][ T305] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 37.099301][ T305] f2fs_is_valid_blkaddr+0x23/0x30 [ 37.104394][ T305] sanity_check_extent_cache+0x1c5/0x480 [ 37.110011][ T305] f2fs_iget+0x3312/0x4cb0 [ 37.114417][ T305] f2fs_lookup+0x366/0xab0 [ 37.118817][ T305] ? __cfi_f2fs_lookup+0x10/0x10 [ 37.123736][ T305] ? __cfi_d_alloc_parallel+0x10/0x10 [ 37.129095][ T305] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 37.134805][ T305] ? downgrade_write+0x350/0x350 [ 37.139735][ T305] __lookup_slow+0x2c7/0x3f0 [ 37.144314][ T305] ? lookup_one_len+0x2d0/0x2d0 [ 37.149156][ T305] ? down_read+0xa0/0xf0 [ 37.153382][ T305] lookup_slow+0x57/0x70 [ 37.157621][ T305] walk_component+0x2f4/0x420 [ 37.162304][ T305] path_lookupat+0x180/0x490 [ 37.166895][ T305] filename_lookup+0x1f0/0x500 [ 37.171658][ T305] ? __cfi_filename_lookup+0x10/0x10 [ 37.176954][ T305] ? strncpy_from_user+0x17a/0x2d0 [ 37.182068][ T305] user_path_at_empty+0x47/0x1c0 [ 37.187700][ T305] do_sys_truncate+0xa3/0x190 [ 37.192481][ T305] ? __cfi_do_sys_truncate+0x10/0x10 [ 37.197876][ T305] ? fpregs_restore_userregs+0x128/0x260 [ 37.204128][ T305] __x64_sys_truncate+0x5b/0x70 [ 37.208996][ T305] x64_sys_call+0x679/0x9a0 [ 37.213686][ T305] do_syscall_64+0x4c/0xa0 [ 37.218153][ T305] ? clear_bhb_loop+0x15/0x70 [ 37.222832][ T305] ? clear_bhb_loop+0x15/0x70 [ 37.227508][ T305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 37.233509][ T305] RIP: 0033:0x7f70b9100b89 [ 37.237920][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 37.257513][ T305] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 37.266359][ T305] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 37.274351][ T305] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 37.282403][ T305] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 37.291244][ T305] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 37.299288][ T305] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 37.307279][ T305] [ 37.313023][ T305] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 37.313141][ T304] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 306] <... truncate resumed>) = ? [pid 305] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 306] +++ exited with 0 +++ [pid 305] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... mount resumed>) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [ 37.326136][ T306] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 37.333596][ T303] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 37.356523][ T304] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 37.363552][ T304] CPU: 0 PID: 304 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 37.371398][ T334] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 37.373801][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.373812][ T304] Call Trace: [ 37.381260][ T329] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 37.390518][ T304] [ 37.390527][ T304] __dump_stack+0x21/0x24 [ 37.407652][ T304] dump_stack_lvl+0xee/0x150 [ 37.412240][ T304] ? __cfi_dump_stack_lvl+0x8/0x8 [ 37.417257][ T304] ? __kasan_check_write+0x14/0x20 [ 37.422358][ T304] dump_stack+0x15/0x24 [ 37.426506][ T304] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 37.432033][ T304] f2fs_is_valid_blkaddr+0x23/0x30 [ 37.437165][ T304] sanity_check_extent_cache+0x1c5/0x480 [ 37.442783][ T304] f2fs_iget+0x3312/0x4cb0 [ 37.447194][ T304] f2fs_lookup+0x366/0xab0 [ 37.451596][ T304] ? __cfi_f2fs_lookup+0x10/0x10 [ 37.456515][ T304] ? __cfi_d_alloc_parallel+0x10/0x10 [ 37.461872][ T304] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 37.467577][ T304] ? downgrade_write+0x350/0x350 [ 37.472504][ T304] __lookup_slow+0x2c7/0x3f0 [ 37.477081][ T304] ? lookup_one_len+0x2d0/0x2d0 [ 37.481915][ T304] ? down_read+0xa0/0xf0 [ 37.486142][ T304] lookup_slow+0x57/0x70 [ 37.490365][ T304] walk_component+0x2f4/0x420 [ 37.495025][ T304] path_lookupat+0x180/0x490 [ 37.499605][ T304] filename_lookup+0x1f0/0x500 [ 37.504356][ T304] ? __cfi_filename_lookup+0x10/0x10 [ 37.509627][ T304] ? strncpy_from_user+0x17a/0x2d0 [ 37.514728][ T304] user_path_at_empty+0x47/0x1c0 [ 37.519649][ T304] do_sys_truncate+0xa3/0x190 [ 37.524322][ T304] ? __cfi_do_sys_truncate+0x10/0x10 [ 37.529603][ T304] ? fpregs_restore_userregs+0x128/0x260 [ 37.535225][ T304] __x64_sys_truncate+0x5b/0x70 [ 37.540070][ T304] x64_sys_call+0x679/0x9a0 [ 37.544570][ T304] do_syscall_64+0x4c/0xa0 [ 37.548971][ T304] ? clear_bhb_loop+0x15/0x70 [ 37.553630][ T304] ? clear_bhb_loop+0x15/0x70 [ 37.558301][ T304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 37.564197][ T304] RIP: 0033:0x7f70b9100b89 [ 37.568592][ T304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 304] truncate("./file3", 7326 [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 301] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[335]}, 88) = 335 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 37.588265][ T304] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 37.596663][ T304] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 37.604616][ T304] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 37.612570][ T304] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 37.620522][ T304] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 37.628477][ T304] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 37.636439][ T304] [ 37.642784][ T334] CPU: 0 PID: 334 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 37.652949][ T334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.662999][ T334] Call Trace: [ 37.666278][ T334] [ 37.669215][ T334] __dump_stack+0x21/0x24 [ 37.673542][ T334] dump_stack_lvl+0xee/0x150 [ 37.678216][ T334] ? __cfi_dump_stack_lvl+0x8/0x8 [ 37.683325][ T334] ? __kasan_check_write+0x14/0x20 [ 37.688433][ T334] dump_stack+0x15/0x24 [ 37.692579][ T334] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 37.698113][ T334] f2fs_is_valid_blkaddr+0x23/0x30 [ 37.703214][ T334] sanity_check_extent_cache+0x1c5/0x480 [ 37.708840][ T334] f2fs_iget+0x3312/0x4cb0 [ 37.713260][ T334] f2fs_lookup+0x366/0xab0 [ 37.717686][ T334] ? __cfi_f2fs_lookup+0x10/0x10 [ 37.722611][ T334] ? __cfi_d_alloc_parallel+0x10/0x10 [ 37.727984][ T334] ? __cfi_f2fs_lookup+0x10/0x10 [ 37.733010][ T334] path_openat+0xff3/0x2f50 [ 37.737528][ T334] ? do_filp_open+0x3c0/0x3c0 [ 37.742203][ T334] do_filp_open+0x1c1/0x3c0 [ 37.746696][ T334] ? __cfi_do_filp_open+0x10/0x10 [ 37.751711][ T334] ? alloc_fd+0x4e6/0x590 [ 37.756039][ T334] do_sys_openat2+0x185/0x7e0 [ 37.760711][ T334] ? _raw_spin_unlock_irq+0x4d/0x70 [ 37.765905][ T334] ? ptrace_notify+0x1d1/0x250 [ 37.770663][ T334] ? do_sys_open+0xe0/0xe0 [ 37.775068][ T334] ? __cfi_ptrace_notify+0x10/0x10 [ 37.780257][ T334] ? xfd_validate_state+0x70/0x150 [ 37.785366][ T334] __x64_sys_openat+0x136/0x160 [ 37.790205][ T334] x64_sys_call+0x783/0x9a0 [ 37.794700][ T334] do_syscall_64+0x4c/0xa0 [ 37.799118][ T334] ? clear_bhb_loop+0x15/0x70 [ 37.803784][ T334] ? clear_bhb_loop+0x15/0x70 [ 37.808545][ T334] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 37.814623][ T334] RIP: 0033:0x7f70b9100b89 [ 37.819034][ T334] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 301] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 303] <... mount resumed>) = 0 [pid 335] set_robust_list(0x7f70b909c9a0, 24 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 335] <... set_robust_list resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 335] rt_sigprocmask(SIG_SETMASK, [], [pid 303] chdir("./file0" [pid 335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... chdir resumed>) = 0 [pid 335] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [ 37.841067][ T334] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 37.849485][ T334] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 37.857462][ T334] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 37.865433][ T334] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 37.873402][ T334] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 37.881364][ T334] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 37.889380][ T334] [ 37.895081][ T334] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 37.902138][ T329] CPU: 1 PID: 329 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 37.909064][ T304] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 37.919140][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.919157][ T329] Call Trace: [ 37.919162][ T329] [ 37.919169][ T329] __dump_stack+0x21/0x24 [ 37.919195][ T329] dump_stack_lvl+0xee/0x150 [ 37.919214][ T329] ? __cfi_dump_stack_lvl+0x8/0x8 [ 37.919231][ T329] ? __kasan_check_write+0x14/0x20 [ 37.967880][ T329] dump_stack+0x15/0x24 [ 37.972049][ T329] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 37.977605][ T329] f2fs_is_valid_blkaddr+0x23/0x30 [ 37.982729][ T329] sanity_check_extent_cache+0x1c5/0x480 [ 37.988375][ T329] f2fs_iget+0x3312/0x4cb0 [pid 303] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 334] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 334] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f70b91996b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] exit_group(0 [pid 334] <... futex resumed>) = ? [pid 305] <... futex resumed>) = ? [pid 300] <... exit_group resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ [pid 304] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 304] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=33, si_stime=42} --- [pid 303] close(4 [pid 294] restart_syscall(<... resuming interrupted clone ...> [pid 303] <... close resumed>) = 0 [pid 294] <... restart_syscall resumed>) = 0 [pid 303] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] <... futex resumed>) = 0 [pid 303] truncate("./file3", 7326 [pid 299] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... futex resumed>) = 0 [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 37.992820][ T329] f2fs_lookup+0x366/0xab0 [ 37.997236][ T329] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.002185][ T329] ? __cfi_d_alloc_parallel+0x10/0x10 [ 38.007576][ T329] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.012535][ T329] path_openat+0xff3/0x2f50 [ 38.017133][ T329] ? do_filp_open+0x3c0/0x3c0 [ 38.021822][ T329] do_filp_open+0x1c1/0x3c0 [ 38.021915][ T335] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 38.026858][ T329] ? __cfi_do_filp_open+0x10/0x10 [ 38.026881][ T329] ? alloc_fd+0x4e6/0x590 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] exit_group(0 [pid 304] <... futex resumed>) = ? [pid 301] <... exit_group resumed>) = ? [pid 304] +++ exited with 0 +++ [ 38.035340][ T303] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 38.038742][ T329] do_sys_openat2+0x185/0x7e0 [ 38.054568][ T329] ? _raw_spin_unlock_irq+0x4d/0x70 [ 38.059820][ T329] ? ptrace_notify+0x1d1/0x250 [ 38.064864][ T329] ? do_sys_open+0xe0/0xe0 [ 38.069460][ T329] ? __cfi_ptrace_notify+0x10/0x10 [ 38.074599][ T329] ? xfd_validate_state+0x70/0x150 [ 38.079723][ T329] __x64_sys_openat+0x136/0x160 [ 38.084572][ T329] x64_sys_call+0x783/0x9a0 [ 38.089086][ T329] do_syscall_64+0x4c/0xa0 [ 38.093676][ T329] ? clear_bhb_loop+0x15/0x70 [ 38.098369][ T329] ? clear_bhb_loop+0x15/0x70 [ 38.103052][ T329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 38.108972][ T329] RIP: 0033:0x7f70b9100b89 [ 38.113388][ T329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 38.133007][ T329] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 299] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[336]}, 88) = 336 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 337 [ 38.141420][ T329] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 38.149407][ T329] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 38.157380][ T329] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 38.165356][ T329] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 38.173324][ T329] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 38.181302][ T329] [ 38.184316][ T335] CPU: 0 PID: 335 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 38.194503][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.202007][ T329] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 38.204573][ T335] Call Trace: [ 38.221194][ T335] [ 38.224125][ T335] __dump_stack+0x21/0x24 [ 38.228568][ T335] dump_stack_lvl+0xee/0x150 [ 38.233147][ T335] ? __cfi_dump_stack_lvl+0x8/0x8 [ 38.238272][ T335] ? __kasan_check_write+0x14/0x20 [ 38.243391][ T335] dump_stack+0x15/0x24 [ 38.247729][ T335] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 38.253919][ T335] f2fs_is_valid_blkaddr+0x23/0x30 [ 38.259140][ T335] sanity_check_extent_cache+0x1c5/0x480 [ 38.264771][ T335] f2fs_iget+0x3312/0x4cb0 [ 38.269187][ T335] f2fs_lookup+0x366/0xab0 [ 38.273595][ T335] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.278525][ T335] ? __cfi_d_alloc_parallel+0x10/0x10 [ 38.283897][ T335] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.288829][ T335] path_openat+0xff3/0x2f50 [ 38.293330][ T335] ? do_filp_open+0x3c0/0x3c0 [ 38.297996][ T335] do_filp_open+0x1c1/0x3c0 [ 38.302489][ T335] ? __cfi_do_filp_open+0x10/0x10 [ 38.307512][ T335] ? alloc_fd+0x4e6/0x590 [ 38.311855][ T335] do_sys_openat2+0x185/0x7e0 [ 38.316537][ T335] ? _raw_spin_unlock_irq+0x4d/0x70 [ 38.321738][ T335] ? ptrace_notify+0x1d1/0x250 [ 38.326521][ T335] ? do_sys_open+0xe0/0xe0 [ 38.330939][ T335] ? __cfi_ptrace_notify+0x10/0x10 [ 38.336149][ T335] ? xfd_validate_state+0x70/0x150 [ 38.341273][ T335] __x64_sys_openat+0x136/0x160 [ 38.346303][ T335] x64_sys_call+0x783/0x9a0 [ 38.350804][ T335] do_syscall_64+0x4c/0xa0 [ 38.355266][ T335] ? clear_bhb_loop+0x15/0x70 [ 38.359942][ T335] ? clear_bhb_loop+0x15/0x70 [ 38.364611][ T335] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 38.370503][ T335] RIP: 0033:0x7f70b9100b89 [ 38.374932][ T335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 executing program ./strace-static-x86_64: Process 337 attached ./strace-static-x86_64: Process 336 attached [pid 329] <... openat resumed>) = ? [pid 337] set_robust_list(0x55557e3516a0, 24 [pid 336] set_robust_list(0x7f70b909c9a0, 24 [pid 329] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ [pid 337] <... set_robust_list resumed>) = 0 [pid 336] <... set_robust_list resumed>) = 0 [pid 337] chdir("./1" [pid 336] rt_sigprocmask(SIG_SETMASK, [], [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=28, si_stime=77} --- [pid 337] <... chdir resumed>) = 0 [pid 336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 336] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 337] <... prctl resumed>) = 0 [pid 293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 337] setpgid(0, 0 [pid 293] <... openat resumed>) = 3 [pid 337] <... setpgid resumed>) = 0 [pid 293] newfstatat(3, "", [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 337] <... openat resumed>) = 3 [pid 293] getdents64(3, [pid 337] write(3, "1000", 4 [pid 293] <... getdents64 resumed>0x55557e352730 /* 4 entries */, 32768) = 112 [pid 337] <... write resumed>) = 4 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] write(1, "executing program\n", 18) = 18 [pid 337] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 337] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[338]}, 88) = 338 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 38.394542][ T335] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 38.402956][ T335] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 38.411097][ T335] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 38.419066][ T335] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 38.427119][ T335] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 38.435085][ T335] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 38.443059][ T335] [ 38.446076][ T303] CPU: 1 PID: 303 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 38.456233][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.466289][ T303] Call Trace: [ 38.469558][ T303] [ 38.472472][ T303] __dump_stack+0x21/0x24 [ 38.476796][ T303] dump_stack_lvl+0xee/0x150 [ 38.481378][ T303] ? __cfi_dump_stack_lvl+0x8/0x8 [ 38.486394][ T303] ? __kasan_check_write+0x14/0x20 [ 38.491498][ T303] dump_stack+0x15/0x24 [ 38.495732][ T303] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 38.501271][ T303] f2fs_is_valid_blkaddr+0x23/0x30 [ 38.506436][ T303] sanity_check_extent_cache+0x1c5/0x480 [ 38.512056][ T303] f2fs_iget+0x3312/0x4cb0 [ 38.516469][ T303] f2fs_lookup+0x366/0xab0 [ 38.520884][ T303] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.525806][ T303] ? __cfi_d_alloc_parallel+0x10/0x10 [ 38.531166][ T303] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 38.536869][ T303] ? downgrade_write+0x350/0x350 [ 38.541805][ T303] __lookup_slow+0x2c7/0x3f0 [ 38.546386][ T303] ? lookup_one_len+0x2d0/0x2d0 [ 38.551224][ T303] ? down_read+0xa0/0xf0 [ 38.555455][ T303] lookup_slow+0x57/0x70 [ 38.559681][ T303] walk_component+0x2f4/0x420 [ 38.564382][ T303] path_lookupat+0x180/0x490 [ 38.568958][ T303] filename_lookup+0x1f0/0x500 [ 38.573709][ T303] ? __cfi_filename_lookup+0x10/0x10 [ 38.578988][ T303] ? strncpy_from_user+0x17a/0x2d0 [ 38.584090][ T303] user_path_at_empty+0x47/0x1c0 [ 38.589024][ T303] do_sys_truncate+0xa3/0x190 [ 38.593707][ T303] ? __cfi_do_sys_truncate+0x10/0x10 [ 38.598991][ T303] ? fpregs_restore_userregs+0x128/0x260 [ 38.604611][ T303] __x64_sys_truncate+0x5b/0x70 [ 38.609470][ T303] x64_sys_call+0x679/0x9a0 [ 38.613965][ T303] do_syscall_64+0x4c/0xa0 [ 38.618382][ T303] ? clear_bhb_loop+0x15/0x70 [ 38.623045][ T303] ? clear_bhb_loop+0x15/0x70 [ 38.628229][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 38.634112][ T303] RIP: 0033:0x7f70b9100b89 [ 38.638511][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 38.658107][ T303] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 38.668967][ T303] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 38.676935][ T303] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 38.685066][ T303] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [pid 337] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7f70b90bd9a0, 24 [pid 335] <... openat resumed>) = ? [pid 338] <... set_robust_list resumed>) = 0 [pid 335] +++ exited with 0 +++ [pid 301] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=24, si_stime=49} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 303] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 38.693064][ T303] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 38.701037][ T303] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 38.709011][ T303] [ 38.712101][ T335] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 38.716383][ T303] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 38.740864][ T336] F2FS-fs (loop1): access invalid blkaddr:2147563524 [pid 303] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] memfd_create("syzkaller", 0) = 3 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [ 38.749175][ T336] CPU: 1 PID: 336 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 38.759500][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.769566][ T336] Call Trace: [ 38.772848][ T336] [ 38.775781][ T336] __dump_stack+0x21/0x24 [ 38.780129][ T336] dump_stack_lvl+0xee/0x150 [ 38.784728][ T336] ? __cfi_dump_stack_lvl+0x8/0x8 [ 38.789772][ T336] ? mutex_unlock+0x89/0x220 [ 38.794383][ T336] ? __kasan_check_write+0x14/0x20 [ 38.799508][ T336] dump_stack+0x15/0x24 [ 38.803696][ T336] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 38.809253][ T336] f2fs_is_valid_blkaddr+0x23/0x30 [ 38.814479][ T336] sanity_check_extent_cache+0x1c5/0x480 [ 38.820147][ T336] f2fs_iget+0x3312/0x4cb0 [ 38.824591][ T336] f2fs_lookup+0x366/0xab0 [ 38.829010][ T336] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.833950][ T336] ? __cfi_d_alloc_parallel+0x10/0x10 [ 38.839333][ T336] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.844269][ T336] path_openat+0xff3/0x2f50 [ 38.848758][ T336] ? do_filp_open+0x3c0/0x3c0 [ 38.853425][ T336] do_filp_open+0x1c1/0x3c0 [ 38.857915][ T336] ? __cfi_do_filp_open+0x10/0x10 [ 38.862938][ T336] ? alloc_fd+0x4e6/0x590 [ 38.867277][ T336] do_sys_openat2+0x185/0x7e0 [ 38.872525][ T336] ? _raw_spin_unlock_irq+0x4d/0x70 [ 38.877738][ T336] ? ptrace_notify+0x1d1/0x250 [ 38.882600][ T336] ? do_sys_open+0xe0/0xe0 [ 38.887026][ T336] ? __cfi_ptrace_notify+0x10/0x10 [ 38.892216][ T336] ? xfd_validate_state+0x70/0x150 [ 38.897346][ T336] __x64_sys_openat+0x136/0x160 [ 38.902184][ T336] x64_sys_call+0x783/0x9a0 [ 38.907383][ T336] do_syscall_64+0x4c/0xa0 [ 38.911981][ T336] ? clear_bhb_loop+0x15/0x70 [ 38.916770][ T336] ? clear_bhb_loop+0x15/0x70 [ 38.921910][ T336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 38.927892][ T336] RIP: 0033:0x7f70b9100b89 [ 38.932294][ T336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 38.951899][ T336] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 38.960344][ T336] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 38.968301][ T336] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 38.976266][ T336] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 38.984248][ T336] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 38.992235][ T336] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 39.000206][ T336] [ 39.007416][ T336] ================================================================== [ 39.015736][ T336] BUG: KASAN: use-after-free in sanity_check_extent_cache+0x3cc/0x480 [ 39.023900][ T336] Read of size 4 at addr ffff888107ec5b88 by task syz-executor213/336 [ 39.032050][ T336] [ 39.034369][ T336] CPU: 1 PID: 336 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 39.044517][ T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.054589][ T336] Call Trace: [ 39.057873][ T336] [ 39.060809][ T336] __dump_stack+0x21/0x24 [ 39.065148][ T336] dump_stack_lvl+0xee/0x150 [ 39.069762][ T336] ? __cfi_dump_stack_lvl+0x8/0x8 [ 39.074815][ T336] ? dump_stack_lvl+0x122/0x150 [ 39.079702][ T336] ? sanity_check_extent_cache+0x3cc/0x480 [ 39.085612][ T336] print_address_description+0x71/0x210 [ 39.091170][ T336] print_report+0x4a/0x60 [ 39.095504][ T336] kasan_report+0x122/0x150 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./0/file0") = 0 [pid 294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./0/binderfs") = 0 [pid 294] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./0") = 0 [pid 294] mkdir("./1", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 39.100010][ T336] ? sanity_check_extent_cache+0x3cc/0x480 [ 39.105822][ T336] __asan_report_load4_noabort+0x14/0x20 [ 39.111637][ T336] sanity_check_extent_cache+0x3cc/0x480 [ 39.117277][ T336] f2fs_iget+0x3312/0x4cb0 [ 39.121761][ T336] f2fs_lookup+0x366/0xab0 [ 39.126183][ T336] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.131212][ T336] ? __cfi_d_alloc_parallel+0x10/0x10 [ 39.136598][ T336] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.142101][ T336] path_openat+0xff3/0x2f50 [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 339 [ 39.147257][ T336] ? do_filp_open+0x3c0/0x3c0 [ 39.152042][ T336] do_filp_open+0x1c1/0x3c0 [ 39.156571][ T336] ? __cfi_do_filp_open+0x10/0x10 [ 39.161628][ T336] ? alloc_fd+0x4e6/0x590 [ 39.165986][ T336] do_sys_openat2+0x185/0x7e0 [ 39.170684][ T336] ? _raw_spin_unlock_irq+0x4d/0x70 [ 39.175908][ T336] ? ptrace_notify+0x1d1/0x250 [ 39.180685][ T336] ? do_sys_open+0xe0/0xe0 [ 39.185121][ T336] ? __cfi_ptrace_notify+0x10/0x10 [ 39.190255][ T336] ? xfd_validate_state+0x70/0x150 [ 39.195389][ T336] __x64_sys_openat+0x136/0x160 [ 39.200248][ T336] x64_sys_call+0x783/0x9a0 [ 39.204770][ T336] do_syscall_64+0x4c/0xa0 [ 39.209246][ T336] ? clear_bhb_loop+0x15/0x70 [ 39.214009][ T336] ? clear_bhb_loop+0x15/0x70 [ 39.218685][ T336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.224582][ T336] RIP: 0033:0x7f70b9100b89 [ 39.228997][ T336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 39.248956][ T336] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 39.257393][ T336] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 39.265384][ T336] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 39.273387][ T336] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 39.281396][ T336] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 39.289363][ T336] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 39.297342][ T336] [ 39.300354][ T336] [ 39.302674][ T336] Allocated by task 303: [ 39.306897][ T336] kasan_set_track+0x4b/0x70 [ 39.311480][ T336] kasan_save_alloc_info+0x25/0x30 [ 39.316580][ T336] __kasan_slab_alloc+0x72/0x80 [ 39.321416][ T336] slab_post_alloc_hook+0x4f/0x2d0 [ 39.326620][ T336] kmem_cache_alloc+0x16e/0x330 [ 39.331468][ T336] __grab_extent_tree+0x19d/0x430 [ 39.336516][ T336] f2fs_init_read_extent_tree+0x3d4/0x7e0 [ 39.342242][ T336] f2fs_iget+0x3302/0x4cb0 [ 39.346643][ T336] f2fs_lookup+0x366/0xab0 [ 39.351040][ T336] __lookup_slow+0x2c7/0x3f0 [ 39.355706][ T336] lookup_slow+0x57/0x70 [ 39.359945][ T336] walk_component+0x2f4/0x420 [ 39.364622][ T336] path_lookupat+0x180/0x490 [ 39.369205][ T336] filename_lookup+0x1f0/0x500 [ 39.373956][ T336] user_path_at_empty+0x47/0x1c0 [ 39.378878][ T336] do_sys_truncate+0xa3/0x190 [ 39.383632][ T336] __x64_sys_truncate+0x5b/0x70 [ 39.388473][ T336] x64_sys_call+0x679/0x9a0 [ 39.393047][ T336] do_syscall_64+0x4c/0xa0 [ 39.397479][ T336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.403374][ T336] [ 39.405682][ T336] Freed by task 303: [ 39.409556][ T336] kasan_set_track+0x4b/0x70 [ 39.414252][ T336] kasan_save_free_info+0x31/0x50 [ 39.419295][ T336] ____kasan_slab_free+0x132/0x180 [ 39.424389][ T336] __kasan_slab_free+0x11/0x20 [ 39.429158][ T336] slab_free_freelist_hook+0xc2/0x190 [ 39.434523][ T336] kmem_cache_free+0x12d/0x300 [ 39.439275][ T336] __destroy_extent_tree+0x305/0x500 [ 39.444930][ T336] f2fs_destroy_extent_tree+0x17/0x30 [ 39.450319][ T336] f2fs_evict_inode+0x4eb/0x14f0 [ 39.455349][ T336] evict+0x493/0x890 [ 39.459239][ T336] iput+0x620/0x670 [ 39.463030][ T336] iget_failed+0x17a/0x1c0 [ 39.467521][ T336] f2fs_iget+0x218c/0x4cb0 [ 39.472012][ T336] f2fs_lookup+0x366/0xab0 [ 39.476410][ T336] __lookup_slow+0x2c7/0x3f0 [ 39.480992][ T336] lookup_slow+0x57/0x70 [ 39.485214][ T336] walk_component+0x2f4/0x420 [ 39.489873][ T336] path_lookupat+0x180/0x490 [ 39.494536][ T336] filename_lookup+0x1f0/0x500 [ 39.499304][ T336] user_path_at_empty+0x47/0x1c0 [ 39.504222][ T336] do_sys_truncate+0xa3/0x190 [ 39.508890][ T336] __x64_sys_truncate+0x5b/0x70 [ 39.513732][ T336] x64_sys_call+0x679/0x9a0 [ 39.518657][ T336] do_syscall_64+0x4c/0xa0 [ 39.523332][ T336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.529664][ T336] [ 39.532196][ T336] The buggy address belongs to the object at ffff888107ec5b40 [ 39.532196][ T336] which belongs to the cache f2fs_extent_tree of size 88 [ 39.547050][ T336] The buggy address is located 72 bytes inside of [ 39.547050][ T336] 88-byte region [ffff888107ec5b40, ffff888107ec5b98) [ 39.560707][ T336] [ 39.564178][ T336] The buggy address belongs to the physical page: [ 39.570772][ T336] page:ffffea00041fb140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107ec5 [ 39.581585][ T336] flags: 0x4000000000000200(slab|zone=1) [ 39.587366][ T336] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888112423800 [ 39.596513][ T336] raw: 0000000000000000 0000000080220022 00000001ffffffff 0000000000000000 [ 39.605740][ T336] page dumped because: kasan: bad access detected [ 39.613165][ T336] page_owner tracks the page as allocated [ 39.619063][ T336] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 297, tgid 296 (syz-executor213), ts 36043269780, free_ts 0 [ 39.640802][ T336] post_alloc_hook+0x1f5/0x210 [ 39.645787][ T336] prep_new_page+0x1c/0x110 [ 39.650492][ T336] get_page_from_freelist+0x2c7b/0x2cf0 [ 39.657353][ T336] __alloc_pages+0x19e/0x3a0 [ 39.662031][ T336] alloc_slab_page+0x6e/0xf0 [ 39.666962][ T336] new_slab+0x98/0x3d0 [ 39.671582][ T336] ___slab_alloc+0x6f6/0xb50 [ 39.676260][ T336] __slab_alloc+0x5e/0xa0 [ 39.680769][ T336] kmem_cache_alloc+0x1b0/0x330 [ 39.686039][ T336] __grab_extent_tree+0x19d/0x430 [ 39.691047][ T336] f2fs_init_read_extent_tree+0x3d4/0x7e0 [ 39.696834][ T336] f2fs_iget+0x3302/0x4cb0 [ 39.701304][ T336] f2fs_lookup+0x366/0xab0 [ 39.705710][ T336] __lookup_slow+0x2c7/0x3f0 [ 39.710381][ T336] lookup_slow+0x57/0x70 [ 39.714751][ T336] walk_component+0x2f4/0x420 [ 39.719450][ T336] page_owner free stack trace missing [ 39.725500][ T336] [ 39.727813][ T336] Memory state around the buggy address: [ 39.733652][ T336] ffff888107ec5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.742501][ T336] ffff888107ec5b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [pid 299] exit_group(0 [pid 303] <... futex resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 292] kill(-299, SIGKILL) = 0 [pid 292] kill(299, SIGKILL) = 0 [ 39.750796][ T336] >ffff888107ec5b80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.759683][ T336] ^ [ 39.764013][ T336] ffff888107ec5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.772067][ T336] ffff888107ec5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.780661][ T336] ================================================================== ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x55557e3516a0, 24) = 0 [pid 339] chdir("./1") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18executing program ) = 18 [pid 339] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 339] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[340]}, 88) = 340 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] memfd_create("syzkaller", 0) = 3 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [ 39.795707][ T28] audit: type=1400 audit(1750204226.492:71): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 39.865502][ T28] audit: type=1400 audit(1750204226.512:72): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [pid 292] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x55557e352730 /* 2 entries */, 32768) = 48 [pid 292] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [ 39.937780][ T28] audit: type=1400 audit(1750204226.512:73): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 40.014912][ T28] audit: type=1400 audit(1750204226.512:74): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 executing program [pid 293] <... umount2 resumed>) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./0/file0") = 0 [pid 293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./0/binderfs") = 0 [pid 293] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./0") = 0 [pid 293] mkdir("./1", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x55557e3516a0, 24) = 0 [pid 341] chdir("./1") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] write(1, "executing program\n", 18) = 18 [pid 341] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 341] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[342]}, 88) = 342 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] memfd_create("syzkaller", 0) = 3 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [ 40.091312][ T28] audit: type=1400 audit(1750204226.512:75): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./0/file0") = 0 [pid 291] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./0/binderfs") = 0 [pid 291] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./0") = 0 [pid 291] mkdir("./1", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 343 [ 40.155656][ T28] audit: type=1400 audit(1750204226.512:76): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x55557e3516a0, 24) = 0 [pid 343] chdir("./1") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 343] write(1, "executing program\n", 18executing program ) = 18 [pid 343] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 343] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[344]}, 88) = 344 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] memfd_create("syzkaller", 0) = 3 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [ 40.221353][ T28] audit: type=1400 audit(1750204226.512:77): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 338] <... write resumed>) = 67108864 [pid 338] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 338] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] close(4) = 0 [pid 338] mkdir("./file0", 0777) = 0 [ 40.921555][ T338] loop4: detected capacity change from 0 to 131072 [ 40.939576][ T338] F2FS-fs (loop4): invalid crc value [ 40.977107][ T338] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 338] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 338] <... mount resumed>) = 0 [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 338] chdir("./file0") = 0 [pid 338] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... futex resumed>) = 0 [pid 337] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 1 [ 41.051261][ T338] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 41.079816][ T338] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 41.091193][ T338] CPU: 1 PID: 338 Comm: syz-executor213 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 338] truncate("./file3", 7326 [pid 342] <... write resumed>) = 67108864 [ 41.101396][ T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.111458][ T338] Call Trace: [ 41.114739][ T338] [ 41.117672][ T338] __dump_stack+0x21/0x24 [ 41.122018][ T338] dump_stack_lvl+0xee/0x150 [ 41.126621][ T338] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.131659][ T338] ? __kasan_check_write+0x14/0x20 [ 41.136783][ T338] dump_stack+0x15/0x24 [ 41.140946][ T338] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 41.146496][ T338] f2fs_is_valid_blkaddr+0x23/0x30 [pid 342] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 342] close(3) = 0 [pid 342] close(4) = 0 [pid 342] mkdir("./file0", 0777) = 0 [ 41.151618][ T338] sanity_check_extent_cache+0x1c5/0x480 [ 41.155945][ T342] loop2: detected capacity change from 0 to 131072 [ 41.157282][ T338] f2fs_iget+0x3312/0x4cb0 [ 41.168161][ T338] f2fs_lookup+0x366/0xab0 [ 41.172591][ T338] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.177544][ T338] ? __cfi_d_alloc_parallel+0x10/0x10 [ 41.183024][ T338] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 41.184999][ T342] F2FS-fs (loop2): invalid crc value [ 41.188750][ T338] ? downgrade_write+0x350/0x350 [ 41.198955][ T338] __lookup_slow+0x2c7/0x3f0 [ 41.203920][ T338] ? lookup_one_len+0x2d0/0x2d0 [ 41.208851][ T338] ? down_read+0xa0/0xf0 [ 41.213145][ T338] lookup_slow+0x57/0x70 [ 41.217760][ T338] walk_component+0x2f4/0x420 [ 41.222550][ T338] path_lookupat+0x180/0x490 [ 41.227367][ T338] filename_lookup+0x1f0/0x500 [ 41.232328][ T338] ? __cfi_filename_lookup+0x10/0x10 [ 41.237650][ T338] ? strncpy_from_user+0x17a/0x2d0 [ 41.242877][ T338] user_path_at_empty+0x47/0x1c0 [ 41.247831][ T338] do_sys_truncate+0xa3/0x190 [ 41.252534][ T338] ? __cfi_do_sys_truncate+0x10/0x10 [ 41.257837][ T338] ? fpregs_restore_userregs+0x128/0x260 [ 41.263485][ T338] __x64_sys_truncate+0x5b/0x70 [ 41.268353][ T338] x64_sys_call+0x679/0x9a0 [ 41.272875][ T338] do_syscall_64+0x4c/0xa0 [ 41.277309][ T338] ? clear_bhb_loop+0x15/0x70 [ 41.281994][ T338] ? clear_bhb_loop+0x15/0x70 [ 41.286692][ T338] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.292602][ T338] RIP: 0033:0x7f70b9100b89 [pid 342] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 344] <... write resumed>) = 67108864 [ 41.297027][ T338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.316730][ T338] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 41.325192][ T338] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 41.333198][ T338] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 41.341271][ T338] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [pid 344] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 344] close(3) = 0 [pid 344] close(4) = 0 [pid 344] mkdir("./file0", 0777) = 0 [pid 344] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 337] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 337] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[352]}, 88) = 352 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 352 attached [pid 340] <... write resumed>) = 67108864 [ 41.347147][ T344] loop0: detected capacity change from 0 to 131072 [ 41.349242][ T338] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 41.363689][ T338] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 41.370193][ T344] F2FS-fs (loop0): invalid crc value [ 41.371662][ T338] [ 41.386805][ T342] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 352] set_robust_list(0x7f70b909c9a0, 24 [pid 340] munmap(0x7f70b0c9d000, 138412032 [pid 352] <... set_robust_list resumed>) = 0 [pid 340] <... munmap resumed>) = 0 [pid 352] rt_sigprocmask(SIG_SETMASK, [], [pid 340] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 352] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 340] <... openat resumed>) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 338] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 336] <... openat resumed>) = ? [pid 340] <... ioctl resumed>) = 0 [pid 338] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 340] close(3 [pid 338] <... futex resumed>) = 0 [pid 340] <... close resumed>) = 0 [pid 338] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=32, si_stime=73} --- [pid 340] close(4 [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 340] <... close resumed>) = 0 [pid 340] mkdir("./file0", 0777 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 340] <... mkdir resumed>) = 0 [ 41.388612][ T338] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 41.409226][ T336] Disabling lock debugging due to kernel taint [ 41.415745][ T336] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 41.416898][ T344] F2FS-fs (loop0): Found nat_bits in checkpoint [ 41.437971][ T340] loop3: detected capacity change from 0 to 131072 [ 41.438222][ T352] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 41.459688][ T340] F2FS-fs (loop3): invalid crc value [ 41.459768][ T342] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 41.489225][ T352] CPU: 0 PID: 352 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 41.500895][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.510956][ T352] Call Trace: [ 41.514236][ T352] [ 41.517189][ T352] __dump_stack+0x21/0x24 [ 41.521523][ T352] dump_stack_lvl+0xee/0x150 [ 41.526128][ T352] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.531151][ T352] ? __kasan_check_write+0x14/0x20 [ 41.536280][ T352] dump_stack+0x15/0x24 [ 41.540453][ T352] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 41.546006][ T352] f2fs_is_valid_blkaddr+0x23/0x30 [ 41.551141][ T352] sanity_check_extent_cache+0x1c5/0x480 [ 41.556777][ T352] f2fs_iget+0x3312/0x4cb0 [ 41.561211][ T352] f2fs_lookup+0x366/0xab0 [ 41.565644][ T352] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.570576][ T352] ? __cfi_d_alloc_parallel+0x10/0x10 [ 41.575954][ T352] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.580891][ T352] path_openat+0xff3/0x2f50 [ 41.585394][ T342] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 41.585402][ T352] ? do_filp_open+0x3c0/0x3c0 [ 41.596747][ T352] do_filp_open+0x1c1/0x3c0 [ 41.601273][ T352] ? __cfi_do_filp_open+0x10/0x10 [ 41.606311][ T352] ? alloc_fd+0x4e6/0x590 [ 41.610646][ T352] do_sys_openat2+0x185/0x7e0 [ 41.615322][ T352] ? _raw_spin_unlock_irq+0x4d/0x70 [ 41.620534][ T352] ? ptrace_notify+0x1d1/0x250 [ 41.625332][ T352] ? do_sys_open+0xe0/0xe0 [ 41.629766][ T352] ? __cfi_ptrace_notify+0x10/0x10 [ 41.634905][ T352] ? xfd_validate_state+0x70/0x150 [ 41.640022][ T352] __x64_sys_openat+0x136/0x160 [ 41.644883][ T352] x64_sys_call+0x783/0x9a0 [ 41.649401][ T352] do_syscall_64+0x4c/0xa0 [ 41.653813][ T352] ? clear_bhb_loop+0x15/0x70 [ 41.658487][ T352] ? clear_bhb_loop+0x15/0x70 [ 41.663175][ T352] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.669083][ T352] RIP: 0033:0x7f70b9100b89 [ 41.673496][ T352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.693443][ T352] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 41.701858][ T352] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [pid 340] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, ""executing program [pid 342] <... mount resumed>) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 342] chdir("./file0") = 0 [pid 342] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_CLR_FD) = 0 [pid 342] close(4) = 0 [pid 342] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 341] <... futex resumed>) = 0 [pid 342] truncate("./file3", 7326 [pid 341] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 341] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 341] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[359]}, 88) = 359 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./0/file0") = 0 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./0/binderfs") = 0 [pid 292] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./0") = 0 [pid 292] mkdir("./1", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x55557e3516a0, 24) = 0 [pid 360] chdir("./1") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 360] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[361]}, 88) = 361 [pid 360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 360] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.709832][ T352] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 41.717800][ T352] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 41.725763][ T352] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 41.733733][ T352] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 41.741721][ T352] [ 41.744930][ T342] CPU: 1 PID: 342 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 41.756579][ T342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.766629][ T342] Call Trace: [ 41.769891][ T342] [ 41.772818][ T342] __dump_stack+0x21/0x24 [ 41.777182][ T342] dump_stack_lvl+0xee/0x150 [ 41.781756][ T342] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.786763][ T342] ? __kasan_check_write+0x14/0x20 [ 41.791859][ T342] dump_stack+0x15/0x24 [ 41.796000][ T342] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 41.801570][ T342] f2fs_is_valid_blkaddr+0x23/0x30 [ 41.806666][ T342] sanity_check_extent_cache+0x1c5/0x480 [ 41.812291][ T342] f2fs_iget+0x3312/0x4cb0 [ 41.816699][ T342] f2fs_lookup+0x366/0xab0 [ 41.821115][ T342] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.826057][ T342] ? __cfi_d_alloc_parallel+0x10/0x10 [ 41.831435][ T342] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 41.837160][ T342] ? downgrade_write+0x350/0x350 [ 41.842190][ T342] __lookup_slow+0x2c7/0x3f0 [ 41.846772][ T342] ? lookup_one_len+0x2d0/0x2d0 [ 41.851608][ T342] ? down_read+0xa0/0xf0 [ 41.855834][ T342] lookup_slow+0x57/0x70 [ 41.860058][ T342] walk_component+0x2f4/0x420 [ 41.864805][ T342] path_lookupat+0x180/0x490 [ 41.869383][ T342] filename_lookup+0x1f0/0x500 [ 41.874133][ T342] ? __cfi_filename_lookup+0x10/0x10 [ 41.879408][ T342] ? strncpy_from_user+0x17a/0x2d0 [ 41.884516][ T342] user_path_at_empty+0x47/0x1c0 [ 41.889447][ T342] do_sys_truncate+0xa3/0x190 [ 41.894117][ T342] ? __cfi_do_sys_truncate+0x10/0x10 [ 41.899387][ T342] ? fpregs_restore_userregs+0x128/0x260 [ 41.905006][ T342] __x64_sys_truncate+0x5b/0x70 [ 41.909850][ T342] x64_sys_call+0x679/0x9a0 [ 41.914348][ T342] do_syscall_64+0x4c/0xa0 [ 41.918752][ T342] ? clear_bhb_loop+0x15/0x70 [ 41.923414][ T342] ? clear_bhb_loop+0x15/0x70 [ 41.928077][ T342] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.933957][ T342] RIP: 0033:0x7f70b9100b89 [ 41.938355][ T342] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.958209][ T342] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 41.966638][ T342] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 41.974611][ T342] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 41.982668][ T342] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 41.990625][ T342] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 41.998588][ T342] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 42.006546][ T342] [pid 344] <... mount resumed>) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 344] ioctl(4, LOOP_CLR_FD) = 0 [pid 344] close(4) = 0 [pid 344] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] memfd_create("syzkaller", 0) = 3 [pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = 1 [ 42.012748][ T344] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 42.020428][ T342] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 42.042934][ T344] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 42.048619][ T352] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 344] truncate("./file3", 7326 [pid 343] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 352] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f70b91996b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] exit_group(0 [pid 352] <... futex resumed>) = ? [pid 338] <... futex resumed>) = ? [pid 337] <... exit_group resumed>) = ? [pid 352] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=35, si_stime=36} --- [ 42.049831][ T340] F2FS-fs (loop3): Found nat_bits in checkpoint [ 42.077050][ T344] CPU: 1 PID: 344 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 42.088800][ T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.098863][ T344] Call Trace: [ 42.102138][ T344] [ 42.105063][ T344] __dump_stack+0x21/0x24 [ 42.109402][ T344] dump_stack_lvl+0xee/0x150 [ 42.113997][ T344] ? __cfi_dump_stack_lvl+0x8/0x8 [ 42.119023][ T344] ? __kasan_check_write+0x14/0x20 [ 42.124139][ T344] dump_stack+0x15/0x24 [ 42.128291][ T344] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 42.133832][ T344] f2fs_is_valid_blkaddr+0x23/0x30 [ 42.138993][ T344] sanity_check_extent_cache+0x1c5/0x480 [ 42.144624][ T344] f2fs_iget+0x3312/0x4cb0 [ 42.149056][ T344] f2fs_lookup+0x366/0xab0 [ 42.153465][ T344] ? __cfi_f2fs_lookup+0x10/0x10 [ 42.158402][ T344] ? __cfi_d_alloc_parallel+0x10/0x10 [ 42.163778][ T344] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 42.169502][ T344] ? downgrade_write+0x350/0x350 [ 42.174458][ T344] __lookup_slow+0x2c7/0x3f0 [ 42.179069][ T344] ? lookup_one_len+0x2d0/0x2d0 [ 42.183924][ T344] ? down_read+0xa0/0xf0 [ 42.188185][ T344] lookup_slow+0x57/0x70 [ 42.191418][ T359] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 42.192431][ T344] walk_component+0x2f4/0x420 [ 42.204284][ T344] path_lookupat+0x180/0x490 [ 42.208885][ T344] filename_lookup+0x1f0/0x500 [ 42.213655][ T344] ? __cfi_filename_lookup+0x10/0x10 [ 42.218941][ T344] ? strncpy_from_user+0x17a/0x2d0 [ 42.224070][ T344] user_path_at_empty+0x47/0x1c0 [ 42.229024][ T344] do_sys_truncate+0xa3/0x190 [ 42.233723][ T344] ? __cfi_do_sys_truncate+0x10/0x10 [ 42.239003][ T344] ? fpregs_restore_userregs+0x128/0x260 [ 42.244628][ T344] __x64_sys_truncate+0x5b/0x70 [ 42.250187][ T344] x64_sys_call+0x679/0x9a0 [ 42.254811][ T344] do_syscall_64+0x4c/0xa0 [ 42.259239][ T344] ? clear_bhb_loop+0x15/0x70 [ 42.264047][ T344] ? clear_bhb_loop+0x15/0x70 [ 42.268898][ T344] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.276905][ T344] RIP: 0033:0x7f70b9100b89 [ 42.281429][ T344] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.301054][ T344] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 342] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 340] <... mount resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 342] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 342] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 342] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... openat resumed>) = 3 [pid 340] chdir("./file0" [pid 295] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 340] <... chdir resumed>) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 343] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 343] <... futex resumed>) = 0 [pid 340] ioctl(4, LOOP_CLR_FD [pid 343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 340] <... ioctl resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 343] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[365]}, 88) = 365 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 42.301296][ T340] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 42.309469][ T344] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 42.324912][ T344] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 42.332886][ T344] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 42.340859][ T344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 42.348834][ T344] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 42.356802][ T344] [pid 343] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] close(4 [pid 295] newfstatat(3, "", [pid 344] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 340] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 42.362254][ T359] CPU: 0 PID: 359 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 42.364757][ T344] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 42.373918][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.373930][ T359] Call Trace: [ 42.373935][ T359] [ 42.373941][ T359] __dump_stack+0x21/0x24 [ 42.373965][ T359] dump_stack_lvl+0xee/0x150 [pid 344] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 340] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] getdents64(3, [pid 344] <... futex resumed>) = 0 [pid 343] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 340] <... futex resumed>) = 1 [pid 339] <... futex resumed>) = 0 [pid 295] <... getdents64 resumed>0x55557e352730 /* 4 entries */, 32768) = 112 [pid 344] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 340] truncate("./file3", 7326 [pid 339] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] exit_group(0) = ? [ 42.373983][ T359] ? __cfi_dump_stack_lvl+0x8/0x8 [ 42.416104][ T340] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 42.416988][ T359] ? __kasan_check_write+0x14/0x20 [ 42.428826][ T359] dump_stack+0x15/0x24 [ 42.432996][ T359] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 42.438547][ T359] f2fs_is_valid_blkaddr+0x23/0x30 [ 42.443664][ T359] sanity_check_extent_cache+0x1c5/0x480 [ 42.449302][ T359] f2fs_iget+0x3312/0x4cb0 [ 42.453736][ T359] f2fs_lookup+0x366/0xab0 [ 42.458146][ T359] ? __cfi_f2fs_lookup+0x10/0x10 [pid 339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 339] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 339] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[366]}, 88) = 366 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 42.463071][ T359] ? __cfi_d_alloc_parallel+0x10/0x10 [ 42.468435][ T359] ? __cfi_f2fs_lookup+0x10/0x10 [ 42.473365][ T359] path_openat+0xff3/0x2f50 [ 42.477865][ T359] ? do_filp_open+0x3c0/0x3c0 [ 42.482560][ T359] do_filp_open+0x1c1/0x3c0 [ 42.487097][ T359] ? __cfi_do_filp_open+0x10/0x10 [ 42.492128][ T359] ? alloc_fd+0x4e6/0x590 [ 42.496460][ T359] do_sys_openat2+0x185/0x7e0 [ 42.501176][ T359] ? _raw_spin_unlock_irq+0x4d/0x70 [ 42.506370][ T359] ? ptrace_notify+0x1d1/0x250 [pid 366] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 339] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 343] exit_group(0 [pid 344] <... futex resumed>) = ? [pid 343] <... exit_group resumed>) = ? [pid 344] +++ exited with 0 +++ [ 42.511131][ T359] ? do_sys_open+0xe0/0xe0 [ 42.515678][ T359] ? __cfi_ptrace_notify+0x10/0x10 [ 42.520806][ T359] ? xfd_validate_state+0x70/0x150 [ 42.525924][ T359] __x64_sys_openat+0x136/0x160 [ 42.530787][ T359] x64_sys_call+0x783/0x9a0 [ 42.535304][ T359] do_syscall_64+0x4c/0xa0 [ 42.539729][ T359] ? clear_bhb_loop+0x15/0x70 [ 42.544402][ T359] ? clear_bhb_loop+0x15/0x70 [ 42.549069][ T359] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.554957][ T359] RIP: 0033:0x7f70b9100b89 [pid 342] <... futex resumed>) = ? [pid 342] +++ exited with 0 +++ [ 42.559361][ T359] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.578962][ T359] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 42.587472][ T359] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 42.595465][ T359] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 42.603442][ T359] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 ./strace-static-x86_64: Process 365 attached [pid 365] +++ exited with 0 +++ [pid 343] +++ exited with 0 +++ [pid 359] <... openat resumed>) = ? [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=31, si_stime=32} --- [ 42.611412][ T359] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 42.619385][ T359] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 42.627364][ T359] [ 42.630703][ T359] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 42.644662][ T340] CPU: 0 PID: 340 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 42.656321][ T340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.666378][ T340] Call Trace: [ 42.669649][ T340] [ 42.672561][ T340] __dump_stack+0x21/0x24 [ 42.676883][ T340] dump_stack_lvl+0xee/0x150 [ 42.681455][ T340] ? __cfi_dump_stack_lvl+0x8/0x8 [ 42.686466][ T340] ? __kasan_check_write+0x14/0x20 [ 42.691563][ T340] dump_stack+0x15/0x24 [ 42.695734][ T340] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 42.701261][ T340] f2fs_is_valid_blkaddr+0x23/0x30 [ 42.706354][ T340] sanity_check_extent_cache+0x1c5/0x480 [ 42.711969][ T340] f2fs_iget+0x3312/0x4cb0 [ 42.716378][ T340] f2fs_lookup+0x366/0xab0 [ 42.720958][ T340] ? __cfi_f2fs_lookup+0x10/0x10 [ 42.725890][ T340] ? __cfi_d_alloc_parallel+0x10/0x10 [ 42.731271][ T340] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 42.736981][ T340] ? downgrade_write+0x350/0x350 [ 42.741993][ T340] __lookup_slow+0x2c7/0x3f0 [ 42.746572][ T340] ? lookup_one_len+0x2d0/0x2d0 [ 42.751934][ T340] ? down_read+0xa0/0xf0 [ 42.756179][ T340] lookup_slow+0x57/0x70 [ 42.760404][ T340] walk_component+0x2f4/0x420 [ 42.765070][ T340] path_lookupat+0x180/0x490 [ 42.769649][ T340] filename_lookup+0x1f0/0x500 [ 42.774399][ T340] ? __cfi_filename_lookup+0x10/0x10 [ 42.779673][ T340] ? strncpy_from_user+0x17a/0x2d0 [ 42.784776][ T340] user_path_at_empty+0x47/0x1c0 [ 42.789700][ T340] do_sys_truncate+0xa3/0x190 [ 42.794370][ T340] ? __cfi_do_sys_truncate+0x10/0x10 [ 42.799651][ T340] ? fpregs_restore_userregs+0x128/0x260 [ 42.805265][ T340] __x64_sys_truncate+0x5b/0x70 [ 42.810198][ T340] x64_sys_call+0x679/0x9a0 [ 42.814684][ T340] do_syscall_64+0x4c/0xa0 [ 42.819088][ T340] ? clear_bhb_loop+0x15/0x70 [ 42.823744][ T340] ? clear_bhb_loop+0x15/0x70 [ 42.828406][ T340] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.834287][ T340] RIP: 0033:0x7f70b9100b89 [ 42.838684][ T340] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.858276][ T340] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 42.866718][ T340] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 42.874681][ T340] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 42.882734][ T340] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 42.890691][ T340] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 42.898647][ T340] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 42.906608][ T340] [pid 291] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] +++ exited with 0 +++ [pid 341] +++ exited with 0 +++ [pid 339] exit_group(0) = ? [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=31, si_stime=58} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 340] <... truncate resumed>) = ? [pid 340] +++ exited with 0 +++ [pid 293] <... restart_syscall resumed>) = 0 [pid 293] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 42.913613][ T340] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 42.931838][ T366] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 42.948045][ T366] CPU: 1 PID: 366 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 42.959708][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.969770][ T366] Call Trace: [ 42.973052][ T366] [ 42.975980][ T366] __dump_stack+0x21/0x24 [ 42.980325][ T366] dump_stack_lvl+0xee/0x150 [ 42.984925][ T366] ? __cfi_dump_stack_lvl+0x8/0x8 [ 42.989968][ T366] ? __kasan_check_write+0x14/0x20 [ 42.995093][ T366] dump_stack+0x15/0x24 [ 42.999267][ T366] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 43.005040][ T366] f2fs_is_valid_blkaddr+0x23/0x30 [ 43.010172][ T366] sanity_check_extent_cache+0x1c5/0x480 [ 43.015831][ T366] f2fs_iget+0x3312/0x4cb0 [ 43.020270][ T366] f2fs_lookup+0x366/0xab0 [ 43.024689][ T366] ? __rcu_read_unlock+0x5e/0xa0 [ 43.029640][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.034575][ T366] ? __cfi_d_alloc_parallel+0x10/0x10 [ 43.039962][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.044918][ T366] path_openat+0xff3/0x2f50 [ 43.049445][ T366] ? do_filp_open+0x3c0/0x3c0 [ 43.054126][ T366] do_filp_open+0x1c1/0x3c0 [ 43.058634][ T366] ? __cfi_do_filp_open+0x10/0x10 [ 43.063694][ T366] ? alloc_fd+0x4e6/0x590 [ 43.068048][ T366] do_sys_openat2+0x185/0x7e0 [ 43.072730][ T366] ? _raw_spin_unlock_irq+0x4d/0x70 [ 43.077940][ T366] ? ptrace_notify+0x1d1/0x250 [ 43.082713][ T366] ? do_sys_open+0xe0/0xe0 [ 43.087136][ T366] ? __cfi_ptrace_notify+0x10/0x10 [ 43.092252][ T366] ? irqtime_account_irq+0x17c/0x240 [ 43.097551][ T366] __x64_sys_openat+0x136/0x160 [ 43.102490][ T366] x64_sys_call+0x783/0x9a0 [ 43.106996][ T366] do_syscall_64+0x4c/0xa0 [ 43.111415][ T366] ? clear_bhb_loop+0x15/0x70 [ 43.116096][ T366] ? clear_bhb_loop+0x15/0x70 [ 43.120777][ T366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 43.126678][ T366] RIP: 0033:0x7f70b9100b89 [ 43.131098][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.150712][ T366] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 43.159132][ T366] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 43.167109][ T366] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 43.175084][ T366] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 43.183064][ T366] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 43.191128][ T366] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 43.199108][ T366] [pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 366] <... openat resumed>) = ? [pid 366] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=33, si_stime=38} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 43.223618][ T366] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./1/file0") = 0 [pid 295] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./1/binderfs") = 0 [pid 295] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./1") = 0 [pid 295] mkdir("./2", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x55557e3516a0, 24) = 0 [pid 367] chdir("./2") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18) = 18 executing program [pid 367] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 367] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./1/file0") = 0 [pid 291] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./1/binderfs") = 0 [pid 291] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./1") = 0 [pid 291] mkdir("./2", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 369 [pid 293] <... umount2 resumed>) = 0 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./1/file0") = 0 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x55557e3516a0, 24) = 0 [pid 369] chdir("./2") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 369] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} [pid 293] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 369] <... clone3 resumed> => {parent_tid=[370]}, 88) = 370 [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] memfd_create("syzkaller", 0 [pid 293] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 370] <... memfd_create resumed>) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 293] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./1/binderfs") = 0 [pid 293] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./1") = 0 [pid 293] mkdir("./2", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x55557e3516a0, 24) = 0 [pid 371] chdir("./2") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] write(1, "executing program\n", 18executing program ) = 18 [pid 371] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 371] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[372]}, 88) = 372 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./1/file0") = 0 [pid 294] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./1/binderfs") = 0 [pid 294] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./1") = 0 [pid 294] mkdir("./2", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55557e3516a0, 24) = 0 [pid 373] chdir("./2") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 373] write(1, "executing program\n", 18) = 18 [pid 373] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 373] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[374]}, 88) = 374 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 361] <... write resumed>) = 67108864 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 361] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 361] close(3) = 0 [pid 361] close(4) = 0 [pid 361] mkdir("./file0", 0777) = 0 [ 43.691005][ T361] loop1: detected capacity change from 0 to 131072 [ 43.712927][ T361] F2FS-fs (loop1): invalid crc value [ 43.760324][ T361] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 361] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "") = 0 [pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 361] chdir("./file0") = 0 [pid 361] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_CLR_FD) = 0 [ 43.821365][ T361] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [pid 361] close(4) = 0 [pid 361] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 360] <... futex resumed>) = 0 [pid 360] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] truncate("./file3", 7326 [pid 360] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 360] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 360] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 360] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 360] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[379]}, 88) = 379 [pid 360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 360] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.861603][ T361] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 43.872002][ T361] CPU: 0 PID: 361 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 43.883975][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.894046][ T361] Call Trace: [ 43.897321][ T361] [ 43.900243][ T361] __dump_stack+0x21/0x24 [ 43.904574][ T361] dump_stack_lvl+0xee/0x150 [pid 360] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 360] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 43.909174][ T361] ? __cfi_dump_stack_lvl+0x8/0x8 [ 43.914228][ T361] ? __kasan_check_write+0x14/0x20 [ 43.919354][ T361] dump_stack+0x15/0x24 [ 43.923514][ T361] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 43.929070][ T361] f2fs_is_valid_blkaddr+0x23/0x30 [ 43.934291][ T361] sanity_check_extent_cache+0x1c5/0x480 [ 43.939923][ T361] f2fs_iget+0x3312/0x4cb0 [ 43.944435][ T361] f2fs_lookup+0x366/0xab0 [ 43.948843][ T361] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.953776][ T361] ? __cfi_d_alloc_parallel+0x10/0x10 [ 43.959150][ T361] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 43.964877][ T361] ? downgrade_write+0x350/0x350 [ 43.969830][ T361] __lookup_slow+0x2c7/0x3f0 [ 43.974433][ T361] ? lookup_one_len+0x2d0/0x2d0 [ 43.979282][ T361] ? down_read+0xa0/0xf0 [ 43.983527][ T361] lookup_slow+0x57/0x70 [ 43.987762][ T361] walk_component+0x2f4/0x420 [ 43.992461][ T361] path_lookupat+0x180/0x490 [ 43.997054][ T361] filename_lookup+0x1f0/0x500 [ 44.001822][ T361] ? __cfi_filename_lookup+0x10/0x10 [ 44.007118][ T361] ? strncpy_from_user+0x17a/0x2d0 [ 44.012236][ T361] user_path_at_empty+0x47/0x1c0 [ 44.017175][ T361] do_sys_truncate+0xa3/0x190 [ 44.021857][ T361] ? __cfi_do_sys_truncate+0x10/0x10 [ 44.027177][ T361] ? fpregs_restore_userregs+0x128/0x260 [ 44.032815][ T361] __x64_sys_truncate+0x5b/0x70 [ 44.037674][ T361] x64_sys_call+0x679/0x9a0 [ 44.042172][ T361] do_syscall_64+0x4c/0xa0 [ 44.046585][ T361] ? clear_bhb_loop+0x15/0x70 [ 44.051258][ T361] ? clear_bhb_loop+0x15/0x70 [ 44.055934][ T361] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [pid 360] exit_group(0) = ? [ 44.061827][ T361] RIP: 0033:0x7f70b9100b89 [ 44.066257][ T361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.085891][ T361] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 44.094306][ T361] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 44.102274][ T361] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 44.110250][ T361] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 44.118221][ T361] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 44.126205][ T361] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.134182][ T361] [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 361] <... truncate resumed>) = ? [ 44.665285][ T361] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 361] +++ exited with 0 +++ [pid 368] <... write resumed>) = 67108864 [ 44.709792][ T379] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 44.719244][ T379] CPU: 1 PID: 379 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 44.730910][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.740981][ T379] Call Trace: [ 44.744272][ T379] [ 44.747217][ T379] __dump_stack+0x21/0x24 [ 44.751649][ T379] dump_stack_lvl+0xee/0x150 [ 44.756269][ T379] ? __cfi_dump_stack_lvl+0x8/0x8 [ 44.761318][ T379] ? __kasan_check_write+0x14/0x20 [ 44.766450][ T379] dump_stack+0x15/0x24 [ 44.770621][ T379] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 44.776172][ T379] f2fs_is_valid_blkaddr+0x23/0x30 [ 44.781292][ T379] sanity_check_extent_cache+0x1c5/0x480 [ 44.786934][ T379] f2fs_iget+0x3312/0x4cb0 [ 44.791366][ T379] f2fs_lookup+0x366/0xab0 [ 44.795786][ T379] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.800725][ T379] ? __cfi_d_alloc_parallel+0x10/0x10 [ 44.806106][ T379] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.811061][ T379] path_openat+0xff3/0x2f50 [ 44.815578][ T379] ? do_filp_open+0x3c0/0x3c0 [ 44.820258][ T379] do_filp_open+0x1c1/0x3c0 [ 44.824765][ T379] ? __cfi_do_filp_open+0x10/0x10 [ 44.829814][ T379] ? alloc_fd+0x4e6/0x590 [ 44.834246][ T379] do_sys_openat2+0x185/0x7e0 [ 44.838938][ T379] ? _raw_spin_unlock_irq+0x4d/0x70 [ 44.844150][ T379] ? ptrace_notify+0x1d1/0x250 [ 44.848932][ T379] ? do_sys_open+0xe0/0xe0 [ 44.853356][ T379] ? __cfi_ptrace_notify+0x10/0x10 [ 44.858473][ T379] ? xfd_validate_state+0x70/0x150 [ 44.863592][ T379] __x64_sys_openat+0x136/0x160 [ 44.868449][ T379] x64_sys_call+0x783/0x9a0 [ 44.872978][ T379] do_syscall_64+0x4c/0xa0 [ 44.877410][ T379] ? clear_bhb_loop+0x15/0x70 [ 44.882108][ T379] ? clear_bhb_loop+0x15/0x70 [ 44.886813][ T379] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 44.892720][ T379] RIP: 0033:0x7f70b9100b89 [ 44.897141][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.916879][ T379] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.925302][ T379] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 44.933282][ T379] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 44.939038][ T372] loop2: detected capacity change from 0 to 131072 [ 44.941252][ T379] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [pid 368] munmap(0x7f70b0c9d000, 138412032 [pid 372] <... write resumed>) = 67108864 [pid 372] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 374] <... write resumed>) = 67108864 [pid 372] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3 [pid 374] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_SET_FD, 3 [pid 368] <... munmap resumed>) = 0 [pid 372] <... ioctl resumed>) = 0 [pid 372] close(3) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("./file0", 0777) = 0 [pid 372] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 370] <... write resumed>) = 67108864 [pid 370] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 379] <... openat resumed>) = ? [pid 374] <... ioctl resumed>) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 368] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 379] +++ exited with 0 +++ [pid 368] <... openat resumed>) = 4 [pid 360] +++ exited with 0 +++ [pid 368] ioctl(4, LOOP_SET_FD, 3 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=33, si_stime=36} --- [pid 374] close(3 [pid 370] <... openat resumed>) = 4 [pid 374] <... close resumed>) = 0 [pid 374] close(4) = 0 [pid 374] mkdir("./file0", 0777 [pid 370] ioctl(4, LOOP_SET_FD, 3 [pid 374] <... mkdir resumed>) = 0 [ 44.941264][ T379] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 44.941273][ T379] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.941287][ T379] [ 44.958392][ T374] loop3: detected capacity change from 0 to 131072 [ 44.967875][ T379] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 44.976813][ T372] F2FS-fs (loop2): invalid crc value [ 44.987268][ T368] loop4: detected capacity change from 0 to 131072 [pid 374] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 292] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 370] <... ioctl resumed>) = 0 [pid 370] close(3) = 0 [pid 370] close(4) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 368] <... ioctl resumed>) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [ 45.009714][ T370] loop0: detected capacity change from 0 to 131072 [ 45.029182][ T370] F2FS-fs (loop0): invalid crc value [ 45.036407][ T368] F2FS-fs (loop4): invalid crc value [ 45.059154][ T374] F2FS-fs (loop3): invalid crc value [ 45.072189][ T370] F2FS-fs (loop0): Found nat_bits in checkpoint [ 45.080539][ T368] F2FS-fs (loop4): Found nat_bits in checkpoint [ 45.110706][ T374] F2FS-fs (loop3): Found nat_bits in checkpoint [ 45.110755][ T372] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 368] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 45.161605][ T368] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 45.200304][ T368] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 45.205574][ T374] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 45.214633][ T368] CPU: 1 PID: 368 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 45.221612][ T372] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 45.226337][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.234071][ T370] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 45.243845][ T368] Call Trace: [ 45.243858][ T368] [ 45.243864][ T368] __dump_stack+0x21/0x24 [ 45.243890][ T368] dump_stack_lvl+0xee/0x150 [ 45.243907][ T368] ? __cfi_dump_stack_lvl+0x8/0x8 [ 45.243926][ T368] ? __kasan_check_write+0x14/0x20 [ 45.276505][ T368] dump_stack+0x15/0x24 [ 45.280672][ T368] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 45.286230][ T368] f2fs_is_valid_blkaddr+0x23/0x30 [ 45.291342][ T368] sanity_check_extent_cache+0x1c5/0x480 [ 45.297245][ T368] f2fs_iget+0x3312/0x4cb0 [ 45.302019][ T368] f2fs_lookup+0x366/0xab0 [ 45.306528][ T368] ? __cfi_f2fs_lookup+0x10/0x10 [ 45.309274][ T374] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 45.311910][ T368] ? __cfi_d_alloc_parallel+0x10/0x10 [ 45.311938][ T368] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 45.311957][ T368] ? downgrade_write+0x350/0x350 [ 45.311979][ T368] __lookup_slow+0x2c7/0x3f0 [ 45.318734][ T370] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 45.323992][ T368] ? lookup_one_len+0x2d0/0x2d0 [ 45.324016][ T368] ? down_read+0xa0/0xf0 [ 45.354992][ T368] lookup_slow+0x57/0x70 [pid 368] truncate("./file3", 7326 [pid 374] <... mount resumed>) = 0 [pid 372] <... mount resumed>) = 0 [pid 370] <... mount resumed>) = 0 [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 292] <... umount2 resumed>) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 367] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... openat resumed>) = 3 [pid 372] <... openat resumed>) = 3 [pid 370] <... openat resumed>) = 3 [pid 367] <... futex resumed>) = 0 [pid 374] chdir("./file0" [pid 372] chdir("./file0" [pid 370] chdir("./file0" [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 374] <... chdir resumed>) = 0 [pid 372] <... chdir resumed>) = 0 [pid 370] <... chdir resumed>) = 0 [pid 367] <... mmap resumed>) = 0x7f70b907c000 [pid 374] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 372] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 367] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE [pid 374] <... openat resumed>) = 4 [pid 372] <... openat resumed>) = 4 [pid 370] <... openat resumed>) = 4 [pid 367] <... mprotect resumed>) = 0 [pid 374] ioctl(4, LOOP_CLR_FD [pid 372] ioctl(4, LOOP_CLR_FD [pid 370] ioctl(4, LOOP_CLR_FD [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 374] <... ioctl resumed>) = 0 [pid 372] <... ioctl resumed>) = 0 [pid 370] <... ioctl resumed>) = 0 [pid 367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 374] close(4 [pid 372] close(4 [pid 370] close(4 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} [pid 374] <... close resumed>) = 0 [pid 372] <... close resumed>) = 0 [pid 370] <... close resumed>) = 0 [pid 374] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... clone3 resumed> => {parent_tid=[396]}, 88) = 396 [pid 374] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 372] <... futex resumed>) = 1 [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 367] rt_sigprocmask(SIG_SETMASK, [], [pid 374] truncate("./file3", 7326 [pid 373] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] truncate("./file3", 7326 [pid 369] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 0 [pid 367] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./1/file0") = 0 [pid 292] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./1/binderfs") = 0 [pid 292] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./1") = 0 [pid 292] mkdir("./2", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 397 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 371] <... futex resumed>) = 1 [pid 372] truncate("./file3", 7326 [pid 371] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 373] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 373] <... mmap resumed>) = 0x7f70b907c000 [pid 369] <... mmap resumed>) = 0x7f70b907c000 [pid 373] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE [pid 369] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE [pid 373] <... mprotect resumed>) = 0 [pid 369] <... mprotect resumed>) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} [pid 369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} [pid 373] <... clone3 resumed> => {parent_tid=[399]}, 88) = 399 [pid 369] <... clone3 resumed> => {parent_tid=[398]}, 88) = 398 [ 45.359344][ T368] walk_component+0x2f4/0x420 [ 45.364027][ T368] path_lookupat+0x180/0x490 [ 45.368648][ T368] filename_lookup+0x1f0/0x500 [ 45.373438][ T368] ? __cfi_filename_lookup+0x10/0x10 [ 45.376141][ T372] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 45.378741][ T368] ? strncpy_from_user+0x17a/0x2d0 [ 45.390579][ T368] user_path_at_empty+0x47/0x1c0 [ 45.395529][ T368] do_sys_truncate+0xa3/0x190 [ 45.400222][ T368] ? __cfi_do_sys_truncate+0x10/0x10 [ 45.405529][ T368] ? fpregs_restore_userregs+0x128/0x260 [ 45.411182][ T368] __x64_sys_truncate+0x5b/0x70 [ 45.416048][ T368] x64_sys_call+0x679/0x9a0 [ 45.420560][ T368] do_syscall_64+0x4c/0xa0 [ 45.424994][ T368] ? clear_bhb_loop+0x15/0x70 [ 45.429684][ T368] ? clear_bhb_loop+0x15/0x70 [ 45.434377][ T368] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 45.440286][ T368] RIP: 0033:0x7f70b9100b89 [ 45.444703][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.464309][ T368] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 45.472730][ T368] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 45.480705][ T368] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 45.488673][ T368] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 45.496644][ T368] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 45.504617][ T368] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [pid 373] rt_sigprocmask(SIG_SETMASK, [], [pid 369] rt_sigprocmask(SIG_SETMASK, [], [pid 373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 0 [pid 373] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 371] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 371] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[400]}, 88) = 400 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 373] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 369] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 400 attached ./strace-static-x86_64: Process 399 attached ./strace-static-x86_64: Process 398 attached ./strace-static-x86_64: Process 397 attached ./strace-static-x86_64: Process 396 attached [pid 368] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 400] set_robust_list(0x7f70b909c9a0, 24 [pid 399] set_robust_list(0x7f70b909c9a0, 24 [pid 398] set_robust_list(0x7f70b909c9a0, 24 [pid 397] set_robust_list(0x55557e3516a0, 24 [pid 396] set_robust_list(0x7f70b909c9a0, 24 [pid 368] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... set_robust_list resumed>) = 0 [pid 399] <... set_robust_list resumed>) = 0 [pid 398] <... set_robust_list resumed>) = 0 [pid 397] <... set_robust_list resumed>) = 0 [pid 396] <... set_robust_list resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 400] rt_sigprocmask(SIG_SETMASK, [], [pid 399] rt_sigprocmask(SIG_SETMASK, [], [pid 398] rt_sigprocmask(SIG_SETMASK, [], [pid 397] chdir("./2" [pid 396] rt_sigprocmask(SIG_SETMASK, [], [ 45.512596][ T368] [ 45.515617][ T374] CPU: 0 PID: 374 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 45.516966][ T368] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 45.527250][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.527261][ T374] Call Trace: [ 45.527266][ T374] [ 45.527271][ T374] __dump_stack+0x21/0x24 [pid 368] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] <... chdir resumed>) = 0 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 400] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 399] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 398] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 396] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 397] <... prctl resumed>) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 397] write(1, "executing program\n", 18) = 18 [pid 397] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 397] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[401]}, 88) = 401 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.560733][ T374] dump_stack_lvl+0xee/0x150 [ 45.564565][ T396] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 45.565321][ T374] ? __cfi_dump_stack_lvl+0x8/0x8 [ 45.576998][ T374] ? __kasan_check_write+0x14/0x20 [ 45.582146][ T374] dump_stack+0x15/0x24 [ 45.586313][ T374] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 45.591865][ T374] f2fs_is_valid_blkaddr+0x23/0x30 [ 45.596962][ T374] sanity_check_extent_cache+0x1c5/0x480 [ 45.602606][ T374] f2fs_iget+0x3312/0x4cb0 [ 45.607046][ T374] f2fs_lookup+0x366/0xab0 [ 45.611881][ T374] ? __cfi_f2fs_lookup+0x10/0x10 [ 45.616861][ T374] ? __cfi_d_alloc_parallel+0x10/0x10 [ 45.622238][ T374] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 45.627948][ T374] ? downgrade_write+0x350/0x350 [ 45.632881][ T374] __lookup_slow+0x2c7/0x3f0 [ 45.637463][ T374] ? lookup_one_len+0x2d0/0x2d0 [ 45.642306][ T374] ? down_read+0xa0/0xf0 [ 45.646540][ T374] lookup_slow+0x57/0x70 [ 45.650778][ T374] walk_component+0x2f4/0x420 [ 45.655533][ T374] path_lookupat+0x180/0x490 [ 45.660119][ T374] filename_lookup+0x1f0/0x500 [ 45.664894][ T374] ? __cfi_filename_lookup+0x10/0x10 [ 45.670177][ T374] ? strncpy_from_user+0x17a/0x2d0 [ 45.675285][ T374] user_path_at_empty+0x47/0x1c0 [ 45.680222][ T374] do_sys_truncate+0xa3/0x190 [ 45.684896][ T374] ? __cfi_do_sys_truncate+0x10/0x10 [ 45.690185][ T374] ? fpregs_restore_userregs+0x128/0x260 [ 45.695809][ T374] __x64_sys_truncate+0x5b/0x70 [ 45.701087][ T374] x64_sys_call+0x679/0x9a0 [ 45.705605][ T374] do_syscall_64+0x4c/0xa0 [ 45.710368][ T374] ? clear_bhb_loop+0x15/0x70 [ 45.715038][ T374] ? clear_bhb_loop+0x15/0x70 [ 45.719711][ T374] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 45.725613][ T374] RIP: 0033:0x7f70b9100b89 [ 45.730015][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.749618][ T374] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 45.758038][ T374] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 45.766007][ T374] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 45.773970][ T374] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 45.781940][ T374] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 45.790005][ T374] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 45.798087][ T374] [ 45.801109][ T396] CPU: 1 PID: 396 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 45.813085][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.823215][ T396] Call Trace: [ 45.826567][ T396] [ 45.829494][ T396] __dump_stack+0x21/0x24 [ 45.833846][ T396] dump_stack_lvl+0xee/0x150 [ 45.838445][ T396] ? __cfi_dump_stack_lvl+0x8/0x8 [ 45.843466][ T396] ? __kasan_check_write+0x14/0x20 [ 45.848582][ T396] dump_stack+0x15/0x24 [ 45.852732][ T396] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 45.858289][ T396] f2fs_is_valid_blkaddr+0x23/0x30 [ 45.863407][ T396] sanity_check_extent_cache+0x1c5/0x480 [ 45.869215][ T396] f2fs_iget+0x3312/0x4cb0 [ 45.873648][ T396] f2fs_lookup+0x366/0xab0 [ 45.878059][ T396] ? __cfi_f2fs_lookup+0x10/0x10 [ 45.883000][ T396] ? __cfi_d_alloc_parallel+0x10/0x10 [ 45.888364][ T396] ? __cfi_f2fs_lookup+0x10/0x10 [ 45.893285][ T396] path_openat+0xff3/0x2f50 [ 45.897781][ T396] ? do_filp_open+0x3c0/0x3c0 [ 45.902453][ T396] do_filp_open+0x1c1/0x3c0 [ 45.906942][ T396] ? __cfi_do_filp_open+0x10/0x10 [ 45.911950][ T396] ? alloc_fd+0x4e6/0x590 [ 45.916280][ T396] do_sys_openat2+0x185/0x7e0 [ 45.920943][ T396] ? _raw_spin_unlock_irq+0x4d/0x70 [ 45.926139][ T396] ? ptrace_notify+0x1d1/0x250 [ 45.930928][ T396] ? do_sys_open+0xe0/0xe0 [ 45.935374][ T396] ? __cfi_ptrace_notify+0x10/0x10 [ 45.940478][ T396] ? xfd_validate_state+0x70/0x150 [ 45.945592][ T396] __x64_sys_openat+0x136/0x160 [ 45.950436][ T396] x64_sys_call+0x783/0x9a0 [ 45.954934][ T396] do_syscall_64+0x4c/0xa0 [ 45.959376][ T396] ? clear_bhb_loop+0x15/0x70 [ 45.964037][ T396] ? clear_bhb_loop+0x15/0x70 [ 45.968710][ T396] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 45.974613][ T396] RIP: 0033:0x7f70b9100b89 [ 45.979017][ T396] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.998615][ T396] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 46.007151][ T396] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [pid 397] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 401 attached [ 46.015109][ T396] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 46.023067][ T396] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 46.031024][ T396] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 46.038984][ T396] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 46.046945][ T396] [ 46.051299][ T372] CPU: 1 PID: 372 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 46.062938][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.072984][ T372] Call Trace: [ 46.076246][ T372] [ 46.079159][ T372] __dump_stack+0x21/0x24 [ 46.083479][ T372] dump_stack_lvl+0xee/0x150 [ 46.088141][ T372] ? __cfi_dump_stack_lvl+0x8/0x8 [ 46.093152][ T372] ? __kasan_check_write+0x14/0x20 [ 46.098250][ T372] dump_stack+0x15/0x24 [ 46.102391][ T372] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 46.108008][ T372] f2fs_is_valid_blkaddr+0x23/0x30 [ 46.113115][ T372] sanity_check_extent_cache+0x1c5/0x480 [ 46.118737][ T372] f2fs_iget+0x3312/0x4cb0 [ 46.123167][ T372] f2fs_lookup+0x366/0xab0 [ 46.127571][ T372] ? __cfi_f2fs_lookup+0x10/0x10 [ 46.132502][ T372] ? __cfi_d_alloc_parallel+0x10/0x10 [ 46.137866][ T372] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 46.143584][ T372] ? downgrade_write+0x350/0x350 [ 46.148509][ T372] __lookup_slow+0x2c7/0x3f0 [ 46.153091][ T372] ? lookup_one_len+0x2d0/0x2d0 [ 46.157930][ T372] ? down_read+0xa0/0xf0 [ 46.162168][ T372] lookup_slow+0x57/0x70 [ 46.166412][ T372] walk_component+0x2f4/0x420 [ 46.171140][ T372] path_lookupat+0x180/0x490 [ 46.175753][ T372] filename_lookup+0x1f0/0x500 [ 46.180512][ T372] ? __cfi_filename_lookup+0x10/0x10 [ 46.185844][ T372] ? strncpy_from_user+0x17a/0x2d0 [ 46.191322][ T372] user_path_at_empty+0x47/0x1c0 [ 46.196353][ T372] do_sys_truncate+0xa3/0x190 [ 46.201063][ T372] ? __cfi_do_sys_truncate+0x10/0x10 [ 46.206557][ T372] ? fpregs_restore_userregs+0x128/0x260 [ 46.212291][ T372] __x64_sys_truncate+0x5b/0x70 [ 46.219944][ T372] x64_sys_call+0x679/0x9a0 [ 46.224456][ T372] do_syscall_64+0x4c/0xa0 [ 46.228891][ T372] ? clear_bhb_loop+0x15/0x70 [ 46.233565][ T372] ? clear_bhb_loop+0x15/0x70 [ 46.238245][ T372] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 46.244128][ T372] RIP: 0033:0x7f70b9100b89 [ 46.248551][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.268506][ T372] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 46.277210][ T372] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 46.285192][ T372] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 46.293237][ T372] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 46.301198][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 46.309251][ T372] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [pid 401] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 372] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] memfd_create("syzkaller", 0 [pid 372] <... futex resumed>) = 0 [pid 401] <... memfd_create resumed>) = 3 [pid 372] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 46.317219][ T372] [ 46.320442][ T370] CPU: 0 PID: 370 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 46.322637][ T372] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 46.332167][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.332181][ T370] Call Trace: [ 46.332187][ T370] [ 46.332193][ T370] __dump_stack+0x21/0x24 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 367] exit_group(0 [pid 368] <... futex resumed>) = ? [pid 367] <... exit_group resumed>) = ? [pid 368] +++ exited with 0 +++ [ 46.345499][ T400] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 46.355134][ T370] dump_stack_lvl+0xee/0x150 [ 46.355163][ T370] ? __cfi_dump_stack_lvl+0x8/0x8 [ 46.382103][ T370] ? __kasan_check_write+0x14/0x20 [ 46.387237][ T370] dump_stack+0x15/0x24 [ 46.391398][ T370] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 46.396954][ T370] f2fs_is_valid_blkaddr+0x23/0x30 [ 46.402063][ T370] sanity_check_extent_cache+0x1c5/0x480 [ 46.407829][ T370] f2fs_iget+0x3312/0x4cb0 [ 46.412262][ T370] f2fs_lookup+0x366/0xab0 [pid 373] exit_group(0 [pid 369] exit_group(0 [pid 373] <... exit_group resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 371] exit_group(0 [pid 372] <... futex resumed>) = ? [pid 371] <... exit_group resumed>) = ? [pid 372] +++ exited with 0 +++ [ 46.416682][ T370] ? __cfi_f2fs_lookup+0x10/0x10 [ 46.421615][ T370] ? __cfi_d_alloc_parallel+0x10/0x10 [ 46.427007][ T370] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 46.432876][ T370] ? downgrade_write+0x350/0x350 [ 46.437828][ T370] __lookup_slow+0x2c7/0x3f0 [ 46.442419][ T370] ? lookup_one_len+0x2d0/0x2d0 [ 46.447267][ T370] ? down_read+0xa0/0xf0 [ 46.451524][ T370] lookup_slow+0x57/0x70 [ 46.455775][ T370] walk_component+0x2f4/0x420 [ 46.460444][ T370] path_lookupat+0x180/0x490 [ 46.465032][ T370] filename_lookup+0x1f0/0x500 [ 46.469805][ T370] ? __cfi_filename_lookup+0x10/0x10 [ 46.475095][ T370] ? strncpy_from_user+0x17a/0x2d0 [ 46.480208][ T370] user_path_at_empty+0x47/0x1c0 [ 46.485142][ T370] do_sys_truncate+0xa3/0x190 [ 46.489830][ T370] ? __cfi_do_sys_truncate+0x10/0x10 [ 46.495121][ T370] ? fpregs_restore_userregs+0x128/0x260 [ 46.500757][ T370] __x64_sys_truncate+0x5b/0x70 [ 46.505633][ T370] x64_sys_call+0x679/0x9a0 [ 46.510233][ T370] do_syscall_64+0x4c/0xa0 [ 46.514659][ T370] ? clear_bhb_loop+0x15/0x70 [ 46.519340][ T370] ? clear_bhb_loop+0x15/0x70 [ 46.524110][ T370] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 46.529998][ T370] RIP: 0033:0x7f70b9100b89 [ 46.534408][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.554095][ T370] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 46.562512][ T370] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 46.570662][ T370] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 46.578738][ T370] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 46.586717][ T370] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 46.594681][ T370] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 46.602657][ T370] [ 46.605679][ T400] CPU: 1 PID: 400 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 46.607513][ T370] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 46.617487][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.617502][ T400] Call Trace: [ 46.617507][ T400] [ 46.617513][ T400] __dump_stack+0x21/0x24 [ 46.630799][ T396] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 46.640777][ T400] dump_stack_lvl+0xee/0x150 [ 46.640812][ T400] ? __cfi_dump_stack_lvl+0x8/0x8 [ 46.640830][ T400] ? mutex_unlock+0x89/0x220 [ 46.640845][ T400] ? __kasan_check_write+0x14/0x20 [ 46.640866][ T400] dump_stack+0x15/0x24 [ 46.640886][ T400] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 46.645630][ T374] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 46.647172][ T400] f2fs_is_valid_blkaddr+0x23/0x30 [ 46.714774][ T400] sanity_check_extent_cache+0x1c5/0x480 [ 46.720405][ T400] f2fs_iget+0x3312/0x4cb0 [ 46.724814][ T400] f2fs_lookup+0x366/0xab0 [ 46.729216][ T400] ? __cfi_f2fs_lookup+0x10/0x10 [ 46.734137][ T400] ? __cfi_d_alloc_parallel+0x10/0x10 [ 46.739533][ T400] ? __cfi_f2fs_lookup+0x10/0x10 [ 46.744725][ T400] path_openat+0xff3/0x2f50 [ 46.749220][ T400] ? do_filp_open+0x3c0/0x3c0 [ 46.753881][ T400] do_filp_open+0x1c1/0x3c0 [ 46.758372][ T400] ? __cfi_do_filp_open+0x10/0x10 [ 46.763380][ T400] ? alloc_fd+0x4e6/0x590 [ 46.767717][ T400] do_sys_openat2+0x185/0x7e0 [ 46.772381][ T400] ? _raw_spin_unlock_irq+0x4d/0x70 [ 46.777567][ T400] ? ptrace_notify+0x1d1/0x250 [ 46.782322][ T400] ? do_sys_open+0xe0/0xe0 [ 46.786754][ T400] ? __cfi_ptrace_notify+0x10/0x10 [ 46.791858][ T400] ? xfd_validate_state+0x70/0x150 [ 46.796958][ T400] __x64_sys_openat+0x136/0x160 [ 46.801794][ T400] x64_sys_call+0x783/0x9a0 [ 46.806298][ T400] do_syscall_64+0x4c/0xa0 [ 46.810715][ T400] ? clear_bhb_loop+0x15/0x70 [ 46.815471][ T400] ? clear_bhb_loop+0x15/0x70 [ 46.820150][ T400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 46.826050][ T400] RIP: 0033:0x7f70b9100b89 [ 46.830452][ T400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.850050][ T400] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 46.858452][ T400] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [pid 370] <... truncate resumed>) = ? [pid 370] +++ exited with 0 +++ [pid 396] <... openat resumed>) = ? [pid 396] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ [pid 374] <... truncate resumed>) = ? [pid 374] +++ exited with 0 +++ [ 46.866415][ T400] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 46.874369][ T400] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 46.882951][ T400] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 46.891271][ T400] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 46.899248][ T400] [ 46.903029][ T399] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 46.909807][ T399] CPU: 1 PID: 399 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 46.921506][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.931996][ T399] Call Trace: [ 46.935660][ T399] [ 46.939069][ T399] __dump_stack+0x21/0x24 [ 46.943654][ T399] dump_stack_lvl+0xee/0x150 [ 46.948949][ T399] ? __cfi_dump_stack_lvl+0x8/0x8 [ 46.954942][ T399] ? __kasan_check_write+0x14/0x20 [ 46.960061][ T399] dump_stack+0x15/0x24 [ 46.964226][ T399] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 46.969859][ T399] f2fs_is_valid_blkaddr+0x23/0x30 [ 46.974954][ T399] sanity_check_extent_cache+0x1c5/0x480 [ 46.980573][ T399] f2fs_iget+0x3312/0x4cb0 [ 46.985086][ T399] f2fs_lookup+0x366/0xab0 [ 46.989574][ T399] ? __cfi_f2fs_lookup+0x10/0x10 [ 46.994493][ T399] ? __cfi_d_alloc_parallel+0x10/0x10 [ 46.999854][ T399] ? __cfi_f2fs_lookup+0x10/0x10 [ 47.004864][ T399] path_openat+0xff3/0x2f50 [ 47.009362][ T399] ? do_filp_open+0x3c0/0x3c0 [ 47.014032][ T399] do_filp_open+0x1c1/0x3c0 [ 47.018520][ T399] ? __cfi_do_filp_open+0x10/0x10 [ 47.023540][ T399] ? alloc_fd+0x4e6/0x590 [ 47.028066][ T399] do_sys_openat2+0x185/0x7e0 [ 47.032741][ T399] ? _raw_spin_unlock_irq+0x4d/0x70 [ 47.038365][ T399] ? ptrace_notify+0x1d1/0x250 [ 47.043203][ T399] ? do_sys_open+0xe0/0xe0 [ 47.047609][ T399] ? __cfi_ptrace_notify+0x10/0x10 [ 47.052871][ T399] ? xfd_validate_state+0x70/0x150 [ 47.058010][ T399] __x64_sys_openat+0x136/0x160 [ 47.062854][ T399] x64_sys_call+0x783/0x9a0 [ 47.067346][ T399] do_syscall_64+0x4c/0xa0 [ 47.071859][ T399] ? clear_bhb_loop+0x15/0x70 [ 47.076899][ T399] ? clear_bhb_loop+0x15/0x70 [ 47.081565][ T399] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.087451][ T399] RIP: 0033:0x7f70b9100b89 [ 47.091936][ T399] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.113019][ T399] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 47.121691][ T399] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 47.129652][ T399] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 47.137611][ T399] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 47.145577][ T399] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 47.153530][ T399] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 47.161487][ T399] [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=28, si_stime=44} --- [pid 295] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 47.165371][ T398] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 47.177045][ T398] CPU: 1 PID: 398 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 47.188787][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.198871][ T398] Call Trace: [ 47.202238][ T398] [ 47.205164][ T398] __dump_stack+0x21/0x24 [ 47.209596][ T398] dump_stack_lvl+0xee/0x150 [ 47.214187][ T398] ? __cfi_dump_stack_lvl+0x8/0x8 [ 47.219210][ T398] ? kmem_cache_alloc+0xbb/0x330 [ 47.224158][ T398] ? __kasan_check_write+0x14/0x20 [ 47.229282][ T398] dump_stack+0x15/0x24 [ 47.233437][ T398] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 47.238984][ T398] f2fs_is_valid_blkaddr+0x23/0x30 [ 47.244089][ T398] sanity_check_extent_cache+0x1c5/0x480 [ 47.249725][ T398] f2fs_iget+0x3312/0x4cb0 [ 47.254150][ T398] f2fs_lookup+0x366/0xab0 [ 47.258567][ T398] ? __cfi_f2fs_lookup+0x10/0x10 [ 47.263511][ T398] ? __cfi_d_alloc_parallel+0x10/0x10 [ 47.268887][ T398] ? __cfi_f2fs_lookup+0x10/0x10 [ 47.273830][ T398] path_openat+0xff3/0x2f50 [ 47.278354][ T398] ? do_filp_open+0x3c0/0x3c0 [ 47.283029][ T398] do_filp_open+0x1c1/0x3c0 [ 47.287527][ T398] ? __cfi_do_filp_open+0x10/0x10 [ 47.292665][ T398] ? alloc_fd+0x4e6/0x590 [ 47.297005][ T398] do_sys_openat2+0x185/0x7e0 [ 47.301686][ T398] ? _raw_spin_unlock_irq+0x4d/0x70 [ 47.306898][ T398] ? ptrace_notify+0x1d1/0x250 [ 47.311683][ T398] ? do_sys_open+0xe0/0xe0 [ 47.316098][ T398] ? __cfi_ptrace_notify+0x10/0x10 [ 47.321209][ T398] ? xfd_validate_state+0x70/0x150 [ 47.326325][ T398] __x64_sys_openat+0x136/0x160 [ 47.331176][ T398] x64_sys_call+0x783/0x9a0 [ 47.335686][ T398] do_syscall_64+0x4c/0xa0 [ 47.340106][ T398] ? clear_bhb_loop+0x15/0x70 [ 47.344775][ T398] ? clear_bhb_loop+0x15/0x70 [ 47.349451][ T398] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 47.355351][ T398] RIP: 0033:0x7f70b9100b89 [ 47.359783][ T398] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.379661][ T398] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 47.388079][ T398] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [ 47.396054][ T398] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 47.404029][ T398] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 47.412100][ T398] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 398] <... openat resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=30, si_stime=62} --- [pid 291] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 291] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 47.420082][ T398] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 47.428071][ T398] [ 47.434111][ T398] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 400] <... openat resumed>) = ? [pid 400] +++ exited with 0 +++ [pid 371] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=29, si_stime=65} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [ 47.557289][ T400] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] <... write resumed>) = 67108864 [pid 401] munmap(0x7f70b0c9d000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3 [pid 399] <... openat resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 373] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=34, si_stime=37} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 401] <... ioctl resumed>) = 0 [pid 401] close(3) = 0 [pid 401] close(4) = 0 [pid 401] mkdir("./file0", 0777) = 0 [ 47.641245][ T399] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 47.675946][ T401] loop1: detected capacity change from 0 to 131072 [pid 401] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./2/file0") = 0 [pid 295] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./2/binderfs") = 0 [pid 295] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./2") = 0 [pid 295] mkdir("./3", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 402 [ 47.695947][ T401] F2FS-fs (loop1): invalid crc value ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x55557e3516a0, 24) = 0 [pid 402] chdir("./3") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 402] write(1, "executing program\n", 18executing program ) = 18 [pid 402] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 402] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[405]}, 88) = 405 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 291] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7f70b90bd9a0, 24 [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 405] <... set_robust_list resumed>) = 0 [pid 291] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 405] rt_sigprocmask(SIG_SETMASK, [], [pid 291] newfstatat(AT_FDCWD, "./2/file0", [pid 405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 405] memfd_create("syzkaller", 0 [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 405] <... memfd_create resumed>) = 3 [pid 291] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 291] newfstatat(4, "", [pid 405] <... mmap resumed>) = 0x7f70b0c9d000 [pid 291] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./2/file0") = 0 [pid 291] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./2/binderfs") = 0 [pid 291] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./2") = 0 [pid 291] mkdir("./3", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x55557e3516a0, 24) = 0 [pid 407] chdir("./3") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] write(1, "executing program\n", 18executing program ) = 18 [pid 407] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 407] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[408]}, 88) = 408 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 47.754211][ T401] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 401] <... mount resumed>) = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("./file0") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = 1 [pid 401] truncate("./file3", 7326 [ 47.841443][ T401] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 47.871202][ T401] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 47.877958][ T401] CPU: 0 PID: 401 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 397] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 397] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b907c000 [pid 397] mprotect(0x7f70b907d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b909c990, parent_tid=0x7f70b909c990, exit_signal=0, stack=0x7f70b907c000, stack_size=0x20300, tls=0x7f70b909c6c0} => {parent_tid=[410]}, 88) = 410 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f70b91996b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f70b91996bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7f70b909c9a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 47.889598][ T401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.899658][ T401] Call Trace: [ 47.902939][ T401] [ 47.905872][ T401] __dump_stack+0x21/0x24 [ 47.910219][ T401] dump_stack_lvl+0xee/0x150 [ 47.914819][ T401] ? __cfi_dump_stack_lvl+0x8/0x8 [ 47.919858][ T401] ? __kasan_check_write+0x14/0x20 [ 47.924986][ T401] dump_stack+0x15/0x24 [ 47.929245][ T401] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 47.934805][ T401] f2fs_is_valid_blkaddr+0x23/0x30 [pid 410] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 47.940019][ T401] sanity_check_extent_cache+0x1c5/0x480 [ 47.945668][ T401] f2fs_iget+0x3312/0x4cb0 [ 47.950114][ T401] f2fs_lookup+0x366/0xab0 [ 47.954539][ T401] ? __cfi_f2fs_lookup+0x10/0x10 [ 47.959474][ T401] ? __cfi_d_alloc_parallel+0x10/0x10 [ 47.964860][ T401] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 47.970585][ T401] ? downgrade_write+0x350/0x350 [ 47.975537][ T401] __lookup_slow+0x2c7/0x3f0 [ 47.980142][ T401] ? lookup_one_len+0x2d0/0x2d0 [ 47.985043][ T401] ? down_read+0xa0/0xf0 [ 47.989277][ T401] lookup_slow+0x57/0x70 [ 47.993510][ T401] walk_component+0x2f4/0x420 [ 47.998257][ T401] path_lookupat+0x180/0x490 [ 48.002920][ T401] filename_lookup+0x1f0/0x500 [ 48.007683][ T401] ? __cfi_filename_lookup+0x10/0x10 [ 48.012995][ T401] ? strncpy_from_user+0x17a/0x2d0 [ 48.018115][ T401] user_path_at_empty+0x47/0x1c0 [ 48.023051][ T401] do_sys_truncate+0xa3/0x190 [ 48.027751][ T401] ? __cfi_do_sys_truncate+0x10/0x10 [ 48.033023][ T401] ? fpregs_restore_userregs+0x128/0x260 [ 48.038646][ T401] __x64_sys_truncate+0x5b/0x70 [ 48.043484][ T401] x64_sys_call+0x679/0x9a0 [ 48.047985][ T401] do_syscall_64+0x4c/0xa0 [ 48.052411][ T401] ? clear_bhb_loop+0x15/0x70 [ 48.057093][ T401] ? clear_bhb_loop+0x15/0x70 [ 48.061769][ T401] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 48.067655][ T401] RIP: 0033:0x7f70b9100b89 [ 48.072145][ T401] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.091736][ T401] RSP: 002b:00007f70b90bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 48.100136][ T401] RAX: ffffffffffffffda RBX: 00007f70b91996a8 RCX: 00007f70b9100b89 [ 48.108101][ T401] RDX: 00007f70b9100b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 48.116073][ T401] RBP: 00007f70b91996a0 R08: 0000000000000000 R09: 0000000000000000 [ 48.124035][ T401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 48.132029][ T401] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./2/file0") = 0 [pid 294] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./2/binderfs") = 0 [pid 294] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./2") = 0 [pid 294] mkdir("./3", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x55557e3516a0, 24) = 0 [pid 411] chdir("./3") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [ 48.140011][ T401] [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18executing program ) = 18 [pid 411] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 411] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[412]}, 88) = 412 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] memfd_create("syzkaller", 0) = 3 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [pid 401] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 401] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.189793][ T401] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 48.205989][ T410] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 48.214158][ T410] CPU: 1 PID: 410 Comm: syz-executor213 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 48.225820][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 48.235887][ T410] Call Trace: [ 48.239161][ T410] [ 48.242081][ T410] __dump_stack+0x21/0x24 [ 48.246416][ T410] dump_stack_lvl+0xee/0x150 [ 48.251008][ T410] ? __cfi_dump_stack_lvl+0x8/0x8 [ 48.256034][ T410] ? mutex_unlock+0x89/0x220 [ 48.260623][ T410] ? __kasan_check_write+0x14/0x20 [ 48.265744][ T410] dump_stack+0x15/0x24 [ 48.269910][ T410] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 48.275459][ T410] f2fs_is_valid_blkaddr+0x23/0x30 [ 48.280578][ T410] sanity_check_extent_cache+0x1c5/0x480 [ 48.286224][ T410] f2fs_iget+0x3312/0x4cb0 [ 48.290655][ T410] f2fs_lookup+0x366/0xab0 [ 48.295073][ T410] ? __cfi_f2fs_lookup+0x10/0x10 [ 48.300017][ T410] ? __cfi_d_alloc_parallel+0x10/0x10 [ 48.305408][ T410] ? __cfi_f2fs_lookup+0x10/0x10 [ 48.310349][ T410] path_openat+0xff3/0x2f50 [ 48.314863][ T410] ? do_filp_open+0x3c0/0x3c0 [ 48.319546][ T410] do_filp_open+0x1c1/0x3c0 [ 48.324067][ T410] ? __cfi_do_filp_open+0x10/0x10 [ 48.329098][ T410] ? alloc_fd+0x4e6/0x590 [ 48.333525][ T410] do_sys_openat2+0x185/0x7e0 [ 48.338206][ T410] ? _raw_spin_unlock_irq+0x4d/0x70 [ 48.343409][ T410] ? ptrace_notify+0x1d1/0x250 [ 48.348180][ T410] ? do_sys_open+0xe0/0xe0 [ 48.352598][ T410] ? __cfi_ptrace_notify+0x10/0x10 [ 48.357824][ T410] ? xfd_validate_state+0x70/0x150 [ 48.362948][ T410] __x64_sys_openat+0x136/0x160 [ 48.367805][ T410] x64_sys_call+0x783/0x9a0 [ 48.372317][ T410] do_syscall_64+0x4c/0xa0 [ 48.376832][ T410] ? clear_bhb_loop+0x15/0x70 [ 48.381509][ T410] ? clear_bhb_loop+0x15/0x70 [ 48.386196][ T410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 48.392090][ T410] RIP: 0033:0x7f70b9100b89 [ 48.396515][ T410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.416304][ T410] RSP: 002b:00007f70b909c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 48.425241][ T410] RAX: ffffffffffffffda RBX: 00007f70b91996b8 RCX: 00007f70b9100b89 [pid 401] futex(0x7f70b91996a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] <... umount2 resumed>) = 0 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./2/file0") = 0 [pid 293] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./2/binderfs") = 0 [pid 293] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./2") = 0 [pid 293] mkdir("./3", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x55557e3516a0, 24) = 0 [pid 413] chdir("./3") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 413] setpgid(0, 0 [pid 410] futex(0x7f70b91996bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] exit_group(0 [pid 413] <... setpgid resumed>) = 0 [pid 410] <... futex resumed>) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 401] <... futex resumed>) = ? [pid 397] <... exit_group resumed>) = ? [pid 413] <... openat resumed>) = 3 [pid 401] +++ exited with 0 +++ [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] write(1, "executing program\n", 18executing program ) = 18 [pid 413] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 413] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[414]}, 88) = 414 [pid 410] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=32, si_stime=33} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x55557e352730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000 [ 48.433223][ T410] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 48.441305][ T410] RBP: 00007f70b91996b0 R08: 00007fff3bc01ee7 R09: 0000000000000000 [ 48.449291][ T410] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 48.457275][ T410] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 48.465256][ T410] [ 48.474056][ T410] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x55557e35a770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x55557e35a770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./2/file0") = 0 [pid 292] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./2/binderfs") = 0 [pid 292] getdents64(3, 0x55557e352730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./2") = 0 [pid 292] mkdir("./3", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557e351690) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x55557e3516a0, 24) = 0 [pid 415] chdir("./3") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 415] write(1, "executing program\n", 18) = 18 [pid 415] futex(0x7f70b91996ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] rt_sigaction(SIGRT_1, {sa_handler=0x7f70b9126fa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f70b9118150}, NULL, 8) = 0 [pid 415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f70b909d000 [pid 415] mprotect(0x7f70b909e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f70b90bd990, parent_tid=0x7f70b90bd990, exit_signal=0, stack=0x7f70b909d000, stack_size=0x20300, tls=0x7f70b90bd6c0} => {parent_tid=[416]}, 88) = 416 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] futex(0x7f70b91996a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f70b91996ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x7f70b90bd9a0, 24) = 0 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] memfd_create("syzkaller", 0) = 3 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f70b0c9d000