./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4121664553 <...> Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. execve("./syz-executor4121664553", ["./syz-executor4121664553"], 0x7ffdf7451770 /* 10 vars */) = 0 brk(NULL) = 0x55558013f000 brk(0x55558013fd40) = 0x55558013fd40 arch_prctl(ARCH_SET_FS, 0x55558013f3c0) = 0 set_tid_address(0x55558013f690) = 290 set_robust_list(0x55558013f6a0, 24) = 0 rseq(0x55558013fce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4121664553", 4096) = 28 getrandom("\x54\xa6\xc4\x3e\xd2\x45\x5b\x95", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558013fd40 brk(0x555580160d40) = 0x555580160d40 brk(0x555580161000) = 0x555580161000 mprotect(0x7fced3249000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 291 attached , child_tidptr=0x55558013f690) = 291 [pid 291] set_robust_list(0x55558013f6a0, 24) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] mkdir("./syzkaller.qtbDXv", 0700./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x55558013f6a0, 24) = 0 [pid 290] <... clone resumed>, child_tidptr=0x55558013f690) = 292 [pid 292] getrandom("\xb1\xa1\x05\x63\xf5\x68\x50\x85", 8, GRND_NONBLOCK) = 8 [pid 292] mkdir("./syzkaller.Bn2ltE", 0700 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... mkdir resumed>) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 291] chmod("./syzkaller.qtbDXv", 0777./strace-static-x86_64: Process 293 attached [pid 292] chmod("./syzkaller.Bn2ltE", 0777 [pid 290] <... clone resumed>, child_tidptr=0x55558013f690) = 293 [pid 293] set_robust_list(0x55558013f6a0, 24 [pid 292] <... chmod resumed>) = 0 [pid 291] <... chmod resumed>) = 0 [pid 292] chdir("./syzkaller.Bn2ltE" [pid 291] chdir("./syzkaller.qtbDXv" [pid 292] <... chdir resumed>) = 0 [pid 291] <... chdir resumed>) = 0 [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... set_robust_list resumed>) = 0 [pid 292] mkdir("./0", 0777 [pid 291] mkdir("./0", 0777 [pid 292] <... mkdir resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 294 attached [pid 293] mkdir("./syzkaller.qqMGJj", 0700 [pid 292] <... openat resumed>) = 3 [pid 291] <... mkdir resumed>) = 0 [pid 290] <... clone resumed>, child_tidptr=0x55558013f690) = 294 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 291] <... openat resumed>) = 3 [pid 291] ioctl(3, LOOP_CLR_FD [pid 290] <... clone resumed>, child_tidptr=0x55558013f690) = 295 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 296 [pid 294] set_robust_list(0x55558013f6a0, 24) = 0 [pid 294] mkdir("./syzkaller.S0SL29", 0700 [pid 293] <... mkdir resumed>) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 294] chmod("./syzkaller.S0SL29", 0777) = 0 [pid 293] chmod("./syzkaller.qqMGJj", 0777) = 0 [pid 294] chdir("./syzkaller.S0SL29" [pid 293] chdir("./syzkaller.qqMGJj") = 0 [pid 293] mkdir("./0", 0777 [pid 294] <... chdir resumed>) = 0 [pid 294] mkdir("./0", 0777 [pid 293] <... mkdir resumed>) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 28.050433][ T28] audit: type=1400 audit(1750203537.849:64): avc: denied { execmem } for pid=290 comm="syz-executor412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 293] close(3 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 293] <... close resumed>) = 0 [pid 294] <... openat resumed>) = 3 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... clone resumed>, child_tidptr=0x55558013f690) = 299 [pid 294] <... clone resumed>, child_tidptr=0x55558013f690) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55558013f6a0, 24./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached [pid 292] ioctl(3, LOOP_CLR_FD [pid 299] set_robust_list(0x55558013f6a0, 24 [pid 296] set_robust_list(0x55558013f6a0, 24 [pid 295] set_robust_list(0x55558013f6a0, 24 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 292] close(3 [pid 296] chdir("./0" [pid 292] <... close resumed>) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... chdir resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] mkdir("./syzkaller.YaEYm6", 0700 [pid 299] chdir("./0" [pid 296] <... prctl resumed>) = 0 [pid 292] <... clone resumed>, child_tidptr=0x55558013f690) = 301 [pid 296] setpgid(0, 0) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] <... chdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] chmod("./syzkaller.YaEYm6", 0777 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... openat resumed>) = 3 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... chmod resumed>) = 0 [pid 296] write(3, "1000", 4 [pid 300] <... prctl resumed>) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 ./strace-static-x86_64: Process 301 attached [pid 299] <... prctl resumed>) = 0 [pid 296] <... write resumed>) = 4 [pid 295] chdir("./syzkaller.YaEYm6" [pid 299] setpgid(0, 0 [pid 296] close(3 [pid 299] <... setpgid resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 301] set_robust_list(0x55558013f6a0, 24 [pid 296] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 295] mkdir("./0", 0777 [pid 301] <... set_robust_list resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] <... symlink resumed>) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs"executing program [pid 295] <... mkdir resumed>) = 0 [pid 296] write(1, "executing program\n", 18 [pid 299] write(3, "1000", 4 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] chdir("./0" [pid 299] <... write resumed>) = 4 [pid 296] <... write resumed>) = 18 [pid 299] close(3 [pid 295] <... openat resumed>) = 3 [pid 301] <... chdir resumed>) = 0 [pid 296] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 300] <... symlink resumed>) = 0 [pid 299] <... close resumed>) = 0 executing program [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 300] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[303]}, 88) = 303 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 301] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[304]}, 88) = 304 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 296] <... futex resumed>) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] symlink("/dev/binderfs", "./binderfs" [pid 296] <... mmap resumed>) = 0x7fced3153000 [pid 296] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE [pid 295] close(3 [pid 296] <... mprotect resumed>) = 0 [pid 299] <... symlink resumed>) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... close resumed>) = 0 [pid 296] <... rt_sigprocmask resumed>[], 8) = 0 [ 28.084304][ T28] audit: type=1400 audit(1750203537.879:65): avc: denied { read write } for pid=292 comm="syz-executor412" name="loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.117793][ T28] audit: type=1400 audit(1750203537.879:66): avc: denied { open } for pid=292 comm="syz-executor412" path="/dev/loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0}./strace-static-x86_64: Process 304 attached ./strace-static-x86_64: Process 303 attached [pid 299] write(1, "executing program\n", 18 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone3 resumed> => {parent_tid=[305]}, 88) = 305 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fced31739a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 executing program [pid 304] set_robust_list(0x7fced31739a0, 24 [pid 303] set_robust_list(0x7fced31739a0, 24 [pid 299] <... write resumed>) = 18 [pid 303] <... set_robust_list resumed>) = 0 [pid 304] <... set_robust_list resumed>) = 0 [pid 299] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... futex resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x55558013f690) = 306 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, [pid 304] memfd_create("syzkaller", 0 [pid 303] memfd_create("syzkaller", 0 [pid 299] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] <... memfd_create resumed>) = 3 [pid 299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] <... memfd_create resumed>) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 306 attached [pid 303] <... mmap resumed>) = 0x7fcecad53000 [pid 299] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE [pid 304] <... mmap resumed>) = 0x7fcecad53000 [pid 299] <... mprotect resumed>) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[307]}, 88) = 307 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7fced31739a0, 24) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] set_robust_list(0x55558013f6a0, 24) = 0 [pid 306] chdir("./0") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] memfd_create("syzkaller", 0) = 3 [pid 306] <... prctl resumed>) = 0 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [pid 306] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 306] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[308]}, 88) = 308 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7fced31739a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 306] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [ 28.142822][ T28] audit: type=1400 audit(1750203537.889:67): avc: denied { ioctl } for pid=291 comm="syz-executor412" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 304] <... write resumed>) = 67108864 [pid 304] munmap(0x7fcecad53000, 138412032) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 305] <... write resumed>) = 67108864 [pid 305] munmap(0x7fcecad53000, 138412032) = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_SET_FD, 3 [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] close(4) = 0 [pid 304] mkdir("./file0", 0777) = 0 [ 29.391925][ T304] loop1: detected capacity change from 0 to 131072 [ 29.411124][ T305] loop0: detected capacity change from 0 to 131072 [ 29.415356][ T304] ======================================================= [ 29.415356][ T304] WARNING: The mand mount option has been deprecated and [ 29.415356][ T304] and is ignored by this kernel. Remove the mand [pid 304] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 305] <... ioctl resumed>) = 0 [pid 305] close(3) = 0 [pid 305] close(4) = 0 [pid 305] mkdir("./file0", 0777) = 0 [ 29.415356][ T304] option from the mount to silence this warning. [ 29.415356][ T304] ======================================================= [ 29.418082][ T28] audit: type=1400 audit(1750203539.219:68): avc: denied { mounton } for pid=301 comm="syz-executor412" path="/root/syzkaller.Bn2ltE/0/file0" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 305] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 308] <... write resumed>) = 67108864 [ 29.490264][ T305] F2FS-fs (loop0): invalid crc value [pid 303] <... write resumed>) = 67108864 [pid 303] munmap(0x7fcecad53000, 138412032 [pid 308] munmap(0x7fcecad53000, 138412032) = 0 [pid 303] <... munmap resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3 [pid 308] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 303] <... ioctl resumed>) = 0 [pid 308] ioctl(4, LOOP_SET_FD, 3 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 308] <... ioctl resumed>) = 0 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file0", 0777) = 0 [ 29.520161][ T305] F2FS-fs (loop0): Found nat_bits in checkpoint [ 29.537597][ T303] loop3: detected capacity change from 0 to 131072 [ 29.551348][ T308] loop4: detected capacity change from 0 to 131072 [ 29.556404][ T303] F2FS-fs (loop3): invalid crc value [ 29.575097][ T308] F2FS-fs (loop4): invalid crc value [ 29.585237][ T305] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.595794][ T308] F2FS-fs (loop4): Found nat_bits in checkpoint [ 29.604123][ T303] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 308] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file0") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [pid 305] close(4) = 0 [pid 305] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] truncate("./file3", 7326 [pid 307] <... write resumed>) = 67108864 [ 29.605222][ T28] audit: type=1400 audit(1750203539.399:69): avc: denied { mount } for pid=296 comm="syz-executor412" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 29.614786][ T304] F2FS-fs (loop1): invalid crc value [ 29.645178][ T305] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 29.665000][ T305] CPU: 1 PID: 305 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 29.675202][ T305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 29.682818][ T303] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 29.685274][ T305] Call Trace: [ 29.685282][ T305] [ 29.685288][ T305] __dump_stack+0x21/0x24 [ 29.703391][ T305] dump_stack_lvl+0xee/0x150 [ 29.708014][ T305] ? __cfi_dump_stack_lvl+0x8/0x8 [ 29.712637][ T307] loop2: detected capacity change from 0 to 131072 [ 29.713061][ T305] ? __kasan_check_write+0x14/0x20 [ 29.723544][ T303] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 29.724659][ T305] dump_stack+0x15/0x24 [ 29.735507][ T305] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 29.741173][ T305] f2fs_is_valid_blkaddr+0x23/0x30 [ 29.746314][ T305] sanity_check_extent_cache+0x1c5/0x480 [ 29.751979][ T305] f2fs_iget+0x3312/0x4cb0 [ 29.756434][ T305] f2fs_lookup+0x366/0xab0 [ 29.760879][ T305] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 29.765204][ T307] F2FS-fs (loop2): invalid crc value [pid 307] munmap(0x7fcecad53000, 138412032) = 0 [pid 303] <... mount resumed>) = 0 [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... openat resumed>) = 4 [pid 303] <... openat resumed>) = 3 [pid 296] <... futex resumed>) = 0 [pid 307] ioctl(4, LOOP_SET_FD, 3 [pid 303] chdir("./file0" [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] <... chdir resumed>) = 0 [pid 296] <... mmap resumed>) = 0x7fced3132000 [pid 303] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE [pid 303] <... openat resumed>) = 4 [pid 296] <... mprotect resumed>) = 0 [pid 303] ioctl(4, LOOP_CLR_FD [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] <... ioctl resumed>) = 0 [pid 296] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] close(4 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} [pid 303] <... close resumed>) = 0 [pid 303] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone3 resumed> => {parent_tid=[323]}, 88) = 323 [pid 303] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 296] rt_sigprocmask(SIG_SETMASK, [], [pid 303] truncate("./file3", 7326 [pid 300] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... futex resumed>) = 0 [pid 296] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... ioctl resumed>) = 0 [pid 307] close(3) = 0 [pid 307] close(4) = 0 [pid 307] mkdir("./file0", 0777) = 0 [pid 307] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 296] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 300] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[324]}, 88) = 324 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x7fced31529a0, 24) = 0 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 29.766353][ T305] ? __cfi_f2fs_lookup+0x10/0x10 [ 29.776655][ T305] ? __cfi_d_alloc_parallel+0x10/0x10 [ 29.782060][ T305] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 29.787807][ T305] ? downgrade_write+0x350/0x350 [ 29.792772][ T305] __lookup_slow+0x2c7/0x3f0 [ 29.797588][ T305] ? lookup_one_len+0x2d0/0x2d0 [ 29.802454][ T305] ? down_read+0xa0/0xf0 [ 29.806700][ T305] lookup_slow+0x57/0x70 [ 29.810941][ T305] walk_component+0x2f4/0x420 [ 29.815628][ T305] path_lookupat+0x180/0x490 [ 29.820228][ T305] filename_lookup+0x1f0/0x500 [pid 324] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 29.825185][ T305] ? __cfi_filename_lookup+0x10/0x10 [ 29.830478][ T305] ? strncpy_from_user+0x17a/0x2d0 [ 29.835605][ T305] user_path_at_empty+0x47/0x1c0 [ 29.840554][ T305] do_sys_truncate+0xa3/0x190 [ 29.845241][ T305] ? __cfi_do_sys_truncate+0x10/0x10 [ 29.850534][ T305] ? fpregs_restore_userregs+0x128/0x260 [ 29.856171][ T305] __x64_sys_truncate+0x5b/0x70 [ 29.861032][ T305] x64_sys_call+0x679/0x9a0 [ 29.865552][ T305] do_syscall_64+0x4c/0xa0 [ 29.869980][ T305] ? clear_bhb_loop+0x15/0x70 [pid 308] <... mount resumed>) = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file0") = 0 [pid 308] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] exit_group(0) = ? [ 29.874657][ T305] ? clear_bhb_loop+0x15/0x70 [ 29.879172][ T308] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 29.879333][ T305] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 29.892667][ T305] RIP: 0033:0x7fced31b6b89 [ 29.897105][ T305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 29.916733][ T305] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 308] truncate("./file3", 7326 [ 29.925175][ T305] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 29.933161][ T305] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 29.941143][ T305] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 29.949116][ T305] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 29.957093][ T305] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 29.965075][ T305] [ 29.966001][ T308] F2FS-fs (loop4): access invalid blkaddr:2147563524 [pid 306] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] +++ exited with 0 +++ [ 29.968250][ T305] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 29.988777][ T308] CPU: 0 PID: 308 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 29.999043][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.009097][ T308] Call Trace: [ 30.012377][ T308] [ 30.015352][ T308] __dump_stack+0x21/0x24 [ 30.019716][ T308] dump_stack_lvl+0xee/0x150 [ 30.024307][ T308] ? __cfi_dump_stack_lvl+0x8/0x8 [ 30.029335][ T308] ? __kasan_check_write+0x14/0x20 [ 30.034631][ T308] dump_stack+0x15/0x24 [ 30.035792][ T307] F2FS-fs (loop2): Found nat_bits in checkpoint [ 30.038791][ T308] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 30.050590][ T308] f2fs_is_valid_blkaddr+0x23/0x30 [ 30.055710][ T308] sanity_check_extent_cache+0x1c5/0x480 [ 30.061353][ T308] f2fs_iget+0x3312/0x4cb0 [ 30.065792][ T308] f2fs_lookup+0x366/0xab0 [ 30.070213][ T308] ? __cfi_f2fs_lookup+0x10/0x10 [ 30.075143][ T308] ? __cfi_d_alloc_parallel+0x10/0x10 [ 30.080515][ T308] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 30.086232][ T308] ? downgrade_write+0x350/0x350 [ 30.091174][ T308] __lookup_slow+0x2c7/0x3f0 [ 30.096027][ T308] ? lookup_one_len+0x2d0/0x2d0 [ 30.100907][ T308] ? down_read+0xa0/0xf0 [ 30.105148][ T308] lookup_slow+0x57/0x70 [ 30.109401][ T308] walk_component+0x2f4/0x420 [ 30.114341][ T308] path_lookupat+0x180/0x490 [ 30.118934][ T308] filename_lookup+0x1f0/0x500 [ 30.123710][ T308] ? __cfi_filename_lookup+0x10/0x10 [ 30.129012][ T308] ? strncpy_from_user+0x17a/0x2d0 [ 30.134129][ T308] user_path_at_empty+0x47/0x1c0 [ 30.139072][ T308] do_sys_truncate+0xa3/0x190 [ 30.143750][ T308] ? __cfi_do_sys_truncate+0x10/0x10 [ 30.149037][ T308] ? fpregs_restore_userregs+0x128/0x260 [ 30.154856][ T308] __x64_sys_truncate+0x5b/0x70 [ 30.159914][ T308] x64_sys_call+0x679/0x9a0 [ 30.164432][ T308] do_syscall_64+0x4c/0xa0 [ 30.168855][ T308] ? clear_bhb_loop+0x15/0x70 [ 30.173533][ T308] ? clear_bhb_loop+0x15/0x70 [ 30.178208][ T308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.184108][ T308] RIP: 0033:0x7fced31b6b89 [ 30.188529][ T308] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 30.208217][ T308] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 30.216626][ T308] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] <... truncate resumed>) = ? [pid 306] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 306] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[329]}, 88) = 329 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] exit_group(0) = ? [ 30.224602][ T308] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 30.232664][ T308] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 30.240655][ T308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 30.248642][ T308] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 30.256633][ T308] [ 30.260267][ T308] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 30.267866][ T303] CPU: 0 PID: 303 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 30.283467][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.290831][ T329] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 30.293537][ T303] Call Trace: [ 30.293544][ T303] [ 30.306499][ T303] __dump_stack+0x21/0x24 [ 30.310856][ T303] dump_stack_lvl+0xee/0x150 [ 30.315472][ T303] ? __cfi_dump_stack_lvl+0x8/0x8 [ 30.320509][ T303] ? __kasan_check_write+0x14/0x20 [ 30.325641][ T303] dump_stack+0x15/0x24 [ 30.329905][ T303] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 30.335456][ T303] f2fs_is_valid_blkaddr+0x23/0x30 [ 30.340569][ T303] sanity_check_extent_cache+0x1c5/0x480 [ 30.346208][ T303] f2fs_iget+0x3312/0x4cb0 [ 30.350649][ T303] f2fs_lookup+0x366/0xab0 [ 30.355064][ T303] ? __cfi_f2fs_lookup+0x10/0x10 [ 30.360011][ T303] ? __cfi_d_alloc_parallel+0x10/0x10 [ 30.365395][ T303] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 30.371123][ T303] ? downgrade_write+0x350/0x350 [ 30.376068][ T303] __lookup_slow+0x2c7/0x3f0 [ 30.380671][ T303] ? lookup_one_len+0x2d0/0x2d0 [ 30.385526][ T303] ? down_read+0xa0/0xf0 [ 30.389772][ T303] lookup_slow+0x57/0x70 [ 30.394100][ T303] walk_component+0x2f4/0x420 [ 30.398793][ T303] path_lookupat+0x180/0x490 [ 30.403455][ T303] filename_lookup+0x1f0/0x500 [ 30.408383][ T303] ? __cfi_filename_lookup+0x10/0x10 [ 30.413700][ T303] ? strncpy_from_user+0x17a/0x2d0 ./strace-static-x86_64: Process 329 attached [pid 308] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 305] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 308] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=23, si_stime=30} --- [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] set_robust_list(0x7fced31529a0, 24) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 291] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 30.415049][ T28] audit: type=1400 audit(1750203540.069:70): avc: denied { unmount } for pid=291 comm="syz-executor412" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.418828][ T303] user_path_at_empty+0x47/0x1c0 [ 30.439337][ T304] F2FS-fs (loop1): Found nat_bits in checkpoint [ 30.443476][ T303] do_sys_truncate+0xa3/0x190 [ 30.454404][ T303] ? __cfi_do_sys_truncate+0x10/0x10 [ 30.459824][ T303] ? fpregs_restore_userregs+0x128/0x260 [ 30.465485][ T303] __x64_sys_truncate+0x5b/0x70 [ 30.470628][ T303] x64_sys_call+0x679/0x9a0 [ 30.475233][ T303] do_syscall_64+0x4c/0xa0 [ 30.479664][ T303] ? clear_bhb_loop+0x15/0x70 [ 30.484349][ T303] ? clear_bhb_loop+0x15/0x70 [ 30.489028][ T303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.494955][ T303] RIP: 0033:0x7fced31b6b89 [ 30.499380][ T303] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 30.518997][ T303] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 30.527432][ T303] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 30.535415][ T303] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 30.543389][ T303] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 30.551366][ T303] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 30.559338][ T303] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 30.567318][ T303] [ 30.570379][ T329] CPU: 1 PID: 329 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 30.570751][ T303] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 30.580583][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.580602][ T329] Call Trace: [ 30.580608][ T329] [ 30.580614][ T329] __dump_stack+0x21/0x24 [ 30.594367][ T307] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 30.603593][ T329] dump_stack_lvl+0xee/0x150 [ 30.603628][ T329] ? __cfi_dump_stack_lvl+0x8/0x8 [ 30.626703][ T304] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 30.631467][ T329] ? __kasan_check_write+0x14/0x20 [ 30.644398][ T329] dump_stack+0x15/0x24 [ 30.645144][ T324] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 30.648592][ T329] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 30.660815][ T329] f2fs_is_valid_blkaddr+0x23/0x30 [ 30.662694][ T304] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 30.665953][ T329] sanity_check_extent_cache+0x1c5/0x480 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] <... mount resumed>) = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... mount resumed>) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file0") = 0 [pid 304] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] truncate("./file3", 7326 [pid 303] <... truncate resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 301] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[332]}, 88) = 332 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.665981][ T329] f2fs_iget+0x3312/0x4cb0 [ 30.666010][ T329] f2fs_lookup+0x366/0xab0 [ 30.687266][ T329] ? __cfi_f2fs_lookup+0x10/0x10 [ 30.692315][ T329] ? __cfi_d_alloc_parallel+0x10/0x10 [ 30.697709][ T329] ? __cfi_f2fs_lookup+0x10/0x10 [ 30.702660][ T329] path_openat+0xff3/0x2f50 [ 30.707191][ T329] ? do_filp_open+0x3c0/0x3c0 [ 30.711891][ T329] do_filp_open+0x1c1/0x3c0 [ 30.716397][ T329] ? __cfi_do_filp_open+0x10/0x10 [ 30.721429][ T329] ? alloc_fd+0x4e6/0x590 [pid 301] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 1 [pid 307] truncate("./file3", 7326 [pid 299] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] exit_group(0) = ? [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 299] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[333]}, 88) = 333 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.725837][ T329] do_sys_openat2+0x185/0x7e0 [ 30.726497][ T307] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 30.730536][ T329] ? _raw_spin_unlock_irq+0x4d/0x70 [ 30.743070][ T329] ? ptrace_notify+0x1d1/0x250 [ 30.747856][ T329] ? do_sys_open+0xe0/0xe0 [ 30.752283][ T329] ? __cfi_ptrace_notify+0x10/0x10 [ 30.757399][ T329] ? xfd_validate_state+0x70/0x150 [ 30.762520][ T329] __x64_sys_openat+0x136/0x160 [ 30.767379][ T329] x64_sys_call+0x783/0x9a0 [ 30.771976][ T329] do_syscall_64+0x4c/0xa0 [pid 299] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 30.776850][ T329] ? clear_bhb_loop+0x15/0x70 [ 30.781726][ T329] ? clear_bhb_loop+0x15/0x70 [ 30.786422][ T329] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.792324][ T329] RIP: 0033:0x7fced31b6b89 [ 30.796740][ T329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 30.816434][ T329] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [pid 301] exit_group(0) = ? [ 30.824855][ T329] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 30.833092][ T329] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 30.841075][ T329] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 30.849053][ T329] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 30.857066][ T329] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 30.865048][ T329] [ 30.868071][ T307] CPU: 0 PID: 307 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 30.868224][ T329] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 30.878237][ T307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.878249][ T307] Call Trace: [ 30.878254][ T307] [ 30.878260][ T307] __dump_stack+0x21/0x24 [ 30.878289][ T307] dump_stack_lvl+0xee/0x150 [ 30.916450][ T307] ? __cfi_dump_stack_lvl+0x8/0x8 [ 30.921484][ T307] ? __kasan_check_write+0x14/0x20 [ 30.926601][ T307] dump_stack+0x15/0x24 [ 30.930796][ T307] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 30.936955][ T307] f2fs_is_valid_blkaddr+0x23/0x30 [ 30.942070][ T307] sanity_check_extent_cache+0x1c5/0x480 [ 30.947709][ T307] f2fs_iget+0x3312/0x4cb0 [ 30.952146][ T307] f2fs_lookup+0x366/0xab0 [ 30.956563][ T307] ? __cfi_f2fs_lookup+0x10/0x10 [ 30.961523][ T307] ? __cfi_d_alloc_parallel+0x10/0x10 [ 30.966901][ T307] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 30.972621][ T307] ? downgrade_write+0x350/0x350 [ 30.977580][ T307] __lookup_slow+0x2c7/0x3f0 [ 30.982174][ T307] ? lookup_one_len+0x2d0/0x2d0 [ 30.987031][ T307] ? down_read+0xa0/0xf0 [ 30.991372][ T307] lookup_slow+0x57/0x70 [ 30.995696][ T307] walk_component+0x2f4/0x420 [ 31.000723][ T307] path_lookupat+0x180/0x490 [ 31.005323][ T307] filename_lookup+0x1f0/0x500 [ 31.010090][ T307] ? __cfi_filename_lookup+0x10/0x10 [ 31.021631][ T307] ? strncpy_from_user+0x17a/0x2d0 [ 31.026751][ T307] user_path_at_empty+0x47/0x1c0 [ 31.031689][ T307] do_sys_truncate+0xa3/0x190 [ 31.036374][ T307] ? __cfi_do_sys_truncate+0x10/0x10 [ 31.041747][ T307] ? fpregs_restore_userregs+0x128/0x260 [ 31.047379][ T307] __x64_sys_truncate+0x5b/0x70 [ 31.052367][ T307] x64_sys_call+0x679/0x9a0 [ 31.056981][ T307] do_syscall_64+0x4c/0xa0 [ 31.061517][ T307] ? clear_bhb_loop+0x15/0x70 [ 31.066193][ T307] ? clear_bhb_loop+0x15/0x70 [ 31.071014][ T307] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.076937][ T307] RIP: 0033:0x7fced31b6b89 [ 31.081356][ T307] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.101050][ T307] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 31.109461][ T307] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 31.117434][ T307] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 ./strace-static-x86_64: Process 333 attached ./strace-static-x86_64: Process 332 attached [pid 329] <... openat resumed>) = ? [pid 308] <... futex resumed>) = ? [pid 308] +++ exited with 0 +++ [ 31.125403][ T307] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 31.133373][ T307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 31.141340][ T307] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 31.149309][ T307] [ 31.154599][ T324] CPU: 0 PID: 324 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 31.164793][ T324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.174860][ T324] Call Trace: [ 31.178141][ T324] [ 31.181067][ T324] __dump_stack+0x21/0x24 [ 31.185403][ T324] dump_stack_lvl+0xee/0x150 [ 31.189992][ T324] ? __cfi_dump_stack_lvl+0x8/0x8 [ 31.195018][ T324] ? __kasan_check_write+0x14/0x20 [ 31.200133][ T324] dump_stack+0x15/0x24 [ 31.204286][ T324] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 31.209839][ T324] f2fs_is_valid_blkaddr+0x23/0x30 [ 31.214946][ T324] sanity_check_extent_cache+0x1c5/0x480 [ 31.220577][ T324] f2fs_iget+0x3312/0x4cb0 [ 31.224999][ T324] f2fs_lookup+0x366/0xab0 [ 31.229414][ T324] ? __cfi_f2fs_lookup+0x10/0x10 [ 31.234343][ T324] ? __cfi_d_alloc_parallel+0x10/0x10 [ 31.239716][ T324] ? __cfi_f2fs_lookup+0x10/0x10 [ 31.244666][ T324] path_openat+0xff3/0x2f50 [ 31.249173][ T324] ? do_filp_open+0x3c0/0x3c0 [ 31.253851][ T324] do_filp_open+0x1c1/0x3c0 [ 31.258363][ T324] ? __cfi_do_filp_open+0x10/0x10 [ 31.263422][ T324] ? alloc_fd+0x4e6/0x590 [ 31.267755][ T324] do_sys_openat2+0x185/0x7e0 [ 31.272432][ T324] ? _raw_spin_unlock_irq+0x4d/0x70 [ 31.277641][ T324] ? ptrace_notify+0x1d1/0x250 [ 31.282405][ T324] ? do_sys_open+0xe0/0xe0 [ 31.286822][ T324] ? __cfi_ptrace_notify+0x10/0x10 [ 31.291968][ T324] ? xfd_validate_state+0x70/0x150 [ 31.297083][ T324] __x64_sys_openat+0x136/0x160 [ 31.301944][ T324] x64_sys_call+0x783/0x9a0 [ 31.306457][ T324] do_syscall_64+0x4c/0xa0 [ 31.310875][ T324] ? clear_bhb_loop+0x15/0x70 [ 31.315559][ T324] ? clear_bhb_loop+0x15/0x70 [ 31.320339][ T324] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.326237][ T324] RIP: 0033:0x7fced31b6b89 [ 31.330648][ T324] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.350604][ T324] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 31.359024][ T324] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 31.367017][ T324] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 31.375097][ T324] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [pid 333] set_robust_list(0x7fced31529a0, 24 [pid 332] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [ 31.383084][ T324] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 31.391055][ T324] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 31.399036][ T324] [ 31.402598][ T304] CPU: 1 PID: 304 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 31.412795][ T304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.422858][ T304] Call Trace: [ 31.426223][ T304] [ 31.429151][ T304] __dump_stack+0x21/0x24 [ 31.433490][ T304] dump_stack_lvl+0xee/0x150 [ 31.438083][ T304] ? __cfi_dump_stack_lvl+0x8/0x8 [ 31.443109][ T304] ? __kasan_check_write+0x14/0x20 [ 31.448319][ T304] dump_stack+0x15/0x24 [ 31.452474][ T304] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 31.458025][ T304] f2fs_is_valid_blkaddr+0x23/0x30 [ 31.463226][ T304] sanity_check_extent_cache+0x1c5/0x480 [ 31.468861][ T304] f2fs_iget+0x3312/0x4cb0 [ 31.473284][ T304] f2fs_lookup+0x366/0xab0 [ 31.477698][ T304] ? __cfi_f2fs_lookup+0x10/0x10 [ 31.482725][ T304] ? __cfi_d_alloc_parallel+0x10/0x10 [ 31.488111][ T304] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 31.493856][ T304] ? downgrade_write+0x350/0x350 [ 31.498818][ T304] __lookup_slow+0x2c7/0x3f0 [ 31.503422][ T304] ? lookup_one_len+0x2d0/0x2d0 [ 31.508275][ T304] ? down_read+0xa0/0xf0 [ 31.512516][ T304] lookup_slow+0x57/0x70 [ 31.516754][ T304] walk_component+0x2f4/0x420 [ 31.521436][ T304] path_lookupat+0x180/0x490 [ 31.526032][ T304] filename_lookup+0x1f0/0x500 [ 31.530803][ T304] ? __cfi_filename_lookup+0x10/0x10 [ 31.536702][ T304] ? strncpy_from_user+0x17a/0x2d0 [ 31.541821][ T304] user_path_at_empty+0x47/0x1c0 [ 31.546759][ T304] do_sys_truncate+0xa3/0x190 [ 31.551438][ T304] ? __cfi_do_sys_truncate+0x10/0x10 [ 31.556724][ T304] ? fpregs_restore_userregs+0x128/0x260 [ 31.562354][ T304] __x64_sys_truncate+0x5b/0x70 [ 31.567235][ T304] x64_sys_call+0x679/0x9a0 [ 31.571764][ T304] do_syscall_64+0x4c/0xa0 [ 31.576192][ T304] ? clear_bhb_loop+0x15/0x70 [ 31.580868][ T304] ? clear_bhb_loop+0x15/0x70 [ 31.585549][ T304] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.591449][ T304] RIP: 0033:0x7fced31b6b89 [ 31.595862][ T304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.615464][ T304] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 31.623876][ T304] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [pid 333] <... set_robust_list resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=24, si_stime=58} --- [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 31.631859][ T304] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 31.639832][ T304] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 31.647803][ T304] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 31.655957][ T304] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 31.663934][ T304] [ 31.667093][ T307] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 307] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 295] <... openat resumed>) = 3 [pid 307] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(3, "", [pid 307] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 307] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 31.681404][ T333] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 31.692004][ T333] CPU: 1 PID: 333 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 31.702198][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.712284][ T333] Call Trace: [ 31.715580][ T333] [ 31.718533][ T333] __dump_stack+0x21/0x24 [ 31.722910][ T333] dump_stack_lvl+0xee/0x150 [ 31.727531][ T333] ? __cfi_dump_stack_lvl+0x8/0x8 [ 31.732578][ T333] ? __kasan_check_write+0x14/0x20 [ 31.737718][ T333] dump_stack+0x15/0x24 [ 31.741989][ T333] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 31.747557][ T333] f2fs_is_valid_blkaddr+0x23/0x30 [ 31.752682][ T333] sanity_check_extent_cache+0x1c5/0x480 [ 31.758335][ T333] f2fs_iget+0x3312/0x4cb0 [ 31.762957][ T333] f2fs_lookup+0x366/0xab0 [ 31.767393][ T333] ? __cfi_f2fs_lookup+0x10/0x10 [ 31.772343][ T333] ? __cfi_d_alloc_parallel+0x10/0x10 [ 31.777741][ T333] ? __cfi_f2fs_lookup+0x10/0x10 [ 31.782694][ T333] path_openat+0xff3/0x2f50 [ 31.787311][ T333] ? do_filp_open+0x3c0/0x3c0 [ 31.792065][ T333] do_filp_open+0x1c1/0x3c0 [ 31.797456][ T333] ? __cfi_do_filp_open+0x10/0x10 [ 31.802508][ T333] ? alloc_fd+0x4e6/0x590 [ 31.804996][ T304] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 31.806865][ T333] do_sys_openat2+0x185/0x7e0 [ 31.824984][ T333] ? _raw_spin_unlock_irq+0x4d/0x70 [ 31.830208][ T333] ? ptrace_notify+0x1d1/0x250 [ 31.834997][ T333] ? do_sys_open+0xe0/0xe0 [ 31.836846][ T324] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 31.839433][ T333] ? __cfi_ptrace_notify+0x10/0x10 [ 31.857490][ T333] ? xfd_validate_state+0x70/0x150 [ 31.862635][ T333] __x64_sys_openat+0x136/0x160 [ 31.867484][ T333] x64_sys_call+0x783/0x9a0 [ 31.871985][ T333] do_syscall_64+0x4c/0xa0 [ 31.876405][ T333] ? clear_bhb_loop+0x15/0x70 [ 31.881081][ T333] ? clear_bhb_loop+0x15/0x70 [ 31.885757][ T333] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.891655][ T333] RIP: 0033:0x7fced31b6b89 [ 31.896068][ T333] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.916103][ T333] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 31.924517][ T333] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./0/file0") = 0 [pid 291] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./0/binderfs") = 0 [pid 291] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./0") = 0 [pid 304] <... truncate resumed>) = ? [pid 291] mkdir("./1", 0777) = 0 [pid 304] +++ exited with 0 +++ [pid 301] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=27, si_stime=45} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 334 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 324] <... openat resumed>) = ? [pid 324] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=23, si_stime=65} --- ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x55558013f6a0, 24) = 0 [pid 334] chdir("./1") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4executing program ) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs" [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 334] <... symlink resumed>) = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 334] <... mmap resumed>) = 0x7fced3153000 [pid 334] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[335]}, 88) = 335 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7fced31739a0, 24) = 0 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [ 31.932483][ T333] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 31.940454][ T333] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 31.948427][ T333] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 31.956396][ T333] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 31.964370][ T333] [pid 299] exit_group(0) = ? [pid 307] <... futex resumed>) = ? [pid 307] +++ exited with 0 +++ [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x55558013f6a0, 24) = 0 [pid 336] chdir("./1") = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 336] write(1, "executing program\n", 18) = 18 [pid 336] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 336] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[337]}, 88) = 337 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x7fced31739a0, 24) = 0 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] memfd_create("syzkaller", 0) = 3 [pid 292] <... umount2 resumed>) = 0 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./0/file0") = 0 [pid 292] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./0/binderfs") = 0 [pid 292] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./0") = 0 [pid 292] mkdir("./1", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x55558013f6a0, 24) = 0 [pid 338] chdir("./1") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 338] write(1, "executing program\n", 18) = 18 [pid 338] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 338] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[339]}, 88) = 339 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7fced31739a0, 24) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./0/file0") = 0 [pid 294] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./0/binderfs") = 0 [pid 294] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./0") = 0 [pid 294] mkdir("./1", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x55558013f6a0, 24) = 0 [pid 340] chdir("./1") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 340] write(1, "executing program\n", 18) = 18 [pid 340] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 340] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[341]}, 88) = 341 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7fced31739a0, 24) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 333] <... openat resumed>) = ? [pid 333] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=21, si_stime=44} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 32.574975][ T333] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 293] <... umount2 resumed>) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./0/file0") = 0 [pid 293] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./0/binderfs") = 0 [pid 293] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./0") = 0 [pid 293] mkdir("./1", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55558013f6a0, 24) = 0 [pid 342] chdir("./1") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 342] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[343]}, 88) = 343 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7fced31739a0, 24) = 0 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 335] <... write resumed>) = 67108864 [pid 335] munmap(0x7fcecad53000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("./file0", 0777) = 0 [ 33.195928][ T335] loop0: detected capacity change from 0 to 131072 [ 33.220927][ T335] F2FS-fs (loop0): invalid crc value [pid 335] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 337] <... write resumed>) = 67108864 [ 33.259763][ T335] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 337] munmap(0x7fcecad53000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 337] close(3) = 0 [pid 337] close(4) = 0 [pid 337] mkdir("./file0", 0777) = 0 [ 33.328489][ T337] loop4: detected capacity change from 0 to 131072 [ 33.364196][ T337] F2FS-fs (loop4): invalid crc value [pid 337] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 335] <... mount resumed>) = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 335] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] <... futex resumed>) = 0 [pid 335] truncate("./file3", 7326 [ 33.378293][ T335] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.409405][ T335] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 33.429419][ T335] CPU: 1 PID: 335 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 33.439690][ T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 33.449858][ T335] Call Trace: [ 33.453165][ T335] [ 33.456119][ T335] __dump_stack+0x21/0x24 [ 33.460480][ T335] dump_stack_lvl+0xee/0x150 [ 33.465107][ T335] ? __cfi_dump_stack_lvl+0x8/0x8 [ 33.470168][ T335] ? __kasan_check_write+0x14/0x20 [ 33.475324][ T335] dump_stack+0x15/0x24 [pid 334] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... write resumed>) = 67108864 [pid 339] munmap(0x7fcecad53000, 138412032) = 0 [pid 341] <... write resumed>) = 67108864 [pid 339] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3 [ 33.479524][ T335] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 33.485107][ T335] f2fs_is_valid_blkaddr+0x23/0x30 [ 33.490249][ T335] sanity_check_extent_cache+0x1c5/0x480 [ 33.495918][ T335] f2fs_iget+0x3312/0x4cb0 [ 33.500378][ T335] f2fs_lookup+0x366/0xab0 [ 33.504831][ T335] ? __cfi_f2fs_lookup+0x10/0x10 [ 33.509896][ T335] ? __cfi_d_alloc_parallel+0x10/0x10 [ 33.515300][ T335] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 33.516291][ T339] loop1: detected capacity change from 0 to 131072 [pid 341] munmap(0x7fcecad53000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 339] <... ioctl resumed>) = 0 [pid 339] close(3) = 0 [pid 339] close(4) = 0 [pid 339] mkdir("./file0", 0777) = 0 [ 33.521042][ T335] ? downgrade_write+0x350/0x350 [ 33.521075][ T335] __lookup_slow+0x2c7/0x3f0 [ 33.521104][ T335] ? lookup_one_len+0x2d0/0x2d0 [ 33.521129][ T335] ? down_read+0xa0/0xf0 [ 33.532095][ T341] loop3: detected capacity change from 0 to 131072 [ 33.532760][ T335] lookup_slow+0x57/0x70 [ 33.532784][ T335] walk_component+0x2f4/0x420 [ 33.532808][ T335] path_lookupat+0x180/0x490 [ 33.552714][ T341] F2FS-fs (loop3): invalid crc value [ 33.553073][ T335] filename_lookup+0x1f0/0x500 [ 33.571765][ T339] F2FS-fs (loop1): invalid crc value [ 33.571873][ T335] ? __cfi_filename_lookup+0x10/0x10 [ 33.587208][ T335] ? strncpy_from_user+0x17a/0x2d0 [ 33.592367][ T335] user_path_at_empty+0x47/0x1c0 [ 33.597337][ T335] do_sys_truncate+0xa3/0x190 [ 33.602044][ T335] ? __cfi_do_sys_truncate+0x10/0x10 [ 33.607355][ T335] ? fpregs_restore_userregs+0x128/0x260 [ 33.613003][ T335] __x64_sys_truncate+0x5b/0x70 [ 33.617874][ T335] x64_sys_call+0x679/0x9a0 [ 33.622387][ T335] do_syscall_64+0x4c/0xa0 [ 33.626816][ T335] ? clear_bhb_loop+0x15/0x70 [ 33.631504][ T335] ? clear_bhb_loop+0x15/0x70 [ 33.636189][ T335] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 33.642103][ T335] RIP: 0033:0x7fced31b6b89 [ 33.646523][ T335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 33.666139][ T335] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 339] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 334] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.674564][ T335] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 33.682542][ T335] RDX: ffffffffffffffb0 RSI: 0000000000001c9e RDI: 0000200000000280 [ 33.690523][ T335] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 33.698498][ T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 33.706475][ T335] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 33.714466][ T335] [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 334] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[355]}, 88) = 355 [pid 335] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 334] rt_sigprocmask(SIG_SETMASK, [], [pid 335] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 335] <... futex resumed>) = 0 [pid 334] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x7fced31529a0, 24) = 0 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [ 33.719265][ T335] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 33.737089][ T337] F2FS-fs (loop4): Found nat_bits in checkpoint [ 33.737773][ T355] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 33.752074][ T339] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.762815][ T341] F2FS-fs (loop3): Found nat_bits in checkpoint [ 33.784005][ T355] CPU: 0 PID: 355 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 33.794199][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 33.804269][ T355] Call Trace: [ 33.807566][ T355] [ 33.810513][ T355] __dump_stack+0x21/0x24 [ 33.814879][ T355] dump_stack_lvl+0xee/0x150 [ 33.819495][ T355] ? __cfi_dump_stack_lvl+0x8/0x8 [ 33.824561][ T355] ? __kasan_check_write+0x14/0x20 [ 33.829712][ T355] dump_stack+0x15/0x24 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 33.833897][ T355] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 33.839474][ T355] f2fs_is_valid_blkaddr+0x23/0x30 [ 33.844615][ T355] sanity_check_extent_cache+0x1c5/0x480 [ 33.850277][ T355] f2fs_iget+0x3312/0x4cb0 [ 33.854744][ T355] f2fs_lookup+0x366/0xab0 [ 33.859280][ T355] ? __cfi_f2fs_lookup+0x10/0x10 [ 33.864244][ T355] ? __cfi_d_alloc_parallel+0x10/0x10 [ 33.869657][ T355] ? __cfi_f2fs_lookup+0x10/0x10 [ 33.874626][ T355] path_openat+0xff3/0x2f50 [ 33.879176][ T355] ? do_filp_open+0x3c0/0x3c0 [ 33.883901][ T355] do_filp_open+0x1c1/0x3c0 [ 33.888440][ T355] ? __cfi_do_filp_open+0x10/0x10 [ 33.893500][ T355] ? alloc_fd+0x4e6/0x590 [ 33.897867][ T355] do_sys_openat2+0x185/0x7e0 [ 33.902590][ T355] ? _raw_spin_unlock_irq+0x4d/0x70 [ 33.907830][ T355] ? ptrace_notify+0x1d1/0x250 [ 33.912639][ T355] ? do_sys_open+0xe0/0xe0 [ 33.917102][ T355] ? __cfi_ptrace_notify+0x10/0x10 [ 33.922253][ T355] ? xfd_validate_state+0x70/0x150 [ 33.927404][ T355] __x64_sys_openat+0x136/0x160 [pid 334] exit_group(0 [pid 335] <... futex resumed>) = ? [pid 334] <... exit_group resumed>) = ? [pid 335] +++ exited with 0 +++ [pid 339] <... mount resumed>) = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./file0") = 0 [pid 339] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [pid 339] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.932553][ T355] x64_sys_call+0x783/0x9a0 [ 33.937097][ T355] do_syscall_64+0x4c/0xa0 [ 33.941548][ T355] ? clear_bhb_loop+0x15/0x70 [ 33.946255][ T355] ? clear_bhb_loop+0x15/0x70 [ 33.950960][ T355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 33.956897][ T355] RIP: 0033:0x7fced31b6b89 [ 33.957270][ T339] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 33.961422][ T355] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 33.977778][ T339] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 33.988587][ T355] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 33.988612][ T355] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 33.988625][ T355] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 33.988637][ T355] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [pid 338] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] truncate("./file3", 7326 [pid 338] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 338] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 338] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 338] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 338] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 338] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[361]}, 88) = 361 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7fced31529a0, 24) = 0 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 33.988649][ T355] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 34.035825][ T355] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 34.043819][ T355] [ 34.055551][ T339] CPU: 1 PID: 339 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 34.064916][ T337] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 34.066069][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.066081][ T339] Call Trace: [ 34.066086][ T339] [ 34.066092][ T339] __dump_stack+0x21/0x24 [ 34.066123][ T339] dump_stack_lvl+0xee/0x150 [ 34.073754][ T341] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 34.083621][ T339] ? __cfi_dump_stack_lvl+0x8/0x8 [ 34.083656][ T339] ? __kasan_check_write+0x14/0x20 [ 34.090469][ T355] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 34.091085][ T339] dump_stack+0x15/0x24 [pid 361] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 355] <... openat resumed>) = ? [pid 343] <... write resumed>) = 67108864 [pid 341] <... mount resumed>) = 0 [pid 337] <... mount resumed>) = 0 [pid 343] munmap(0x7fcecad53000, 138412032 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 343] <... munmap resumed>) = 0 [pid 341] <... openat resumed>) = 3 [pid 337] <... openat resumed>) = 3 [pid 341] chdir("./file0" [pid 337] chdir("./file0" [pid 341] <... chdir resumed>) = 0 [pid 337] <... chdir resumed>) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 337] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 341] <... openat resumed>) = 4 [pid 337] <... openat resumed>) = 4 [pid 341] ioctl(4, LOOP_CLR_FD [pid 337] ioctl(4, LOOP_CLR_FD [pid 341] <... ioctl resumed>) = 0 [pid 337] <... ioctl resumed>) = 0 [pid 341] close(4 [pid 337] close(4 [pid 341] <... close resumed>) = 0 [pid 337] <... close resumed>) = 0 [pid 341] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 1 [pid 341] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3 [pid 355] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ [pid 343] <... ioctl resumed>) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file0", 0777) = 0 [ 34.115399][ T343] loop2: detected capacity change from 0 to 131072 [ 34.117716][ T339] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 34.146937][ T339] f2fs_is_valid_blkaddr+0x23/0x30 [ 34.152086][ T339] sanity_check_extent_cache+0x1c5/0x480 [ 34.157530][ T343] F2FS-fs (loop2): invalid crc value [ 34.157748][ T339] f2fs_iget+0x3312/0x4cb0 [ 34.167646][ T339] f2fs_lookup+0x366/0xab0 [ 34.172090][ T339] ? __cfi_f2fs_lookup+0x10/0x10 [ 34.177061][ T339] ? __cfi_d_alloc_parallel+0x10/0x10 [pid 343] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 340] <... futex resumed>) = 1 [pid 341] truncate("./file3", 7326 [pid 340] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 340] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 340] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[365]}, 88) = 365 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 34.180125][ T341] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 34.182466][ T339] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 34.194852][ T339] ? downgrade_write+0x350/0x350 [ 34.199810][ T339] __lookup_slow+0x2c7/0x3f0 [ 34.204655][ T339] ? lookup_one_len+0x2d0/0x2d0 [ 34.209515][ T339] ? down_read+0xa0/0xf0 [ 34.213761][ T339] lookup_slow+0x57/0x70 [ 34.218007][ T339] walk_component+0x2f4/0x420 [ 34.222695][ T339] path_lookupat+0x180/0x490 [ 34.227295][ T339] filename_lookup+0x1f0/0x500 [pid 340] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=18, si_stime=33} --- [pid 337] <... futex resumed>) = 0 [pid 336] <... futex resumed>) = 1 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 337] truncate("./file3", 7326 [pid 336] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7fced31529a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 34.232072][ T339] ? __cfi_filename_lookup+0x10/0x10 [ 34.237397][ T339] ? strncpy_from_user+0x17a/0x2d0 [ 34.242780][ T339] user_path_at_empty+0x47/0x1c0 [ 34.247088][ T337] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 34.247832][ T339] do_sys_truncate+0xa3/0x190 [ 34.259174][ T339] ? __cfi_do_sys_truncate+0x10/0x10 [ 34.264478][ T339] ? fpregs_restore_userregs+0x128/0x260 [ 34.270116][ T339] __x64_sys_truncate+0x5b/0x70 [ 34.274973][ T339] x64_sys_call+0x679/0x9a0 [ 34.279503][ T339] do_syscall_64+0x4c/0xa0 [ 34.283926][ T339] ? clear_bhb_loop+0x15/0x70 [ 34.288627][ T339] ? clear_bhb_loop+0x15/0x70 [ 34.293309][ T339] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 34.299557][ T339] RIP: 0033:0x7fced31b6b89 [ 34.303971][ T339] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 34.323574][ T339] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 365] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 340] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 338] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 336] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 336] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 34.331991][ T339] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 34.339968][ T339] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 34.347949][ T339] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 34.355924][ T339] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 34.363919][ T339] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 34.371984][ T339] [ 34.375765][ T341] CPU: 1 PID: 341 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[366]}, 88) = 366 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7fced31529a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 343] <... mount resumed>) = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file0") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [ 34.379880][ T343] F2FS-fs (loop2): Found nat_bits in checkpoint [ 34.385953][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.385966][ T341] Call Trace: [ 34.385972][ T341] [ 34.385979][ T341] __dump_stack+0x21/0x24 [ 34.386009][ T341] dump_stack_lvl+0xee/0x150 [ 34.386033][ T341] ? __cfi_dump_stack_lvl+0x8/0x8 [ 34.386059][ T341] ? __kasan_check_write+0x14/0x20 [ 34.386085][ T341] dump_stack+0x15/0x24 [pid 343] close(4 [pid 336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 343] <... close resumed>) = 0 [pid 343] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 343] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 342] <... futex resumed>) = 1 [pid 343] truncate("./file3", 7326 [ 34.386108][ T341] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 34.422490][ T343] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 34.422636][ T341] f2fs_is_valid_blkaddr+0x23/0x30 [ 34.450196][ T341] sanity_check_extent_cache+0x1c5/0x480 [ 34.455856][ T341] f2fs_iget+0x3312/0x4cb0 [ 34.460337][ T341] f2fs_lookup+0x366/0xab0 [ 34.464870][ T341] ? __cfi_f2fs_lookup+0x10/0x10 [ 34.469826][ T341] ? __cfi_d_alloc_parallel+0x10/0x10 [ 34.475208][ T341] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 34.480941][ T341] ? downgrade_write+0x350/0x350 [ 34.485884][ T341] __lookup_slow+0x2c7/0x3f0 [ 34.490504][ T341] ? lookup_one_len+0x2d0/0x2d0 [ 34.495381][ T341] ? down_read+0xa0/0xf0 [ 34.499656][ T341] lookup_slow+0x57/0x70 [ 34.503919][ T341] walk_component+0x2f4/0x420 [ 34.508613][ T341] path_lookupat+0x180/0x490 [ 34.513209][ T341] filename_lookup+0x1f0/0x500 [ 34.517976][ T341] ? __cfi_filename_lookup+0x10/0x10 [ 34.523277][ T341] ? strncpy_from_user+0x17a/0x2d0 [ 34.528413][ T341] user_path_at_empty+0x47/0x1c0 [ 34.533364][ T341] do_sys_truncate+0xa3/0x190 [ 34.538138][ T341] ? __cfi_do_sys_truncate+0x10/0x10 [ 34.543431][ T341] ? fpregs_restore_userregs+0x128/0x260 [ 34.549118][ T341] __x64_sys_truncate+0x5b/0x70 [ 34.553994][ T341] x64_sys_call+0x679/0x9a0 [ 34.558499][ T341] do_syscall_64+0x4c/0xa0 [ 34.562926][ T341] ? clear_bhb_loop+0x15/0x70 [ 34.567608][ T341] ? clear_bhb_loop+0x15/0x70 [ 34.573072][ T341] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 34.579093][ T341] RIP: 0033:0x7fced31b6b89 [ 34.583526][ T341] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 34.603160][ T341] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 34.611593][ T341] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 34.619579][ T341] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 34.627654][ T341] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [pid 342] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 342] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 342] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[370]}, 88) = 370 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 34.635627][ T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 34.643605][ T341] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 34.651598][ T341] [ 34.655520][ T337] CPU: 1 PID: 337 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 34.665543][ T343] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 34.665699][ T337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.665711][ T337] Call Trace: [ 34.665717][ T337] [ 34.665723][ T337] __dump_stack+0x21/0x24 [ 34.665754][ T337] dump_stack_lvl+0xee/0x150 [ 34.665778][ T337] ? __cfi_dump_stack_lvl+0x8/0x8 [ 34.702718][ T337] ? __kasan_check_write+0x14/0x20 [ 34.707946][ T337] dump_stack+0x15/0x24 [ 34.712113][ T337] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 34.717665][ T337] f2fs_is_valid_blkaddr+0x23/0x30 [ 34.722776][ T337] sanity_check_extent_cache+0x1c5/0x480 [ 34.728433][ T337] f2fs_iget+0x3312/0x4cb0 [ 34.732891][ T337] f2fs_lookup+0x366/0xab0 [ 34.737334][ T337] ? __cfi_f2fs_lookup+0x10/0x10 [ 34.742272][ T337] ? __cfi_d_alloc_parallel+0x10/0x10 [ 34.747741][ T337] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 34.753470][ T337] ? downgrade_write+0x350/0x350 [ 34.758433][ T337] __lookup_slow+0x2c7/0x3f0 [ 34.763038][ T337] ? lookup_one_len+0x2d0/0x2d0 [ 34.767887][ T337] ? down_read+0xa0/0xf0 [ 34.772130][ T337] lookup_slow+0x57/0x70 [ 34.776373][ T337] walk_component+0x2f4/0x420 [ 34.781048][ T337] path_lookupat+0x180/0x490 [ 34.785649][ T337] filename_lookup+0x1f0/0x500 [ 34.790415][ T337] ? __cfi_filename_lookup+0x10/0x10 [ 34.795707][ T337] ? strncpy_from_user+0x17a/0x2d0 [ 34.800822][ T337] user_path_at_empty+0x47/0x1c0 [ 34.805755][ T337] do_sys_truncate+0xa3/0x190 [ 34.810437][ T337] ? __cfi_do_sys_truncate+0x10/0x10 [ 34.815726][ T337] ? fpregs_restore_userregs+0x128/0x260 [ 34.821359][ T337] __x64_sys_truncate+0x5b/0x70 [ 34.826215][ T337] x64_sys_call+0x679/0x9a0 [ 34.830745][ T337] do_syscall_64+0x4c/0xa0 [ 34.835167][ T337] ? clear_bhb_loop+0x15/0x70 [ 34.839865][ T337] ? clear_bhb_loop+0x15/0x70 [ 34.844566][ T337] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 34.850468][ T337] RIP: 0033:0x7fced31b6b89 [ 34.855410][ T337] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 34.875060][ T337] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 34.883485][ T337] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 34.891541][ T337] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 34.899514][ T337] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 34.907480][ T337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 34.915452][ T337] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 34.923440][ T337] [pid 342] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 370 attached ) = -1 ETIMEDOUT (Connection timed out) [ 34.926599][ T337] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 34.928455][ T343] CPU: 1 PID: 343 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 34.942154][ T366] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 34.949701][ T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.949713][ T343] Call Trace: [ 34.949719][ T343] [ 34.949725][ T343] __dump_stack+0x21/0x24 [ 34.977113][ T343] dump_stack_lvl+0xee/0x150 [ 34.981723][ T343] ? __cfi_dump_stack_lvl+0x8/0x8 [pid 370] set_robust_list(0x7fced31529a0, 24 [pid 337] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 370] <... set_robust_list resumed>) = 0 [pid 337] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] rt_sigprocmask(SIG_SETMASK, [], [pid 337] <... futex resumed>) = 0 [pid 370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 337] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 34.986772][ T343] ? kmem_cache_alloc+0x256/0x330 [ 34.991810][ T343] ? __kasan_check_write+0x14/0x20 [ 34.996935][ T343] dump_stack+0x15/0x24 [ 35.001117][ T343] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 35.006684][ T343] f2fs_is_valid_blkaddr+0x23/0x30 [ 35.011817][ T343] sanity_check_extent_cache+0x1c5/0x480 [ 35.017452][ T343] f2fs_iget+0x3312/0x4cb0 [ 35.021879][ T343] f2fs_lookup+0x366/0xab0 [ 35.026337][ T343] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.031295][ T343] ? __cfi_d_alloc_parallel+0x10/0x10 [ 35.036685][ T343] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 35.042516][ T343] ? downgrade_write+0x350/0x350 [ 35.047476][ T343] __lookup_slow+0x2c7/0x3f0 [ 35.052081][ T343] ? lookup_one_len+0x2d0/0x2d0 [ 35.056946][ T343] ? down_read+0xa0/0xf0 [ 35.061195][ T343] lookup_slow+0x57/0x70 [ 35.065441][ T343] walk_component+0x2f4/0x420 [ 35.070133][ T343] path_lookupat+0x180/0x490 [ 35.074841][ T343] filename_lookup+0x1f0/0x500 [ 35.079673][ T343] ? __cfi_filename_lookup+0x10/0x10 [pid 370] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 336] exit_group(0 [pid 337] <... futex resumed>) = ? [pid 336] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 338] exit_group(0) = ? [ 35.085002][ T343] ? strncpy_from_user+0x17a/0x2d0 [ 35.090226][ T343] user_path_at_empty+0x47/0x1c0 [ 35.095181][ T343] do_sys_truncate+0xa3/0x190 [ 35.099869][ T343] ? __cfi_do_sys_truncate+0x10/0x10 [ 35.105179][ T343] ? fpregs_restore_userregs+0x128/0x260 [ 35.110849][ T343] __x64_sys_truncate+0x5b/0x70 [ 35.115732][ T343] x64_sys_call+0x679/0x9a0 [ 35.120245][ T343] do_syscall_64+0x4c/0xa0 [ 35.124671][ T343] ? clear_bhb_loop+0x15/0x70 [ 35.129350][ T343] ? clear_bhb_loop+0x15/0x70 [ 35.134029][ T343] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.140020][ T343] RIP: 0033:0x7fced31b6b89 [ 35.144437][ T343] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 35.164042][ T343] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 35.172454][ T343] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 35.180423][ T343] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 35.188389][ T343] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 35.196359][ T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 35.204429][ T343] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 35.212402][ T343] [ 35.215993][ T366] CPU: 0 PID: 366 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 35.217227][ T339] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 35.226166][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.226177][ T366] Call Trace: [ 35.226182][ T366] [ 35.226188][ T366] __dump_stack+0x21/0x24 [ 35.239141][ T341] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 35.249172][ T366] dump_stack_lvl+0xee/0x150 [ 35.249210][ T366] ? __cfi_dump_stack_lvl+0x8/0x8 [ 35.253371][ T361] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 35.255451][ T366] ? mutex_unlock+0x89/0x220 [ 35.255473][ T366] ? __kasan_check_write+0x14/0x20 [ 35.255498][ T366] dump_stack+0x15/0x24 [ 35.287696][ T343] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 35.289099][ T366] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 35.321429][ T366] f2fs_is_valid_blkaddr+0x23/0x30 [ 35.326927][ T366] sanity_check_extent_cache+0x1c5/0x480 [ 35.332562][ T366] f2fs_iget+0x3312/0x4cb0 [ 35.336998][ T366] f2fs_lookup+0x366/0xab0 [ 35.341413][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.346361][ T366] ? __cfi_d_alloc_parallel+0x10/0x10 [ 35.351743][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.356686][ T366] path_openat+0xff3/0x2f50 [ 35.361197][ T366] ? do_filp_open+0x3c0/0x3c0 [ 35.365883][ T366] do_filp_open+0x1c1/0x3c0 [ 35.370388][ T366] ? __cfi_do_filp_open+0x10/0x10 [ 35.375417][ T366] ? alloc_fd+0x4e6/0x590 [ 35.379762][ T366] do_sys_openat2+0x185/0x7e0 [ 35.384451][ T366] ? _raw_spin_unlock_irq+0x4d/0x70 [pid 339] <... truncate resumed>) = ? [pid 339] +++ exited with 0 +++ [pid 341] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 341] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 343] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] exit_group(0 [pid 343] <... futex resumed>) = ? [pid 342] <... exit_group resumed>) = ? [pid 343] +++ exited with 0 +++ [ 35.389668][ T366] ? ptrace_notify+0x1d1/0x250 [ 35.394434][ T366] ? do_sys_open+0xe0/0xe0 [ 35.398884][ T366] ? __cfi_ptrace_notify+0x10/0x10 [ 35.404019][ T366] ? xfd_validate_state+0x70/0x150 [ 35.409149][ T366] __x64_sys_openat+0x136/0x160 [ 35.414018][ T366] x64_sys_call+0x783/0x9a0 [ 35.418541][ T366] do_syscall_64+0x4c/0xa0 [ 35.422991][ T366] ? clear_bhb_loop+0x15/0x70 [ 35.427678][ T366] ? clear_bhb_loop+0x15/0x70 [ 35.432361][ T366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.438262][ T366] RIP: 0033:0x7fced31b6b89 [ 35.442697][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 35.462331][ T366] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 35.470780][ T366] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 35.478770][ T366] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 35.486759][ T366] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 35.494736][ T366] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 35.502706][ T366] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 35.510680][ T366] [ 35.513754][ T361] CPU: 1 PID: 361 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 35.515846][ T366] ================================================================== [ 35.523928][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.531981][ T366] BUG: KASAN: use-after-free in sanity_check_extent_cache+0x3cc/0x480 [ 35.542026][ T361] Call Trace: [ 35.542034][ T361] [ 35.550155][ T366] Read of size 4 at addr ffff888125090c78 by task syz-executor412/366 [ 35.553427][ T361] __dump_stack+0x21/0x24 [ 35.556363][ T366] [ 35.571127][ T361] dump_stack_lvl+0xee/0x150 [ 35.575801][ T361] ? __cfi_dump_stack_lvl+0x8/0x8 [ 35.580828][ T361] ? mutex_unlock+0x89/0x220 [ 35.585417][ T361] ? __kasan_check_write+0x14/0x20 [ 35.590562][ T361] dump_stack+0x15/0x24 [ 35.594723][ T361] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 35.600273][ T361] f2fs_is_valid_blkaddr+0x23/0x30 [ 35.605381][ T361] sanity_check_extent_cache+0x1c5/0x480 [ 35.611113][ T361] f2fs_iget+0x3312/0x4cb0 [ 35.615577][ T361] f2fs_lookup+0x366/0xab0 [ 35.620020][ T361] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.625065][ T361] ? __cfi_d_alloc_parallel+0x10/0x10 [ 35.630450][ T361] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.635387][ T361] path_openat+0xff3/0x2f50 [ 35.639894][ T361] ? do_filp_open+0x3c0/0x3c0 [ 35.644669][ T361] do_filp_open+0x1c1/0x3c0 [ 35.649175][ T361] ? __cfi_do_filp_open+0x10/0x10 [ 35.654290][ T361] ? alloc_fd+0x4e6/0x590 [ 35.658632][ T361] do_sys_openat2+0x185/0x7e0 [ 35.663406][ T361] ? _raw_spin_unlock_irq+0x4d/0x70 [ 35.668610][ T361] ? ptrace_notify+0x1d1/0x250 [ 35.673379][ T361] ? do_sys_open+0xe0/0xe0 [ 35.677837][ T361] ? __cfi_ptrace_notify+0x10/0x10 [ 35.683042][ T361] ? xfd_validate_state+0x70/0x150 [ 35.688160][ T361] __x64_sys_openat+0x136/0x160 [ 35.693017][ T361] x64_sys_call+0x783/0x9a0 [ 35.697735][ T361] do_syscall_64+0x4c/0xa0 [ 35.702332][ T361] ? clear_bhb_loop+0x15/0x70 [ 35.707012][ T361] ? clear_bhb_loop+0x15/0x70 [ 35.711686][ T361] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.717591][ T361] RIP: 0033:0x7fced31b6b89 [ 35.722004][ T361] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 35.741609][ T361] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 35.750036][ T361] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 35.758093][ T361] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 35.766063][ T361] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 35.774118][ T361] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 35.782169][ T361] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 35.790144][ T361] [ 35.793171][ T366] CPU: 0 PID: 366 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 35.793346][ T370] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 35.803598][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.803610][ T366] Call Trace: [ 35.803616][ T366] [ 35.803622][ T366] __dump_stack+0x21/0x24 [ 35.810330][ T365] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 35.820337][ T366] dump_stack_lvl+0xee/0x150 [ 35.842151][ T366] ? __cfi_dump_stack_lvl+0x8/0x8 [ 35.847189][ T366] ? dump_stack_lvl+0x122/0x150 [ 35.852053][ T366] ? sanity_check_extent_cache+0x3cc/0x480 [ 35.857872][ T366] print_address_description+0x71/0x210 [ 35.863441][ T366] print_report+0x4a/0x60 [ 35.867790][ T366] kasan_report+0x122/0x150 [ 35.872387][ T366] ? sanity_check_extent_cache+0x3cc/0x480 [ 35.878197][ T366] __asan_report_load4_noabort+0x14/0x20 [ 35.883847][ T366] sanity_check_extent_cache+0x3cc/0x480 [ 35.889487][ T366] f2fs_iget+0x3312/0x4cb0 [ 35.894018][ T366] f2fs_lookup+0x366/0xab0 [ 35.898452][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.903484][ T366] ? __cfi_d_alloc_parallel+0x10/0x10 [ 35.908861][ T366] ? __cfi_f2fs_lookup+0x10/0x10 [ 35.914145][ T366] path_openat+0xff3/0x2f50 [ 35.918656][ T366] ? do_filp_open+0x3c0/0x3c0 [ 35.923348][ T366] do_filp_open+0x1c1/0x3c0 [ 35.927981][ T366] ? __cfi_do_filp_open+0x10/0x10 [ 35.933013][ T366] ? alloc_fd+0x4e6/0x590 [ 35.937351][ T366] do_sys_openat2+0x185/0x7e0 [ 35.942120][ T366] ? _raw_spin_unlock_irq+0x4d/0x70 [ 35.947327][ T366] ? ptrace_notify+0x1d1/0x250 [ 35.952101][ T366] ? do_sys_open+0xe0/0xe0 [ 35.956524][ T366] ? __cfi_ptrace_notify+0x10/0x10 [ 35.961638][ T366] ? xfd_validate_state+0x70/0x150 [ 35.966754][ T366] __x64_sys_openat+0x136/0x160 [ 35.971605][ T366] x64_sys_call+0x783/0x9a0 [ 35.976110][ T366] do_syscall_64+0x4c/0xa0 [ 35.980525][ T366] ? clear_bhb_loop+0x15/0x70 [ 35.985202][ T366] ? clear_bhb_loop+0x15/0x70 [ 35.989875][ T366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.995771][ T366] RIP: 0033:0x7fced31b6b89 [ 36.000188][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.020049][ T366] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 36.028462][ T366] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 36.036434][ T366] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 36.044403][ T366] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 36.052371][ T366] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 36.060340][ T366] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 36.068314][ T366] [ 36.071337][ T366] [ 36.073663][ T366] Allocated by task 337: [ 36.077893][ T366] kasan_set_track+0x4b/0x70 [ 36.082492][ T366] kasan_save_alloc_info+0x25/0x30 [ 36.087603][ T366] __kasan_slab_alloc+0x72/0x80 [ 36.092452][ T366] slab_post_alloc_hook+0x4f/0x2d0 [ 36.097566][ T366] kmem_cache_alloc+0x16e/0x330 [ 36.102411][ T366] __grab_extent_tree+0x19d/0x430 [ 36.107429][ T366] f2fs_init_read_extent_tree+0x3d4/0x7e0 [ 36.113141][ T366] f2fs_iget+0x3302/0x4cb0 [ 36.117604][ T366] f2fs_lookup+0x366/0xab0 [ 36.122013][ T366] __lookup_slow+0x2c7/0x3f0 [ 36.126610][ T366] lookup_slow+0x57/0x70 [ 36.130845][ T366] walk_component+0x2f4/0x420 [ 36.135521][ T366] path_lookupat+0x180/0x490 [ 36.140117][ T366] filename_lookup+0x1f0/0x500 [ 36.144882][ T366] user_path_at_empty+0x47/0x1c0 [ 36.150073][ T366] do_sys_truncate+0xa3/0x190 [ 36.154750][ T366] __x64_sys_truncate+0x5b/0x70 [ 36.159787][ T366] x64_sys_call+0x679/0x9a0 [ 36.164289][ T366] do_syscall_64+0x4c/0xa0 [ 36.168737][ T366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.174634][ T366] [ 36.176952][ T366] Freed by task 337: [ 36.180929][ T366] kasan_set_track+0x4b/0x70 [ 36.185603][ T366] kasan_save_free_info+0x31/0x50 [ 36.190632][ T366] ____kasan_slab_free+0x132/0x180 [ 36.195765][ T366] __kasan_slab_free+0x11/0x20 [ 36.200528][ T366] slab_free_freelist_hook+0xc2/0x190 [ 36.205990][ T366] kmem_cache_free+0x12d/0x300 [ 36.210757][ T366] __destroy_extent_tree+0x305/0x500 [ 36.216646][ T366] f2fs_destroy_extent_tree+0x17/0x30 [ 36.222110][ T366] f2fs_evict_inode+0x4eb/0x14f0 [ 36.227158][ T366] evict+0x493/0x890 [ 36.231063][ T366] iput+0x620/0x670 [ 36.234872][ T366] iget_failed+0x17a/0x1c0 [ 36.239495][ T366] f2fs_iget+0x218c/0x4cb0 [ 36.243911][ T366] f2fs_lookup+0x366/0xab0 [ 36.248343][ T366] __lookup_slow+0x2c7/0x3f0 [ 36.252938][ T366] lookup_slow+0x57/0x70 [ 36.257174][ T366] walk_component+0x2f4/0x420 [ 36.261849][ T366] path_lookupat+0x180/0x490 [ 36.266454][ T366] filename_lookup+0x1f0/0x500 [ 36.271239][ T366] user_path_at_empty+0x47/0x1c0 [ 36.276189][ T366] do_sys_truncate+0xa3/0x190 [ 36.280882][ T366] __x64_sys_truncate+0x5b/0x70 [ 36.285733][ T366] x64_sys_call+0x679/0x9a0 [ 36.290237][ T366] do_syscall_64+0x4c/0xa0 [ 36.294660][ T366] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.300565][ T366] [ 36.302883][ T366] The buggy address belongs to the object at ffff888125090c30 [ 36.302883][ T366] which belongs to the cache f2fs_extent_tree of size 88 [ 36.317367][ T366] The buggy address is located 72 bytes inside of [ 36.317367][ T366] 88-byte region [ffff888125090c30, ffff888125090c88) [ 36.330463][ T366] [ 36.332785][ T366] The buggy address belongs to the physical page: [ 36.339192][ T366] page:ffffea0004942400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125090 [ 36.349598][ T366] flags: 0x4000000000000200(slab|zone=1) [ 36.355239][ T366] raw: 4000000000000200 0000000000000000 dead000000000122 ffff88810ad53e00 [ 36.363822][ T366] raw: 0000000000000000 0000000080220022 00000001ffffffff 0000000000000000 [ 36.372394][ T366] page dumped because: kasan: bad access detected [ 36.378909][ T366] page_owner tracks the page as allocated [ 36.384968][ T366] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 303, tgid 300 (syz-executor412), ts 29723519477, free_ts 0 [ 36.404064][ T366] post_alloc_hook+0x1f5/0x210 [ 36.408835][ T366] prep_new_page+0x1c/0x110 [ 36.413336][ T366] get_page_from_freelist+0x2c7b/0x2cf0 [ 36.418970][ T366] __alloc_pages+0x19e/0x3a0 [ 36.423558][ T366] alloc_slab_page+0x6e/0xf0 [ 36.428243][ T366] new_slab+0x98/0x3d0 [ 36.432311][ T366] ___slab_alloc+0x6f6/0xb50 [ 36.436902][ T366] __slab_alloc+0x5e/0xa0 [ 36.441228][ T366] kmem_cache_alloc+0x1b0/0x330 [ 36.446073][ T366] __grab_extent_tree+0x19d/0x430 [ 36.451095][ T366] f2fs_init_read_extent_tree+0x3d4/0x7e0 [ 36.456814][ T366] f2fs_iget+0x3302/0x4cb0 [ 36.461237][ T366] f2fs_lookup+0x366/0xab0 [ 36.465651][ T366] __lookup_slow+0x2c7/0x3f0 [ 36.470244][ T366] lookup_slow+0x57/0x70 [ 36.474481][ T366] walk_component+0x2f4/0x420 [ 36.479168][ T366] page_owner free stack trace missing [ 36.484545][ T366] [ 36.486869][ T366] Memory state around the buggy address: [ 36.492505][ T366] ffff888125090b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.500560][ T366] ffff888125090b80: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 36.508618][ T366] >ffff888125090c00: fb fb fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 36.516675][ T366] ^ [ 36.524746][ T366] ffff888125090c80: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.532802][ T366] ffff888125090d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [pid 340] exit_group(0 [pid 341] <... futex resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 341] +++ exited with 0 +++ [ 36.540861][ T366] ================================================================== [ 36.555000][ T365] CPU: 0 PID: 365 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 36.558347][ T28] audit: type=1400 audit(1750203546.359:71): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 36.565182][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.565195][ T365] Call Trace: [ 36.565200][ T365] [ 36.565206][ T365] __dump_stack+0x21/0x24 [ 36.590123][ T28] audit: type=1400 audit(1750203546.359:72): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 36.597055][ T365] dump_stack_lvl+0xee/0x150 [ 36.597086][ T365] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.600926][ T28] audit: type=1400 audit(1750203546.359:73): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 36.603294][ T365] ? kmem_cache_alloc+0xbb/0x330 [ 36.607771][ T28] audit: type=1400 audit(1750203546.359:74): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 36.628787][ T365] ? __kasan_check_write+0x14/0x20 [ 36.628815][ T365] dump_stack+0x15/0x24 [ 36.633960][ T28] audit: type=1400 audit(1750203546.359:75): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.638410][ T365] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 36.638433][ T365] f2fs_is_valid_blkaddr+0x23/0x30 [ 36.638450][ T365] sanity_check_extent_cache+0x1c5/0x480 [ 36.638471][ T365] f2fs_iget+0x3312/0x4cb0 [ 36.638501][ T365] f2fs_lookup+0x366/0xab0 [ 36.638516][ T365] ? __cfi_f2fs_lookup+0x10/0x10 [ 36.638531][ T365] ? __cfi_d_alloc_parallel+0x10/0x10 [ 36.638555][ T365] ? __cfi_f2fs_lookup+0x10/0x10 [ 36.660444][ T28] audit: type=1400 audit(1750203546.359:76): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.664559][ T365] path_openat+0xff3/0x2f50 [ 36.685423][ T28] audit: type=1400 audit(1750203546.359:77): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 36.690048][ T365] ? do_filp_open+0x3c0/0x3c0 [ 36.809377][ T365] do_filp_open+0x1c1/0x3c0 [ 36.813886][ T365] ? __cfi_do_filp_open+0x10/0x10 [ 36.818910][ T365] ? alloc_fd+0x4e6/0x590 [ 36.823244][ T365] do_sys_openat2+0x185/0x7e0 [ 36.827924][ T365] ? _raw_spin_unlock_irq+0x4d/0x70 [ 36.833127][ T365] ? ptrace_notify+0x1d1/0x250 [ 36.837902][ T365] ? do_sys_open+0xe0/0xe0 [ 36.842318][ T365] ? __cfi_ptrace_notify+0x10/0x10 [ 36.847431][ T365] ? xfd_validate_state+0x70/0x150 [ 36.852544][ T365] __x64_sys_openat+0x136/0x160 [ 36.857397][ T365] x64_sys_call+0x783/0x9a0 [ 36.861900][ T365] do_syscall_64+0x4c/0xa0 [ 36.866319][ T365] ? clear_bhb_loop+0x15/0x70 [ 36.871374][ T365] ? clear_bhb_loop+0x15/0x70 [ 36.876060][ T365] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.881957][ T365] RIP: 0033:0x7fced31b6b89 [ 36.886370][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.905975][ T365] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 36.914388][ T365] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 36.922358][ T365] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 36.930421][ T365] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 36.938389][ T365] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [pid 361] <... openat resumed>) = ? [pid 361] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=20, si_stime=62} --- [pid 292] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 292] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 365] <... openat resumed>) = ? [ 36.946359][ T365] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 36.954327][ T365] [ 36.958186][ T370] CPU: 0 PID: 370 Comm: syz-executor412 Not tainted 6.1.138-syzkaller-00010-gba4506940166 #0 [ 36.958930][ T361] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 36.968366][ T370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 36.968377][ T370] Call Trace: [ 36.968383][ T370] [pid 365] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ [ 36.968389][ T370] __dump_stack+0x21/0x24 [ 36.968418][ T370] dump_stack_lvl+0xee/0x150 [ 36.983260][ T365] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 36.991473][ T370] ? __cfi_dump_stack_lvl+0x8/0x8 [ 36.991501][ T370] ? kmem_cache_alloc+0xbb/0x330 [ 36.991524][ T370] ? __kasan_check_write+0x14/0x20 [ 36.998130][ T366] Disabling lock debugging due to kernel taint [ 37.002065][ T370] dump_stack+0x15/0x24 [ 37.002096][ T370] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 37.002118][ T370] f2fs_is_valid_blkaddr+0x23/0x30 [ 37.007173][ T366] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 37.019614][ T370] sanity_check_extent_cache+0x1c5/0x480 [ 37.019640][ T370] f2fs_iget+0x3312/0x4cb0 [ 37.019667][ T370] f2fs_lookup+0x366/0xab0 [ 37.083138][ T370] ? __cfi_f2fs_lookup+0x10/0x10 [ 37.088090][ T370] ? __cfi_d_alloc_parallel+0x10/0x10 [ 37.093569][ T370] ? __cfi_f2fs_lookup+0x10/0x10 [pid 366] <... openat resumed>) = ? [pid 366] +++ exited with 0 +++ [pid 336] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=17, si_stime=62} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 291] <... umount2 resumed>) = 0 [ 37.098509][ T370] path_openat+0xff3/0x2f50 [ 37.103043][ T370] ? do_filp_open+0x3c0/0x3c0 [ 37.107726][ T370] do_filp_open+0x1c1/0x3c0 [ 37.112240][ T370] ? __cfi_do_filp_open+0x10/0x10 [ 37.117362][ T370] ? alloc_fd+0x4e6/0x590 [ 37.121883][ T370] do_sys_openat2+0x185/0x7e0 [ 37.126588][ T370] ? _raw_spin_unlock_irq+0x4d/0x70 [ 37.131899][ T370] ? ptrace_notify+0x1d1/0x250 [ 37.136881][ T370] ? do_sys_open+0xe0/0xe0 [ 37.141310][ T370] ? __cfi_ptrace_notify+0x10/0x10 [ 37.146441][ T370] ? xfd_validate_state+0x70/0x150 [ 37.151570][ T370] __x64_sys_openat+0x136/0x160 [ 37.156521][ T370] x64_sys_call+0x783/0x9a0 [ 37.161124][ T370] do_syscall_64+0x4c/0xa0 [ 37.165562][ T370] ? clear_bhb_loop+0x15/0x70 [ 37.170261][ T370] ? clear_bhb_loop+0x15/0x70 [ 37.175001][ T370] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 37.181013][ T370] RIP: 0033:0x7fced31b6b89 [ 37.185456][ T370] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 37.205170][ T370] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 37.213604][ T370] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 37.221587][ T370] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 37.229574][ T370] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 37.237568][ T370] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 executing program [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./1/file0") = 0 [pid 291] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./1/binderfs") = 0 [pid 291] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./1") = 0 [pid 291] mkdir("./2", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x55558013f6a0, 24) = 0 [pid 371] chdir("./2") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] write(1, "executing program\n", 18) = 18 [pid 371] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 371] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[372]}, 88) = 372 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7fced31739a0, 24) = 0 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=18, si_stime=52} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 370] <... openat resumed>) = ? [pid 370] +++ exited with 0 +++ [pid 342] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=21, si_stime=39} --- [pid 293] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 293] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 37.245731][ T370] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 37.253745][ T370] [ 37.257721][ T370] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./1/file0") = 0 [pid 292] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./1/binderfs") = 0 [pid 292] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./1") = 0 [pid 292] mkdir("./2", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55558013f6a0, 24) = 0 [pid 373] chdir("./2") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18executing program ) = 18 [pid 373] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 373] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[374]}, 88) = 374 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7fced31739a0, 24) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 293] <... umount2 resumed>) = 0 [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./1/file0") = 0 [pid 294] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./1/binderfs") = 0 [pid 294] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./1") = 0 [pid 294] mkdir("./2", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3 [pid 295] <... umount2 resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 375 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./1/file0") = 0 [pid 293] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 375 attached [pid 293] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 375] set_robust_list(0x55558013f6a0, 24 [pid 293] unlink("./1/binderfs") = 0 [pid 375] <... set_robust_list resumed>) = 0 [pid 375] chdir("./2") = 0 [pid 293] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0 [pid 293] close(3) = 0 [pid 375] <... setpgid resumed>) = 0 [pid 293] rmdir("./1" [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 293] <... rmdir resumed>) = 0 [pid 375] <... openat resumed>) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 375] <... close resumed>) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs" [pid 293] mkdir("./2", 0777 [pid 375] <... symlink resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 375] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 375] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE [pid 295] newfstatat(AT_FDCWD, "./1/file0", [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3 [pid 375] <... mprotect resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 293] <... close resumed>) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 375] <... clone3 resumed> => {parent_tid=[376]}, 88) = 376 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... openat resumed>) = 4 [pid 293] <... clone resumed>, child_tidptr=0x55558013f690) = 377 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7fced31739a0, 24) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 295] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./1/file0") = 0 [pid 295] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./1/binderfs") = 0 [pid 295] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./1") = 0 [pid 295] mkdir("./2", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 378 ./strace-static-x86_64: Process 377 attached ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x55558013f6a0, 24) = 0 [pid 378] chdir("./2") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 377] set_robust_list(0x55558013f6a0, 24) = 0 [pid 377] chdir("./2") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 378] <... openat resumed>) = 3 [pid 377] <... prctl resumed>) = 0 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] setpgid(0, 0 [pid 378] write(1, "executing program\n", 18executing program ) = 18 [pid 378] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 378] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[379]}, 88) = 379 [pid 377] <... setpgid resumed>) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 378] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 377] <... openat resumed>) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] write(1, "executing program\n", 18executing program ) = 18 [pid 377] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 377] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[380]}, 88) = 380 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7fced31739a0, 24) = 0 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x7fced31739a0, 24) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 380] memfd_create("syzkaller", 0) = 3 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 372] <... write resumed>) = 67108864 [pid 372] munmap(0x7fcecad53000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("./file0", 0777) = 0 [ 38.015352][ T372] loop0: detected capacity change from 0 to 131072 [ 38.044241][ T372] F2FS-fs (loop0): invalid crc value [ 38.094681][ T372] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 372] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "") = 0 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [ 38.164877][ T372] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 38.201061][ T372] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 38.215060][ T372] CPU: 1 PID: 372 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 38.226736][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.236809][ T372] Call Trace: [ 38.240100][ T372] [ 38.243048][ T372] __dump_stack+0x21/0x24 [ 38.247398][ T372] dump_stack_lvl+0xee/0x150 [ 38.252012][ T372] ? __cfi_dump_stack_lvl+0x8/0x8 [ 38.257056][ T372] ? __kasan_check_write+0x14/0x20 [ 38.262194][ T372] dump_stack+0x15/0x24 [ 38.266367][ T372] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 38.271941][ T372] f2fs_is_valid_blkaddr+0x23/0x30 [ 38.277085][ T372] sanity_check_extent_cache+0x1c5/0x480 [ 38.282744][ T372] f2fs_iget+0x3312/0x4cb0 [ 38.287193][ T372] f2fs_lookup+0x366/0xab0 [ 38.291616][ T372] ? __cfi_f2fs_lookup+0x10/0x10 [ 38.296563][ T372] ? __cfi_d_alloc_parallel+0x10/0x10 [ 38.301955][ T372] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 38.307703][ T372] ? downgrade_write+0x350/0x350 [ 38.312668][ T372] __lookup_slow+0x2c7/0x3f0 [ 38.317278][ T372] ? lookup_one_len+0x2d0/0x2d0 [ 38.322147][ T372] ? down_read+0xa0/0xf0 [ 38.326405][ T372] lookup_slow+0x57/0x70 [ 38.330655][ T372] walk_component+0x2f4/0x420 [ 38.335350][ T372] path_lookupat+0x180/0x490 [ 38.339956][ T372] filename_lookup+0x1f0/0x500 [ 38.344752][ T372] ? __cfi_filename_lookup+0x10/0x10 [ 38.350056][ T372] ? strncpy_from_user+0x17a/0x2d0 [ 38.355190][ T372] user_path_at_empty+0x47/0x1c0 [ 38.360139][ T372] do_sys_truncate+0xa3/0x190 [pid 372] truncate("./file3", 7326 [ 38.364838][ T372] ? __cfi_do_sys_truncate+0x10/0x10 [ 38.370148][ T372] ? fpregs_restore_userregs+0x128/0x260 [ 38.375793][ T372] __x64_sys_truncate+0x5b/0x70 [ 38.380672][ T372] x64_sys_call+0x679/0x9a0 [ 38.385187][ T372] do_syscall_64+0x4c/0xa0 [ 38.389628][ T372] ? clear_bhb_loop+0x15/0x70 [ 38.394318][ T372] ? clear_bhb_loop+0x15/0x70 [ 38.399263][ T372] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 38.405206][ T372] RIP: 0033:0x7fced31b6b89 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [ 38.409643][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 38.429357][ T372] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 38.437794][ T372] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 38.445776][ T372] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 38.453770][ T372] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 371] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 371] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[385]}, 88) = 385 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x7fced31529a0, 24) = 0 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [ 38.461781][ T372] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 38.470064][ T372] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 38.478069][ T372] [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 371] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 371] exit_group(0) = ? [pid 374] <... write resumed>) = 67108864 [pid 374] munmap(0x7fcecad53000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 374] close(3) = 0 [pid 374] close(4) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 379] <... write resumed>) = 67108864 [pid 379] munmap(0x7fcecad53000, 138412032) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 38.864313][ T374] loop1: detected capacity change from 0 to 131072 [ 38.895617][ T374] F2FS-fs (loop1): invalid crc value [pid 379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 379] close(3) = 0 [pid 379] close(4) = 0 [pid 379] mkdir("./file0", 0777) = 0 [pid 379] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 380] <... write resumed>) = 67108864 [ 38.924854][ T379] loop4: detected capacity change from 0 to 131072 [ 38.932479][ T374] F2FS-fs (loop1): Found nat_bits in checkpoint [ 38.948040][ T379] F2FS-fs (loop4): invalid crc value [pid 380] munmap(0x7fcecad53000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_SET_FD, 3 [pid 376] <... write resumed>) = 67108864 [pid 376] munmap(0x7fcecad53000, 138412032) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_SET_FD, 3 [pid 380] <... ioctl resumed>) = 0 [pid 380] close(3) = 0 [pid 380] close(4) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 374] <... mount resumed>) = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 380] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_CLR_FD) = 0 [pid 374] close(4) = 0 [pid 374] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 38.987836][ T379] F2FS-fs (loop4): Found nat_bits in checkpoint [ 39.001347][ T380] loop2: detected capacity change from 0 to 131072 [ 39.008846][ T374] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 39.025775][ T376] loop3: detected capacity change from 0 to 131072 [pid 374] truncate("./file3", 7326 [pid 376] <... ioctl resumed>) = 0 [pid 376] close(3) = 0 [pid 376] close(4) = 0 [pid 376] mkdir("./file0", 0777) = 0 [ 39.043422][ T374] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 39.050655][ T380] F2FS-fs (loop2): invalid crc value [ 39.063186][ T372] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 39.072494][ T374] CPU: 1 PID: 374 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 376] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 380] <... mount resumed>) = 0 [pid 372] <... truncate resumed>) = ? [ 39.079839][ T380] F2FS-fs (loop2): Found nat_bits in checkpoint [ 39.087794][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.087806][ T374] Call Trace: [ 39.087811][ T374] [ 39.087817][ T374] __dump_stack+0x21/0x24 [ 39.087846][ T374] dump_stack_lvl+0xee/0x150 [ 39.118603][ T380] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 39.121529][ T374] ? __cfi_dump_stack_lvl+0x8/0x8 [ 39.121558][ T374] ? __kasan_check_write+0x14/0x20 [pid 372] +++ exited with 0 +++ [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_CLR_FD) = 0 [pid 380] close(4) = 0 [pid 380] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [ 39.129435][ T376] F2FS-fs (loop3): invalid crc value [ 39.134050][ T374] dump_stack+0x15/0x24 [ 39.140347][ T385] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 39.144428][ T374] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 39.144456][ T374] f2fs_is_valid_blkaddr+0x23/0x30 [ 39.144474][ T374] sanity_check_extent_cache+0x1c5/0x480 [ 39.144496][ T374] f2fs_iget+0x3312/0x4cb0 [ 39.144528][ T374] f2fs_lookup+0x366/0xab0 [ 39.144544][ T374] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.144559][ T374] ? __cfi_d_alloc_parallel+0x10/0x10 [pid 380] truncate("./file3", 7326 [pid 377] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 377] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 377] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 377] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[399]}, 88) = 399 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7fced31529a0, 24) = 0 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 39.144584][ T374] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 39.144604][ T374] ? downgrade_write+0x350/0x350 [ 39.144627][ T374] __lookup_slow+0x2c7/0x3f0 [ 39.144654][ T374] ? lookup_one_len+0x2d0/0x2d0 [ 39.155427][ T380] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 39.155500][ T374] ? down_read+0xa0/0xf0 [ 39.222074][ T374] lookup_slow+0x57/0x70 [ 39.226328][ T374] walk_component+0x2f4/0x420 [ 39.231222][ T374] path_lookupat+0x180/0x490 [ 39.235843][ T374] filename_lookup+0x1f0/0x500 [pid 399] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 377] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 39.241081][ T374] ? __cfi_filename_lookup+0x10/0x10 [ 39.246382][ T374] ? strncpy_from_user+0x17a/0x2d0 [ 39.251513][ T374] user_path_at_empty+0x47/0x1c0 [ 39.256502][ T374] do_sys_truncate+0xa3/0x190 [ 39.261199][ T374] ? __cfi_do_sys_truncate+0x10/0x10 [ 39.266507][ T374] ? fpregs_restore_userregs+0x128/0x260 [ 39.272153][ T374] __x64_sys_truncate+0x5b/0x70 [ 39.277014][ T374] x64_sys_call+0x679/0x9a0 [ 39.281625][ T374] do_syscall_64+0x4c/0xa0 [ 39.286049][ T374] ? clear_bhb_loop+0x15/0x70 [ 39.290735][ T374] ? clear_bhb_loop+0x15/0x70 [ 39.295432][ T374] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.301355][ T374] RIP: 0033:0x7fced31b6b89 [ 39.305787][ T374] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 39.325404][ T374] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 39.333850][ T374] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 39.341869][ T374] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 39.349879][ T374] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 39.357882][ T374] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 39.365873][ T374] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 39.373865][ T374] [ 39.376887][ T385] CPU: 0 PID: 385 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 39.379623][ T374] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 39.388733][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.388745][ T385] Call Trace: [ 39.388750][ T385] [ 39.388756][ T385] __dump_stack+0x21/0x24 [ 39.388792][ T385] dump_stack_lvl+0xee/0x150 [ 39.388817][ T385] ? __cfi_dump_stack_lvl+0x8/0x8 [ 39.388842][ T385] ? __kasan_check_write+0x14/0x20 [ 39.388867][ T385] dump_stack+0x15/0x24 [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 373] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 373] <... futex resumed>) = 0 [pid 374] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 374] <... futex resumed>) = 0 [pid 373] <... mmap resumed>) = 0x7fced3132000 [pid 374] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[400]}, 88) = 400 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 373] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 39.388890][ T385] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 39.388910][ T385] f2fs_is_valid_blkaddr+0x23/0x30 [ 39.388927][ T385] sanity_check_extent_cache+0x1c5/0x480 [ 39.388949][ T385] f2fs_iget+0x3312/0x4cb0 [ 39.388980][ T385] f2fs_lookup+0x366/0xab0 [ 39.388997][ T385] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.389012][ T385] ? __cfi_d_alloc_parallel+0x10/0x10 [ 39.389038][ T385] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.389061][ T385] path_openat+0xff3/0x2f50 [ 39.389085][ T385] ? do_filp_open+0x3c0/0x3c0 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7fced31529a0, 24) = 0 [pid 400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 39.389104][ T385] do_filp_open+0x1c1/0x3c0 [ 39.389121][ T385] ? __cfi_do_filp_open+0x10/0x10 [ 39.389142][ T385] ? alloc_fd+0x4e6/0x590 [ 39.389168][ T385] do_sys_openat2+0x185/0x7e0 [ 39.389189][ T385] ? _raw_spin_unlock_irq+0x4d/0x70 [ 39.389213][ T385] ? ptrace_notify+0x1d1/0x250 [ 39.389236][ T385] ? do_sys_open+0xe0/0xe0 [ 39.389256][ T385] ? __cfi_ptrace_notify+0x10/0x10 [ 39.389278][ T385] ? xfd_validate_state+0x70/0x150 [ 39.389303][ T385] __x64_sys_openat+0x136/0x160 [ 39.389325][ T385] x64_sys_call+0x783/0x9a0 [ 39.389346][ T385] do_syscall_64+0x4c/0xa0 [ 39.529990][ T400] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 39.534480][ T385] ? clear_bhb_loop+0x15/0x70 [ 39.534506][ T385] ? clear_bhb_loop+0x15/0x70 [ 39.534524][ T385] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.570626][ T385] RIP: 0033:0x7fced31b6b89 [ 39.575054][ T385] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 400] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 373] exit_group(0 [pid 374] <... futex resumed>) = ? [pid 373] <... exit_group resumed>) = ? [pid 374] +++ exited with 0 +++ [ 39.594663][ T385] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 39.603089][ T385] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 39.611159][ T385] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 39.619136][ T385] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 39.627289][ T385] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 39.635262][ T385] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 39.643238][ T385] [ 39.644497][ T376] F2FS-fs (loop3): Found nat_bits in checkpoint [ 39.652590][ T379] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 39.660314][ T380] CPU: 1 PID: 380 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 39.671963][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.682027][ T380] Call Trace: [ 39.685319][ T380] [ 39.688256][ T380] __dump_stack+0x21/0x24 [ 39.692596][ T380] dump_stack_lvl+0xee/0x150 [ 39.697201][ T380] ? __cfi_dump_stack_lvl+0x8/0x8 [ 39.702226][ T380] ? __kasan_check_write+0x14/0x20 [ 39.707343][ T380] dump_stack+0x15/0x24 [ 39.711501][ T380] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 39.717045][ T380] f2fs_is_valid_blkaddr+0x23/0x30 [ 39.722242][ T380] sanity_check_extent_cache+0x1c5/0x480 [ 39.727874][ T380] f2fs_iget+0x3312/0x4cb0 [ 39.732296][ T380] f2fs_lookup+0x366/0xab0 [ 39.736709][ T380] ? __cfi_f2fs_lookup+0x10/0x10 [ 39.741642][ T380] ? __cfi_d_alloc_parallel+0x10/0x10 [ 39.747041][ T380] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 39.752761][ T380] ? downgrade_write+0x350/0x350 [ 39.757703][ T380] __lookup_slow+0x2c7/0x3f0 [ 39.762305][ T380] ? lookup_one_len+0x2d0/0x2d0 [ 39.767156][ T380] ? down_read+0xa0/0xf0 [ 39.771397][ T380] lookup_slow+0x57/0x70 [ 39.775639][ T380] walk_component+0x2f4/0x420 [ 39.780338][ T380] path_lookupat+0x180/0x490 [ 39.785193][ T380] filename_lookup+0x1f0/0x500 [ 39.790000][ T380] ? __cfi_filename_lookup+0x10/0x10 [ 39.795340][ T380] ? strncpy_from_user+0x17a/0x2d0 [ 39.800463][ T380] user_path_at_empty+0x47/0x1c0 [ 39.805401][ T380] do_sys_truncate+0xa3/0x190 [ 39.810090][ T380] ? __cfi_do_sys_truncate+0x10/0x10 [ 39.815377][ T380] ? fpregs_restore_userregs+0x128/0x260 [ 39.821045][ T380] __x64_sys_truncate+0x5b/0x70 [ 39.825899][ T380] x64_sys_call+0x679/0x9a0 [ 39.830404][ T380] do_syscall_64+0x4c/0xa0 [ 39.834832][ T380] ? clear_bhb_loop+0x15/0x70 [ 39.839512][ T380] ? clear_bhb_loop+0x15/0x70 [ 39.844188][ T380] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.850086][ T380] RIP: 0033:0x7fced31b6b89 [ 39.854497][ T380] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 39.874100][ T380] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 39.882515][ T380] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 39.890486][ T380] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 39.898453][ T380] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 39.906426][ T380] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 39.914452][ T380] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 39.922462][ T380] [ 39.926004][ T400] CPU: 0 PID: 400 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 385] <... openat resumed>) = ? [pid 379] <... mount resumed>) = 0 [pid 385] +++ exited with 0 +++ [pid 379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 371] +++ exited with 0 +++ [pid 379] <... openat resumed>) = 3 [pid 379] chdir("./file0" [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=18, si_stime=47} --- [pid 379] <... chdir resumed>) = 0 [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 379] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] <... futex resumed>) = 0 [pid 379] truncate("./file3", 7326 [pid 378] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... restart_syscall resumed>) = 0 [pid 291] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 380] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 380] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 39.939655][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.943523][ T380] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 39.949766][ T400] Call Trace: [ 39.949774][ T400] [ 39.949780][ T400] __dump_stack+0x21/0x24 [ 39.949809][ T400] dump_stack_lvl+0xee/0x150 [ 39.963089][ T385] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 39.966003][ T400] ? __cfi_dump_stack_lvl+0x8/0x8 [pid 380] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 378] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[405]}, 88) = 405 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 405 attached [ 39.972587][ T379] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 39.973268][ T400] ? __kasan_check_write+0x14/0x20 [ 39.973303][ T400] dump_stack+0x15/0x24 [ 39.973328][ T400] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 40.017562][ T400] f2fs_is_valid_blkaddr+0x23/0x30 [ 40.022692][ T400] sanity_check_extent_cache+0x1c5/0x480 [ 40.028349][ T400] f2fs_iget+0x3312/0x4cb0 [ 40.032790][ T400] f2fs_lookup+0x366/0xab0 [ 40.037224][ T400] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.042167][ T400] ? __cfi_d_alloc_parallel+0x10/0x10 [ 40.047551][ T400] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.052678][ T400] path_openat+0xff3/0x2f50 [ 40.057183][ T400] ? do_filp_open+0x3c0/0x3c0 [ 40.061872][ T400] do_filp_open+0x1c1/0x3c0 [ 40.066380][ T400] ? __cfi_do_filp_open+0x10/0x10 [ 40.071406][ T400] ? alloc_fd+0x4e6/0x590 [ 40.075749][ T400] do_sys_openat2+0x185/0x7e0 [ 40.077616][ T399] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 40.080449][ T400] ? _raw_spin_unlock_irq+0x4d/0x70 [ 40.092322][ T400] ? ptrace_notify+0x1d1/0x250 [ 40.097104][ T400] ? do_sys_open+0xe0/0xe0 [ 40.101536][ T400] ? __cfi_ptrace_notify+0x10/0x10 [ 40.106661][ T400] ? xfd_validate_state+0x70/0x150 [ 40.111867][ T400] __x64_sys_openat+0x136/0x160 [ 40.116726][ T400] x64_sys_call+0x783/0x9a0 [ 40.121233][ T400] do_syscall_64+0x4c/0xa0 [ 40.125656][ T400] ? clear_bhb_loop+0x15/0x70 [ 40.130333][ T400] ? clear_bhb_loop+0x15/0x70 [ 40.135016][ T400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 40.140920][ T400] RIP: 0033:0x7fced31b6b89 [ 40.145356][ T400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 40.165490][ T400] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 40.173923][ T400] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 40.181913][ T400] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 40.189915][ T400] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [pid 405] set_robust_list(0x7fced31529a0, 24) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 378] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 378] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 378] exit_group(0) = ? [ 40.197904][ T400] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 40.205892][ T400] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 40.213877][ T400] [ 40.216901][ T399] CPU: 1 PID: 399 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 40.228552][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.235250][ T400] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 40.238634][ T399] Call Trace: [ 40.238642][ T399] [ 40.257785][ T399] __dump_stack+0x21/0x24 [ 40.262132][ T399] dump_stack_lvl+0xee/0x150 [ 40.266754][ T399] ? __cfi_dump_stack_lvl+0x8/0x8 [ 40.271783][ T399] ? __kasan_check_write+0x14/0x20 [ 40.276906][ T399] dump_stack+0x15/0x24 [ 40.281076][ T399] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 40.286626][ T399] f2fs_is_valid_blkaddr+0x23/0x30 [ 40.291734][ T399] sanity_check_extent_cache+0x1c5/0x480 [ 40.297456][ T399] f2fs_iget+0x3312/0x4cb0 [ 40.302167][ T399] f2fs_lookup+0x366/0xab0 [ 40.306608][ T399] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.311636][ T399] ? __cfi_d_alloc_parallel+0x10/0x10 [ 40.315037][ T376] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 40.317012][ T399] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.329402][ T399] path_openat+0xff3/0x2f50 [ 40.333934][ T399] ? do_filp_open+0x3c0/0x3c0 [ 40.338622][ T399] do_filp_open+0x1c1/0x3c0 [ 40.343155][ T399] ? __cfi_do_filp_open+0x10/0x10 [ 40.348305][ T399] ? alloc_fd+0x4e6/0x590 [ 40.352760][ T399] do_sys_openat2+0x185/0x7e0 [ 40.357464][ T399] ? _raw_spin_unlock_irq+0x4d/0x70 [ 40.362706][ T399] ? ptrace_notify+0x1d1/0x250 [ 40.367503][ T399] ? do_sys_open+0xe0/0xe0 [ 40.371933][ T399] ? __cfi_ptrace_notify+0x10/0x10 [ 40.377057][ T399] ? xfd_validate_state+0x70/0x150 [ 40.382451][ T399] __x64_sys_openat+0x136/0x160 [ 40.387405][ T399] x64_sys_call+0x783/0x9a0 [ 40.391918][ T399] do_syscall_64+0x4c/0xa0 [pid 400] <... openat resumed>) = ? [pid 376] <... mount resumed>) = 0 [pid 400] +++ exited with 0 +++ [pid 377] exit_group(0 [pid 373] +++ exited with 0 +++ [pid 377] <... exit_group resumed>) = ? [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=18, si_stime=48} --- [pid 292] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 376] chdir("./file0") = 0 [pid 376] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_CLR_FD) = 0 [pid 376] close(4) = 0 [pid 376] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] <... futex resumed>) = ? [pid 375] <... futex resumed>) = 0 [pid 380] +++ exited with 0 +++ [pid 375] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [pid 376] truncate("./file3", 7326 [ 40.396468][ T399] ? clear_bhb_loop+0x15/0x70 [ 40.401146][ T399] ? clear_bhb_loop+0x15/0x70 [ 40.405829][ T399] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 40.406973][ T376] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 40.411736][ T399] RIP: 0033:0x7fced31b6b89 [ 40.422839][ T399] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 375] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 40.442460][ T399] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 40.451246][ T399] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 40.459234][ T399] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 40.467299][ T399] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 40.475356][ T399] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 40.483363][ T399] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 40.491350][ T399] [ 40.495498][ T379] CPU: 1 PID: 379 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 40.507294][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.517362][ T379] Call Trace: [ 40.520647][ T379] [ 40.523576][ T379] __dump_stack+0x21/0x24 [ 40.527952][ T379] dump_stack_lvl+0xee/0x150 [ 40.532547][ T379] ? __cfi_dump_stack_lvl+0x8/0x8 [ 40.537613][ T379] ? __kasan_check_write+0x14/0x20 [ 40.542734][ T379] dump_stack+0x15/0x24 [ 40.546896][ T379] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 40.552716][ T379] f2fs_is_valid_blkaddr+0x23/0x30 [ 40.557822][ T379] sanity_check_extent_cache+0x1c5/0x480 [ 40.563468][ T379] f2fs_iget+0x3312/0x4cb0 [ 40.567896][ T379] f2fs_lookup+0x366/0xab0 [ 40.572313][ T379] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.577250][ T379] ? __cfi_d_alloc_parallel+0x10/0x10 [ 40.582623][ T379] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 40.588340][ T379] ? downgrade_write+0x350/0x350 [ 40.593562][ T379] __lookup_slow+0x2c7/0x3f0 [ 40.598160][ T379] ? lookup_one_len+0x2d0/0x2d0 [ 40.603015][ T379] ? down_read+0xa0/0xf0 [ 40.607258][ T379] lookup_slow+0x57/0x70 [ 40.611500][ T379] walk_component+0x2f4/0x420 [ 40.616179][ T379] path_lookupat+0x180/0x490 [ 40.620780][ T379] filename_lookup+0x1f0/0x500 [ 40.625547][ T379] ? __cfi_filename_lookup+0x10/0x10 [ 40.630846][ T379] ? strncpy_from_user+0x17a/0x2d0 [ 40.635967][ T379] user_path_at_empty+0x47/0x1c0 [ 40.640991][ T379] do_sys_truncate+0xa3/0x190 [ 40.645669][ T379] ? __cfi_do_sys_truncate+0x10/0x10 [ 40.650962][ T379] ? fpregs_restore_userregs+0x128/0x260 [ 40.656608][ T379] __x64_sys_truncate+0x5b/0x70 [ 40.661474][ T379] x64_sys_call+0x679/0x9a0 [ 40.665980][ T379] do_syscall_64+0x4c/0xa0 [ 40.670400][ T379] ? clear_bhb_loop+0x15/0x70 [ 40.675075][ T379] ? clear_bhb_loop+0x15/0x70 [ 40.679751][ T379] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 40.685648][ T379] RIP: 0033:0x7fced31b6b89 [ 40.690061][ T379] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 40.709665][ T379] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 40.718078][ T379] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 40.726051][ T379] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 40.734019][ T379] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 40.741998][ T379] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [pid 375] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [ 40.749973][ T379] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 40.757957][ T379] [ 40.761772][ T399] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 40.775182][ T376] CPU: 1 PID: 376 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 40.787175][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.797236][ T376] Call Trace: [ 40.800510][ T376] [ 40.803435][ T376] __dump_stack+0x21/0x24 [ 40.807769][ T376] dump_stack_lvl+0xee/0x150 [ 40.812449][ T376] ? __cfi_dump_stack_lvl+0x8/0x8 [ 40.817475][ T376] ? __kasan_check_write+0x14/0x20 [ 40.822606][ T376] dump_stack+0x15/0x24 [ 40.826760][ T376] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 40.832318][ T376] f2fs_is_valid_blkaddr+0x23/0x30 [ 40.837452][ T376] sanity_check_extent_cache+0x1c5/0x480 [ 40.843161][ T376] f2fs_iget+0x3312/0x4cb0 [ 40.847596][ T376] f2fs_lookup+0x366/0xab0 [ 40.852011][ T376] ? __cfi_f2fs_lookup+0x10/0x10 [ 40.856946][ T376] ? __cfi_d_alloc_parallel+0x10/0x10 [ 40.862496][ T376] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 40.868234][ T376] ? downgrade_write+0x350/0x350 [ 40.873174][ T376] __lookup_slow+0x2c7/0x3f0 [ 40.877770][ T376] ? lookup_one_len+0x2d0/0x2d0 [ 40.882623][ T376] ? down_read+0xa0/0xf0 [ 40.887125][ T376] lookup_slow+0x57/0x70 [ 40.891365][ T376] walk_component+0x2f4/0x420 [ 40.896041][ T376] path_lookupat+0x180/0x490 [ 40.900637][ T376] filename_lookup+0x1f0/0x500 [ 40.905405][ T376] ? __cfi_filename_lookup+0x10/0x10 [ 40.910779][ T376] ? strncpy_from_user+0x17a/0x2d0 [ 40.915898][ T376] user_path_at_empty+0x47/0x1c0 [ 40.920833][ T376] do_sys_truncate+0xa3/0x190 [ 40.925514][ T376] ? __cfi_do_sys_truncate+0x10/0x10 [ 40.930799][ T376] ? fpregs_restore_userregs+0x128/0x260 [ 40.936442][ T376] __x64_sys_truncate+0x5b/0x70 [ 40.941304][ T376] x64_sys_call+0x679/0x9a0 [ 40.945810][ T376] do_syscall_64+0x4c/0xa0 [ 40.950314][ T376] ? clear_bhb_loop+0x15/0x70 [ 40.954996][ T376] ? clear_bhb_loop+0x15/0x70 [ 40.959760][ T376] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 40.965679][ T376] RIP: 0033:0x7fced31b6b89 [ 40.970379][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 40.990022][ T376] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 375] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[406]}, 88) = 406 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7fced31529a0, 24) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 399] <... openat resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=20, si_stime=68} --- [pid 293] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 40.998449][ T376] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 41.006421][ T376] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 41.014391][ T376] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 41.022362][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 41.030331][ T376] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 41.038391][ T376] [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 379] <... truncate resumed>) = ? [pid 379] +++ exited with 0 +++ [ 41.067675][ T379] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 41.080986][ T376] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 41.095316][ T405] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 41.102561][ T405] CPU: 1 PID: 405 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 41.114216][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.124383][ T405] Call Trace: [ 41.127681][ T405] [ 41.130626][ T405] __dump_stack+0x21/0x24 [ 41.135067][ T405] dump_stack_lvl+0xee/0x150 [ 41.139685][ T405] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.144727][ T405] ? mutex_unlock+0x89/0x220 [ 41.149342][ T405] ? __kasan_check_write+0x14/0x20 [ 41.154493][ T405] dump_stack+0x15/0x24 [ 41.158712][ T405] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 41.164279][ T405] f2fs_is_valid_blkaddr+0x23/0x30 [ 41.169405][ T405] sanity_check_extent_cache+0x1c5/0x480 [ 41.175055][ T405] f2fs_iget+0x3312/0x4cb0 [ 41.179513][ T405] f2fs_lookup+0x366/0xab0 [ 41.183938][ T405] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.188900][ T405] ? __cfi_d_alloc_parallel+0x10/0x10 [ 41.194300][ T405] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.199251][ T405] path_openat+0xff3/0x2f50 [ 41.203785][ T405] ? do_filp_open+0x3c0/0x3c0 [ 41.208487][ T405] do_filp_open+0x1c1/0x3c0 [ 41.213015][ T405] ? __cfi_do_filp_open+0x10/0x10 [ 41.218058][ T405] ? alloc_fd+0x4e6/0x590 [ 41.222410][ T405] do_sys_openat2+0x185/0x7e0 [ 41.227799][ T405] ? _raw_spin_unlock_irq+0x4d/0x70 [ 41.233018][ T405] ? ptrace_notify+0x1d1/0x250 [ 41.237803][ T405] ? do_sys_open+0xe0/0xe0 [ 41.242236][ T405] ? __cfi_ptrace_notify+0x10/0x10 [ 41.247364][ T405] ? xfd_validate_state+0x70/0x150 [ 41.252495][ T405] __x64_sys_openat+0x136/0x160 [ 41.257377][ T405] x64_sys_call+0x783/0x9a0 [ 41.261900][ T405] do_syscall_64+0x4c/0xa0 [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./2/file0") = 0 [pid 291] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./2/binderfs") = 0 [pid 291] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./2") = 0 [pid 291] mkdir("./3", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 407 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./2/file0") = 0 [pid 292] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] unlink("./2/binderfs") = 0 [pid 292] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 292] close(3) = 0 [pid 292] rmdir("./2") = 0 [pid 292] mkdir("./3", 0777) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [ 41.266333][ T405] ? clear_bhb_loop+0x15/0x70 [ 41.271033][ T405] ? clear_bhb_loop+0x15/0x70 [ 41.275732][ T405] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.281659][ T405] RIP: 0033:0x7fced31b6b89 [ 41.286104][ T405] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.305744][ T405] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55558013f6a0, 24) = 0 [pid 408] chdir("./3") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18executing program ) = 18 [pid 408] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 408] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[409]}, 88) = 409 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x7fced31739a0, 24) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 376] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [ 41.314193][ T405] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 41.322200][ T405] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 41.330199][ T405] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 41.338200][ T405] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 41.346199][ T405] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 41.354191][ T405] [pid 376] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x55558013f6a0, 24 [pid 376] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... set_robust_list resumed>) = 0 [pid 407] chdir("./3" [pid 405] <... openat resumed>) = ? [pid 407] <... chdir resumed>) = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 407] write(1, "executing program\n", 18 [pid 405] +++ exited with 0 +++ [pid 378] +++ exited with 0 +++ [pid 407] <... write resumed>) = 18 [pid 407] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=15, si_stime=71} --- [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 407] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[410]}, 88) = 410 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 410 attached [pid 295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 410] set_robust_list(0x7fced31739a0, 24) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 410] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... getdents64 resumed>0x555580140730 /* 4 entries */, 32768) = 112 [pid 410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [ 41.359656][ T405] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 41.359721][ T406] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 41.427345][ T406] CPU: 0 PID: 406 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 41.439025][ T406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.449095][ T406] Call Trace: [ 41.452383][ T406] [ 41.455321][ T406] __dump_stack+0x21/0x24 [ 41.459672][ T406] dump_stack_lvl+0xee/0x150 [ 41.464272][ T406] ? __cfi_dump_stack_lvl+0x8/0x8 [ 41.469317][ T406] ? __kasan_check_write+0x14/0x20 [ 41.474468][ T406] dump_stack+0x15/0x24 [ 41.478656][ T406] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 41.484231][ T406] f2fs_is_valid_blkaddr+0x23/0x30 [ 41.489356][ T406] sanity_check_extent_cache+0x1c5/0x480 [ 41.495355][ T406] f2fs_iget+0x3312/0x4cb0 [ 41.499799][ T406] f2fs_lookup+0x366/0xab0 [ 41.504231][ T406] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.509182][ T406] ? __cfi_d_alloc_parallel+0x10/0x10 [ 41.514662][ T406] ? __cfi_f2fs_lookup+0x10/0x10 [ 41.519607][ T406] path_openat+0xff3/0x2f50 [ 41.524130][ T406] ? do_filp_open+0x3c0/0x3c0 [ 41.528817][ T406] do_filp_open+0x1c1/0x3c0 [ 41.533505][ T406] ? __cfi_do_filp_open+0x10/0x10 [ 41.538552][ T406] ? alloc_fd+0x4e6/0x590 [ 41.542901][ T406] do_sys_openat2+0x185/0x7e0 [ 41.547591][ T406] ? _raw_spin_unlock_irq+0x4d/0x70 [ 41.552808][ T406] ? ptrace_notify+0x1d1/0x250 [ 41.557606][ T406] ? do_sys_open+0xe0/0xe0 [ 41.562054][ T406] ? __cfi_ptrace_notify+0x10/0x10 [ 41.567289][ T406] ? xfd_validate_state+0x70/0x150 [ 41.572421][ T406] __x64_sys_openat+0x136/0x160 [ 41.577284][ T406] x64_sys_call+0x783/0x9a0 [ 41.581797][ T406] do_syscall_64+0x4c/0xa0 [ 41.586229][ T406] ? clear_bhb_loop+0x15/0x70 [ 41.590926][ T406] ? clear_bhb_loop+0x15/0x70 [ 41.595617][ T406] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.601536][ T406] RIP: 0033:0x7fced31b6b89 [ 41.605967][ T406] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.625589][ T406] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 41.634111][ T406] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 41.642092][ T406] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 41.650072][ T406] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 41.658056][ T406] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 41.666047][ T406] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 41.674114][ T406] [pid 375] exit_group(0 [pid 376] <... futex resumed>) = ? [pid 375] <... exit_group resumed>) = ? [pid 376] +++ exited with 0 +++ [pid 293] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 293] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 293] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 293] close(4) = 0 [pid 293] rmdir("./2/file0") = 0 [pid 293] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] unlink("./2/binderfs") = 0 [pid 293] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 293] close(3) = 0 [pid 293] rmdir("./2") = 0 [pid 293] mkdir("./3", 0777) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 293] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 411 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./2/file0") = 0 [pid 295] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./2/binderfs") = 0 [pid 295] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./2") = 0 [pid 295] mkdir("./3", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x55558013f6a0, 24) = 0 [pid 411] chdir("./3") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] <... clone resumed>, child_tidptr=0x55558013f690) = 412 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] write(1, "executing program\n", 18executing program ) = 18 [pid 411] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 411] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[413]}, 88) = 413 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x55558013f6a0, 24) = 0 [pid 412] chdir("./3") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 412] write(1, "executing program\n", 18executing program ) = 18 [pid 412] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 412] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[414]}, 88) = 414 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7fced31739a0, 24) = 0 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7fced31739a0, 24) = 0 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] memfd_create("syzkaller", 0) = 3 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 406] <... openat resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 375] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=20, si_stime=36} --- [ 42.058079][ T406] F2FS-fs (loop3): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 409] <... write resumed>) = 67108864 [pid 409] munmap(0x7fcecad53000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 409] close(3) = 0 [pid 409] close(4) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop1", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 294] <... umount2 resumed>) = 0 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 294] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [pid 294] rmdir("./2/file0") = 0 [pid 294] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 294] unlink("./2/binderfs") = 0 [pid 294] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 294] close(3) = 0 [pid 294] rmdir("./2") = 0 [pid 294] mkdir("./3", 0777) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 294] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 294] close(3) = 0 [ 42.475576][ T409] loop1: detected capacity change from 0 to 131072 [ 42.509135][ T409] F2FS-fs (loop1): invalid crc value [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 417 ./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x55558013f6a0, 24) = 0 [pid 417] chdir("./3") = 0 [pid 417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 417] setpgid(0, 0) = 0 [pid 417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 417] write(3, "1000", 4) = 4 [pid 417] close(3) = 0 [pid 417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 417] write(1, "executing program\n", 18executing program ) = 18 [pid 417] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 417] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[419]}, 88) = 419 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7fced31739a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 410] <... write resumed>) = 67108864 [pid 410] munmap(0x7fcecad53000, 138412032) = 0 [ 42.540069][ T409] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 410] close(3) = 0 [pid 410] close(4 [pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 410] <... close resumed>) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 409] <... mount resumed>) = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 409] chdir("./file0") = 0 [ 42.603874][ T410] loop0: detected capacity change from 0 to 131072 [ 42.633265][ T410] F2FS-fs (loop0): invalid crc value [ 42.642916][ T409] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [pid 409] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_CLR_FD) = 0 [pid 409] close(4) = 0 [pid 409] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] truncate("./file3", 7326 [pid 408] <... futex resumed>) = 0 [ 42.667489][ T410] F2FS-fs (loop0): Found nat_bits in checkpoint [ 42.686207][ T409] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 42.692964][ T409] CPU: 1 PID: 409 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 42.704612][ T409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 42.714688][ T409] Call Trace: [ 42.717994][ T409] [ 42.720928][ T409] __dump_stack+0x21/0x24 [ 42.725268][ T409] dump_stack_lvl+0xee/0x150 [ 42.729857][ T409] ? __cfi_dump_stack_lvl+0x8/0x8 [ 42.735059][ T409] ? __kasan_check_write+0x14/0x20 [ 42.740181][ T409] dump_stack+0x15/0x24 [ 42.744348][ T409] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 42.750155][ T409] f2fs_is_valid_blkaddr+0x23/0x30 [ 42.755267][ T409] sanity_check_extent_cache+0x1c5/0x480 [ 42.760904][ T409] f2fs_iget+0x3312/0x4cb0 [ 42.765331][ T409] f2fs_lookup+0x366/0xab0 [ 42.770005][ T409] ? __cfi_f2fs_lookup+0x10/0x10 [ 42.774964][ T409] ? __cfi_d_alloc_parallel+0x10/0x10 [ 42.780476][ T409] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 42.786296][ T409] ? downgrade_write+0x350/0x350 [ 42.791250][ T409] __lookup_slow+0x2c7/0x3f0 [ 42.795934][ T409] ? lookup_one_len+0x2d0/0x2d0 [ 42.800877][ T409] ? down_read+0xa0/0xf0 [ 42.805118][ T409] lookup_slow+0x57/0x70 [ 42.809362][ T409] walk_component+0x2f4/0x420 [ 42.814039][ T409] path_lookupat+0x180/0x490 [ 42.818637][ T409] filename_lookup+0x1f0/0x500 [ 42.823407][ T409] ? __cfi_filename_lookup+0x10/0x10 [ 42.828695][ T409] ? strncpy_from_user+0x17a/0x2d0 [ 42.833811][ T409] user_path_at_empty+0x47/0x1c0 [ 42.838743][ T409] do_sys_truncate+0xa3/0x190 [ 42.843433][ T409] ? __cfi_do_sys_truncate+0x10/0x10 [ 42.848812][ T409] ? fpregs_restore_userregs+0x128/0x260 [ 42.854450][ T409] __x64_sys_truncate+0x5b/0x70 [ 42.859305][ T409] x64_sys_call+0x679/0x9a0 [ 42.863810][ T409] do_syscall_64+0x4c/0xa0 [ 42.868238][ T409] ? clear_bhb_loop+0x15/0x70 [ 42.872923][ T409] ? clear_bhb_loop+0x15/0x70 [ 42.877599][ T409] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 42.883495][ T409] RIP: 0033:0x7fced31b6b89 [ 42.887908][ T409] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.907526][ T409] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [pid 408] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 408] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 408] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[424]}, 88) = 424 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7fced31529a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 42.915941][ T409] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 42.923930][ T409] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 42.931902][ T409] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 42.939870][ T409] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 42.947838][ T409] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 42.955810][ T409] [pid 424] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 410] <... mount resumed>) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_CLR_FD) = 0 [pid 410] close(4) = 0 [pid 410] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 410] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 410] truncate("./file3", 7326 [pid 407] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 408] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 42.972961][ T410] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 43.007729][ T410] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 43.020356][ T410] CPU: 0 PID: 410 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 43.032029][ T410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.042119][ T410] Call Trace: [ 43.045426][ T410] [ 43.048370][ T410] __dump_stack+0x21/0x24 [ 43.052737][ T410] dump_stack_lvl+0xee/0x150 [ 43.057356][ T410] ? __cfi_dump_stack_lvl+0x8/0x8 [ 43.062411][ T410] ? kmem_cache_alloc+0x256/0x330 [ 43.067458][ T410] ? __kasan_check_write+0x14/0x20 [pid 407] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 407] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 407] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[426]}, 88) = 426 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.072615][ T410] dump_stack+0x15/0x24 [ 43.076803][ T410] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 43.082725][ T410] f2fs_is_valid_blkaddr+0x23/0x30 [ 43.087962][ T410] sanity_check_extent_cache+0x1c5/0x480 [ 43.094107][ T410] f2fs_iget+0x3312/0x4cb0 [ 43.098597][ T410] f2fs_lookup+0x366/0xab0 [ 43.103397][ T410] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.108375][ T410] ? irqentry_exit+0x37/0x40 [ 43.113091][ T410] ? common_interrupt+0x70/0xe0 [ 43.118065][ T410] ? __cfi_f2fs_lookup+0x10/0x10 [pid 407] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 43.123121][ T410] __lookup_slow+0x2c7/0x3f0 [ 43.127750][ T410] ? lookup_one_len+0x2d0/0x2d0 [ 43.132738][ T410] ? down_read+0xa0/0xf0 [ 43.137072][ T410] lookup_slow+0x57/0x70 [ 43.141360][ T410] walk_component+0x2f4/0x420 [ 43.146066][ T410] path_lookupat+0x180/0x490 [ 43.150690][ T410] filename_lookup+0x1f0/0x500 [ 43.155571][ T410] ? __cfi_filename_lookup+0x10/0x10 [ 43.160893][ T410] ? strncpy_from_user+0x17a/0x2d0 [ 43.166042][ T410] user_path_at_empty+0x47/0x1c0 [pid 408] exit_group(0) = ? [ 43.171014][ T410] do_sys_truncate+0xa3/0x190 [ 43.175742][ T410] ? __cfi_do_sys_truncate+0x10/0x10 [ 43.181086][ T410] ? fpregs_restore_userregs+0x128/0x260 [ 43.186792][ T410] __x64_sys_truncate+0x5b/0x70 [ 43.191672][ T410] x64_sys_call+0x679/0x9a0 [ 43.196209][ T410] do_syscall_64+0x4c/0xa0 [ 43.200672][ T410] ? clear_bhb_loop+0x15/0x70 [ 43.205386][ T410] ? clear_bhb_loop+0x15/0x70 [ 43.210101][ T410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 43.216033][ T410] RIP: 0033:0x7fced31b6b89 [ 43.220603][ T410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.240403][ T410] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 43.248852][ T410] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 43.256852][ T410] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 43.264938][ T410] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [pid 407] exit_group(0) = ? [pid 413] <... write resumed>) = 67108864 [pid 413] munmap(0x7fcecad53000, 138412032./strace-static-x86_64: Process 426 attached [pid 426] +++ exited with 0 +++ [pid 413] <... munmap resumed>) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 43.272970][ T410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 43.281240][ T410] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 43.289243][ T410] [pid 413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 413] close(3) = 0 [pid 413] close(4) = 0 [pid 413] mkdir("./file0", 0777) = 0 [ 43.315070][ T413] loop2: detected capacity change from 0 to 131072 [ 43.325872][ T413] F2FS-fs (loop2): invalid crc value [pid 413] mount("/dev/loop2", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 414] <... write resumed>) = 67108864 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 414] munmap(0x7fcecad53000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 43.371324][ T413] F2FS-fs (loop2): Found nat_bits in checkpoint [ 43.401084][ T410] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [pid 414] ioctl(4, LOOP_SET_FD, 3 [pid 410] <... truncate resumed>) = ? [pid 410] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ [pid 291] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=18, si_stime=32} --- [pid 291] restart_syscall(<... resuming interrupted clone ...> [pid 414] <... ioctl resumed>) = 0 [pid 414] close(3) = 0 [pid 414] close(4 [pid 291] <... restart_syscall resumed>) = 0 [pid 414] <... close resumed>) = 0 [pid 414] mkdir("./file0", 0777 [pid 291] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 291] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 43.418873][ T414] loop4: detected capacity change from 0 to 131072 [pid 291] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 414] <... mkdir resumed>) = 0 [pid 414] mount("/dev/loop4", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 413] <... mount resumed>) = 0 [pid 413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 413] chdir("./file0") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 413] ioctl(4, LOOP_CLR_FD) = 0 [pid 413] close(4) = 0 [pid 413] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 413] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 411] <... futex resumed>) = 1 [pid 413] truncate("./file3", 7326 [ 43.445019][ T413] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 43.454402][ T414] F2FS-fs (loop4): invalid crc value [ 43.475998][ T413] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 43.482738][ T413] CPU: 1 PID: 413 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 43.494406][ T413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.504493][ T413] Call Trace: [ 43.507801][ T413] [ 43.510743][ T413] __dump_stack+0x21/0x24 [ 43.515114][ T413] dump_stack_lvl+0xee/0x150 [ 43.520159][ T413] ? __cfi_dump_stack_lvl+0x8/0x8 [ 43.525224][ T413] ? __kasan_check_write+0x14/0x20 [ 43.530368][ T413] dump_stack+0x15/0x24 [ 43.530602][ T409] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 43.534552][ T413] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 43.553113][ T413] f2fs_is_valid_blkaddr+0x23/0x30 [ 43.558280][ T413] sanity_check_extent_cache+0x1c5/0x480 [ 43.563936][ T413] f2fs_iget+0x3312/0x4cb0 [ 43.568397][ T413] f2fs_lookup+0x366/0xab0 [ 43.572838][ T413] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.577801][ T413] ? __cfi_d_alloc_parallel+0x10/0x10 [ 43.583205][ T413] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 43.588944][ T413] ? downgrade_write+0x350/0x350 [ 43.593910][ T413] __lookup_slow+0x2c7/0x3f0 [ 43.598528][ T413] ? lookup_one_len+0x2d0/0x2d0 [ 43.603422][ T413] ? down_read+0xa0/0xf0 [ 43.607689][ T413] lookup_slow+0x57/0x70 [ 43.611953][ T413] walk_component+0x2f4/0x420 [ 43.616650][ T413] path_lookupat+0x180/0x490 [ 43.618017][ T424] F2FS-fs (loop1): access invalid blkaddr:2147563524 [ 43.621269][ T413] filename_lookup+0x1f0/0x500 [ 43.632698][ T413] ? __cfi_filename_lookup+0x10/0x10 [ 43.638023][ T413] ? strncpy_from_user+0x17a/0x2d0 [ 43.643168][ T413] user_path_at_empty+0x47/0x1c0 [ 43.648124][ T413] do_sys_truncate+0xa3/0x190 [ 43.652814][ T413] ? __cfi_do_sys_truncate+0x10/0x10 [ 43.658113][ T413] ? fpregs_restore_userregs+0x128/0x260 [ 43.663755][ T413] __x64_sys_truncate+0x5b/0x70 [ 43.668648][ T413] x64_sys_call+0x679/0x9a0 [ 43.673177][ T413] do_syscall_64+0x4c/0xa0 [ 43.677631][ T413] ? clear_bhb_loop+0x15/0x70 [ 43.682326][ T413] ? clear_bhb_loop+0x15/0x70 [ 43.687026][ T413] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [pid 411] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 409] <... truncate resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 291] <... umount2 resumed>) = 0 [pid 291] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 291] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 291] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 291] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 291] close(4) = 0 [pid 291] rmdir("./3/file0") = 0 [pid 291] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 291] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 291] unlink("./3/binderfs") = 0 [pid 291] getdents64(3, 0x555580140730 /* 0 entries */, 32768) = 0 [pid 291] close(3) = 0 [pid 291] rmdir("./3") = 0 [pid 291] mkdir("./4", 0777) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 291] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 291] close(3) = 0 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x55558013f6a0, 24) = 0 [pid 434] chdir("./4") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18) = 18 [pid 434] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 434] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[435]}, 88) = 435 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 43.692932][ T413] RIP: 0033:0x7fced31b6b89 [ 43.697351][ T413] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.716964][ T413] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 43.725397][ T413] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 43.733409][ T413] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 43.741573][ T413] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 43.749564][ T413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 43.757641][ T413] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 43.765630][ T413] [ 43.768920][ T424] CPU: 0 PID: 424 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 43.769777][ T413] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 43.780579][ T424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 43.780592][ T424] Call Trace: [ 43.780598][ T424] [ 43.780603][ T424] __dump_stack+0x21/0x24 [ 43.780632][ T424] dump_stack_lvl+0xee/0x150 [ 43.780656][ T424] ? __cfi_dump_stack_lvl+0x8/0x8 [ 43.780681][ T424] ? __kasan_check_write+0x14/0x20 [ 43.828972][ T424] dump_stack+0x15/0x24 [ 43.833170][ T424] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 43.838749][ T424] f2fs_is_valid_blkaddr+0x23/0x30 [ 43.843894][ T424] sanity_check_extent_cache+0x1c5/0x480 [ 43.849822][ T424] f2fs_iget+0x3312/0x4cb0 [ 43.854287][ T424] f2fs_lookup+0x366/0xab0 [ 43.858728][ T424] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.863699][ T424] ? __cfi_d_alloc_parallel+0x10/0x10 [ 43.869114][ T424] ? __cfi_f2fs_lookup+0x10/0x10 [ 43.874077][ T424] path_openat+0xff3/0x2f50 [ 43.878616][ T424] ? do_filp_open+0x3c0/0x3c0 [ 43.883330][ T424] do_filp_open+0x1c1/0x3c0 [ 43.888034][ T424] ? __cfi_do_filp_open+0x10/0x10 [pid 434] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 435 attached [pid 419] <... write resumed>) = 67108864 [pid 411] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 435] set_robust_list(0x7fced31739a0, 24 [pid 411] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... set_robust_list resumed>) = 0 [pid 411] <... futex resumed>) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 411] <... mmap resumed>) = 0x7fced3132000 [pid 435] memfd_create("syzkaller", 0 [pid 411] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE [pid 435] <... memfd_create resumed>) = 3 [pid 411] <... mprotect resumed>) = 0 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [pid 435] <... mmap resumed>) = 0x7fcecad53000 [pid 411] <... rt_sigprocmask resumed>[], 8) = 0 [pid 413] <... truncate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} [pid 413] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] <... clone3 resumed> => {parent_tid=[436]}, 88) = 436 [pid 413] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] munmap(0x7fcecad53000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 43.893092][ T424] ? alloc_fd+0x4e6/0x590 [ 43.897462][ T424] do_sys_openat2+0x185/0x7e0 [ 43.902203][ T424] ? _raw_spin_unlock_irq+0x4d/0x70 [ 43.906242][ T414] F2FS-fs (loop4): Found nat_bits in checkpoint [ 43.907423][ T424] ? ptrace_notify+0x1d1/0x250 [ 43.918425][ T424] ? do_sys_open+0xe0/0xe0 [ 43.922869][ T424] ? __cfi_ptrace_notify+0x10/0x10 [ 43.928004][ T424] ? xfd_validate_state+0x70/0x150 [ 43.933138][ T424] __x64_sys_openat+0x136/0x160 [ 43.936813][ T419] loop3: detected capacity change from 0 to 131072 [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [ 43.938007][ T424] x64_sys_call+0x783/0x9a0 [ 43.949019][ T424] do_syscall_64+0x4c/0xa0 [ 43.953466][ T424] ? clear_bhb_loop+0x15/0x70 [ 43.958159][ T424] ? clear_bhb_loop+0x15/0x70 [ 43.962847][ T424] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 43.968780][ T424] RIP: 0033:0x7fced31b6b89 [ 43.973197][ T424] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 411] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./file0", 0777) = 0 [pid 419] mount("/dev/loop3", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, ""./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7fced31529a0, 24) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 43.993667][ T424] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.002079][ T424] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 44.010051][ T424] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 44.018204][ T424] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 44.026179][ T424] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 44.034329][ T424] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.042301][ T424] [pid 436] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 414] <... mount resumed>) = 0 [pid 424] <... openat resumed>) = ? [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 424] +++ exited with 0 +++ [pid 414] <... openat resumed>) = 3 [pid 408] +++ exited with 0 +++ [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=23, si_stime=39} --- [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 414] close(4) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 414] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 412] <... futex resumed>) = 1 [pid 292] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 414] truncate("./file3", 7326 [pid 412] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [ 44.057688][ T414] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 44.057932][ T436] F2FS-fs (loop2): access invalid blkaddr:2147563524 [ 44.071857][ T424] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 44.076458][ T419] F2FS-fs (loop3): invalid crc value [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 412] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 412] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[440]}, 88) = 440 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.106848][ T414] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 44.123675][ T414] CPU: 1 PID: 414 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 44.135528][ T414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.145775][ T414] Call Trace: [ 44.149070][ T414] [ 44.152003][ T414] __dump_stack+0x21/0x24 [pid 412] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7fced31529a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 44.156437][ T414] dump_stack_lvl+0xee/0x150 [ 44.161038][ T414] ? __cfi_dump_stack_lvl+0x8/0x8 [ 44.166085][ T414] ? __kasan_check_write+0x14/0x20 [ 44.171224][ T414] dump_stack+0x15/0x24 [ 44.175413][ T414] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 44.180987][ T414] f2fs_is_valid_blkaddr+0x23/0x30 [ 44.186108][ T414] sanity_check_extent_cache+0x1c5/0x480 [ 44.191749][ T414] f2fs_iget+0x3312/0x4cb0 [ 44.196202][ T414] f2fs_lookup+0x366/0xab0 [ 44.200626][ T414] ? __cfi_f2fs_lookup+0x10/0x10 [pid 440] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 412] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 44.205567][ T414] ? __cfi_d_alloc_parallel+0x10/0x10 [ 44.210949][ T414] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 44.216688][ T414] ? downgrade_write+0x350/0x350 [ 44.221662][ T414] __lookup_slow+0x2c7/0x3f0 [ 44.226286][ T414] ? lookup_one_len+0x2d0/0x2d0 [ 44.231170][ T414] ? down_read+0xa0/0xf0 [ 44.235442][ T414] lookup_slow+0x57/0x70 [ 44.239758][ T414] walk_component+0x2f4/0x420 [ 44.244561][ T414] path_lookupat+0x180/0x490 [ 44.249182][ T414] filename_lookup+0x1f0/0x500 [pid 411] exit_group(0) = ? [ 44.253971][ T414] ? __cfi_filename_lookup+0x10/0x10 [ 44.259278][ T414] ? strncpy_from_user+0x17a/0x2d0 [ 44.264408][ T414] user_path_at_empty+0x47/0x1c0 [ 44.269365][ T414] do_sys_truncate+0xa3/0x190 [ 44.274077][ T414] ? __cfi_do_sys_truncate+0x10/0x10 [ 44.279378][ T414] ? fpregs_restore_userregs+0x128/0x260 [ 44.285024][ T414] __x64_sys_truncate+0x5b/0x70 [ 44.289885][ T414] x64_sys_call+0x679/0x9a0 [ 44.294391][ T414] do_syscall_64+0x4c/0xa0 [ 44.298818][ T414] ? clear_bhb_loop+0x15/0x70 [ 44.303520][ T414] ? clear_bhb_loop+0x15/0x70 [pid 412] exit_group(0) = ? [pid 413] <... futex resumed>) = ? [pid 413] +++ exited with 0 +++ [ 44.308217][ T414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 44.314127][ T414] RIP: 0033:0x7fced31b6b89 [ 44.318561][ T414] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.338182][ T414] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 44.346617][ T414] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 44.354619][ T414] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 44.362615][ T414] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [ 44.370596][ T414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000080 [ 44.378584][ T414] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.386568][ T414] [ 44.389601][ T436] CPU: 0 PID: 436 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 44.401254][ T436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.411322][ T436] Call Trace: [ 44.414613][ T436] [ 44.417578][ T436] __dump_stack+0x21/0x24 [ 44.421936][ T436] dump_stack_lvl+0xee/0x150 [ 44.426559][ T436] ? __cfi_dump_stack_lvl+0x8/0x8 [ 44.431605][ T436] ? __kasan_check_write+0x14/0x20 [ 44.436739][ T436] dump_stack+0x15/0x24 [ 44.440916][ T436] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 44.446483][ T436] f2fs_is_valid_blkaddr+0x23/0x30 [ 44.451601][ T436] sanity_check_extent_cache+0x1c5/0x480 [ 44.457251][ T436] f2fs_iget+0x3312/0x4cb0 [ 44.461688][ T436] f2fs_lookup+0x366/0xab0 [ 44.466118][ T436] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.471237][ T436] ? __cfi_d_alloc_parallel+0x10/0x10 [ 44.476637][ T436] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.481583][ T436] path_openat+0xff3/0x2f50 [ 44.486104][ T436] ? do_filp_open+0x3c0/0x3c0 [ 44.490796][ T436] do_filp_open+0x1c1/0x3c0 [ 44.495314][ T436] ? __cfi_do_filp_open+0x10/0x10 [ 44.500435][ T436] ? alloc_fd+0x4e6/0x590 [ 44.504786][ T436] do_sys_openat2+0x185/0x7e0 [ 44.509474][ T436] ? _raw_spin_unlock_irq+0x4d/0x70 [ 44.514696][ T436] ? ptrace_notify+0x1d1/0x250 [ 44.519474][ T436] ? do_sys_open+0xe0/0xe0 [ 44.523899][ T436] ? __cfi_ptrace_notify+0x10/0x10 [ 44.529020][ T436] ? xfd_validate_state+0x70/0x150 [ 44.534159][ T436] __x64_sys_openat+0x136/0x160 [ 44.539023][ T436] x64_sys_call+0x783/0x9a0 [ 44.543545][ T436] do_syscall_64+0x4c/0xa0 [ 44.547990][ T436] ? clear_bhb_loop+0x15/0x70 [ 44.552685][ T436] ? clear_bhb_loop+0x15/0x70 [ 44.557379][ T436] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 44.563294][ T436] RIP: 0033:0x7fced31b6b89 [ 44.567723][ T436] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.587439][ T436] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.595957][ T436] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 44.603931][ T436] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 44.611910][ T436] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 44.619970][ T436] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 44.627945][ T436] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.635918][ T436] [ 44.647408][ T419] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864 [pid 292] <... umount2 resumed>) = 0 [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 436] <... openat resumed>) = ? [pid 292] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 292] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 292] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(4, 0x555580148770 /* 2 entries */, 32768) = 48 [pid 292] getdents64(4, 0x555580148770 /* 0 entries */, 32768) = 0 [pid 292] close(4) = 0 [pid 292] rmdir("./3/file0") = 0 [pid 292] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 436] +++ exited with 0 +++ [pid 411] +++ exited with 0 +++ [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=24, si_stime=49} --- [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 293] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 293] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 293] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 293] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 293] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] unlink("./3/binderfs") = 0 [pid 414] <... truncate resumed>) = ? [pid 292] getdents64(3, [pid 414] +++ exited with 0 +++ [pid 292] <... getdents64 resumed>0x555580140730 /* 0 entries */, 32768) = 0 [ 44.667455][ T436] F2FS-fs (loop2): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 44.688874][ T414] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 44.704108][ T440] F2FS-fs (loop4): access invalid blkaddr:2147563524 [ 44.711660][ T440] CPU: 0 PID: 440 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 44.723401][ T440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 44.733637][ T440] Call Trace: [ 44.736925][ T440] [ 44.739853][ T440] __dump_stack+0x21/0x24 [ 44.744198][ T440] dump_stack_lvl+0xee/0x150 [ 44.748791][ T440] ? __cfi_dump_stack_lvl+0x8/0x8 [ 44.753912][ T440] ? __kasan_check_write+0x14/0x20 [ 44.759032][ T440] dump_stack+0x15/0x24 [ 44.763192][ T440] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 44.768745][ T440] f2fs_is_valid_blkaddr+0x23/0x30 [ 44.773856][ T440] sanity_check_extent_cache+0x1c5/0x480 [ 44.779486][ T440] f2fs_iget+0x3312/0x4cb0 [ 44.783909][ T440] f2fs_lookup+0x366/0xab0 [ 44.788325][ T440] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.793268][ T440] ? __cfi_d_alloc_parallel+0x10/0x10 [ 44.798822][ T440] ? __cfi_f2fs_lookup+0x10/0x10 [ 44.803844][ T440] path_openat+0xff3/0x2f50 [ 44.808349][ T440] ? do_filp_open+0x3c0/0x3c0 [ 44.813023][ T440] do_filp_open+0x1c1/0x3c0 [ 44.817523][ T440] ? __cfi_do_filp_open+0x10/0x10 [ 44.822554][ T440] ? alloc_fd+0x4e6/0x590 [ 44.826888][ T440] do_sys_openat2+0x185/0x7e0 [ 44.831566][ T440] ? _raw_spin_unlock_irq+0x4d/0x70 [ 44.836766][ T440] ? ptrace_notify+0x1d1/0x250 [ 44.841536][ T440] ? do_sys_open+0xe0/0xe0 [ 44.845961][ T440] ? __cfi_ptrace_notify+0x10/0x10 [ 44.851072][ T440] ? xfd_validate_state+0x70/0x150 [ 44.856186][ T440] __x64_sys_openat+0x136/0x160 [ 44.861036][ T440] x64_sys_call+0x783/0x9a0 [ 44.865540][ T440] do_syscall_64+0x4c/0xa0 [ 44.869964][ T440] ? clear_bhb_loop+0x15/0x70 [ 44.874640][ T440] ? clear_bhb_loop+0x15/0x70 [ 44.879322][ T440] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 44.885221][ T440] RIP: 0033:0x7fced31b6b89 [ 44.889644][ T440] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.909247][ T440] RSP: 002b:00007fced3152218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 44.917664][ T440] RAX: ffffffffffffffda RBX: 00007fced324f6b8 RCX: 00007fced31b6b89 [ 44.925635][ T440] RDX: 0000000000101000 RSI: 0000200000000080 RDI: 00000000ffffff9c [ 44.933699][ T440] RBP: 00007fced324f6b0 R08: 00007ffdf8b39217 R09: 0000000000000000 [ 44.941669][ T440] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000000080 [ 44.949725][ T440] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 44.957703][ T440] [pid 292] close(3) = 0 [pid 292] rmdir("./3" [pid 440] <... openat resumed>) = ? [pid 292] <... rmdir resumed>) = 0 [pid 292] mkdir("./4", 0777 [pid 440] +++ exited with 0 +++ [pid 412] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=22, si_stime=35} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 292] <... mkdir resumed>) = 0 [pid 292] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555580140730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 292] <... openat resumed>) = 3 [pid 292] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558013f690) = 443 ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x55558013f6a0, 24) = 0 [pid 443] chdir("./4") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 443] write(1, "executing program\n", 18) = 18 [pid 443] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] rt_sigaction(SIGRT_1, {sa_handler=0x7fced31dcfa0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fced31ce150}, NULL, 8) = 0 [pid 443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3153000 [pid 443] mprotect(0x7fced3154000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3173990, parent_tid=0x7fced3173990, exit_signal=0, stack=0x7fced3153000, stack_size=0x20300, tls=0x7fced31736c0} => {parent_tid=[444]}, 88) = 444 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.961004][ T440] F2FS-fs (loop4): sanity_check_extent_cache: inode (ino=8) extent info [14338, 0, 2147549187] is incorrect, run fsck to fix [ 44.974478][ T419] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [pid 443] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x7fced31739a0, 24) = 0 [pid 444] rt_sigprocmask(SIG_SETMASK, [], [pid 419] <... mount resumed>) = 0 [pid 444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 444] memfd_create("syzkaller", 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 444] <... memfd_create resumed>) = 3 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcecad53000 [pid 419] <... openat resumed>) = 3 [pid 419] chdir("./file0") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 417] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = 1 [pid 417] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] truncate("./file3", 7326 [pid 417] <... futex resumed>) = 0 [ 45.052642][ T419] F2FS-fs (loop3): access invalid blkaddr:2147563524 [ 45.091295][ T419] CPU: 0 PID: 419 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [pid 417] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... write resumed>) = 67108864 [pid 435] munmap(0x7fcecad53000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./file0", 0777) = 0 [ 45.103080][ T419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.113168][ T419] Call Trace: [ 45.116474][ T419] [ 45.119690][ T419] __dump_stack+0x21/0x24 [ 45.124060][ T419] dump_stack_lvl+0xee/0x150 [ 45.128710][ T419] ? __cfi_dump_stack_lvl+0x8/0x8 [ 45.132201][ T435] loop0: detected capacity change from 0 to 131072 [ 45.133808][ T419] ? __kasan_check_write+0x14/0x20 [ 45.145682][ T419] dump_stack+0x15/0x24 [ 45.149101][ T435] F2FS-fs (loop0): invalid crc value [ 45.149857][ T419] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 45.160794][ T419] f2fs_is_valid_blkaddr+0x23/0x30 [ 45.166033][ T419] sanity_check_extent_cache+0x1c5/0x480 [ 45.171704][ T419] f2fs_iget+0x3312/0x4cb0 [ 45.176167][ T419] f2fs_lookup+0x366/0xab0 [ 45.180605][ T419] ? __cfi_f2fs_lookup+0x10/0x10 [ 45.185573][ T419] ? __cfi_d_alloc_parallel+0x10/0x10 [ 45.190968][ T419] ? __cfi_lockref_get_not_dead+0x10/0x10 [ 45.196704][ T419] ? downgrade_write+0x350/0x350 [ 45.201673][ T419] __lookup_slow+0x2c7/0x3f0 [ 45.206295][ T419] ? lookup_one_len+0x2d0/0x2d0 [ 45.211167][ T419] ? down_read+0xa0/0xf0 [ 45.215435][ T419] lookup_slow+0x57/0x70 [ 45.219708][ T419] walk_component+0x2f4/0x420 [ 45.224411][ T419] path_lookupat+0x180/0x490 [ 45.229026][ T419] filename_lookup+0x1f0/0x500 [ 45.233816][ T419] ? __cfi_filename_lookup+0x10/0x10 [ 45.239141][ T419] ? strncpy_from_user+0x17a/0x2d0 [ 45.244290][ T419] user_path_at_empty+0x47/0x1c0 [ 45.249246][ T419] do_sys_truncate+0xa3/0x190 [ 45.253964][ T419] ? __cfi_do_sys_truncate+0x10/0x10 [ 45.259382][ T419] ? fpregs_restore_userregs+0x128/0x260 [ 45.265128][ T419] __x64_sys_truncate+0x5b/0x70 [ 45.270012][ T419] x64_sys_call+0x679/0x9a0 [ 45.274537][ T419] do_syscall_64+0x4c/0xa0 [ 45.279073][ T419] ? clear_bhb_loop+0x15/0x70 [ 45.283781][ T419] ? clear_bhb_loop+0x15/0x70 [ 45.288485][ T419] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 45.294417][ T419] RIP: 0033:0x7fced31b6b89 [ 45.298845][ T419] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.318481][ T419] RSP: 002b:00007fced3173218 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 45.326922][ T419] RAX: ffffffffffffffda RBX: 00007fced324f6a8 RCX: 00007fced31b6b89 [ 45.335022][ T419] RDX: 00007fced31b6b89 RSI: 0000000000001c9e RDI: 0000200000000280 [ 45.343019][ T419] RBP: 00007fced324f6a0 R08: 0000000000000000 R09: 0000000000000000 [pid 435] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK|MS_DIRSYNC|MS_SILENT|MS_POSIXACL|MS_LAZYTIME, "" [pid 417] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 417] futex(0x7fced324f6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fced3132000 [pid 417] mprotect(0x7fced3133000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fced3152990, parent_tid=0x7fced3152990, exit_signal=0, stack=0x7fced3132000, stack_size=0x20300, tls=0x7fced31526c0} => {parent_tid=[447]}, 88) = 447 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] futex(0x7fced324f6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x7fced31529a0, 24) = 0 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] openat(AT_FDCWD, "./file2", O_RDONLY|O_SYNC [pid 417] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 417] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 417] futex(0x7fced324f6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 45.351023][ T419] R10: 00000000000105aa R11: 0000000000000246 R12: 0000200000000080 [ 45.359126][ T419] R13: 0000200000000280 R14: 0032656c69662f2e R15: 0033656c69662f2e [ 45.367128][ T419] [ 45.389390][ T435] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 435] <... mount resumed>) = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] futex(0x7fced324f6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 435] futex(0x7fced324f6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7fced324f6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] truncate("./file3", 7326 [pid 434] <... futex resumed>) = 0 [ 45.486125][ T435] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 45.506183][ T435] F2FS-fs (loop0): access invalid blkaddr:2147563524 [ 45.514502][ T435] CPU: 0 PID: 435 Comm: syz-executor412 Tainted: G B 6.1.138-syzkaller-00010-gba4506940166 #0 [ 45.526160][ T435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 434] futex(0x7fced324f6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 45.536240][ T435] Call Trace: [ 45.539536][ T435] [ 45.542483][ T435] __dump_stack+0x21/0x24 [ 45.546838][ T435] dump_stack_lvl+0xee/0x150 [ 45.551441][ T435] ? __cfi_dump_stack_lvl+0x8/0x8 [ 45.556484][ T435] ? __kasan_check_write+0x14/0x20 [ 45.561617][ T435] dump_stack+0x15/0x24 [ 45.565787][ T435] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 45.571353][ T435] f2fs_is_valid_blkaddr+0x23/0x30 [ 45.576478][ T435] sanity_check_extent_cache+0x1c5/0x480 [ 45.582131][ T435] f2fs_iget+0x3312/0x4cb0