./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor370283397 <...> [ 15.991974][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. execve("./syz-executor370283397", ["./syz-executor370283397"], 0x7ffe34699ba0 /* 10 vars */) = 0 brk(NULL) = 0x5555560c4000 brk(0x5555560c4c40) = 0x5555560c4c40 arch_prctl(ARCH_SET_FS, 0x5555560c4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560c45d0) = 381 set_robust_list(0x5555560c45e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8681320620, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8681320cf0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f86813206c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8681320cf0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor370283397", 4096) = 27 brk(0x5555560e5c40) = 0x5555560e5c40 brk(0x5555560e6000) = 0x5555560e6000 mprotect(0x7f86813ea000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 381 mkdir("./syzkaller.IfpRr0", 0700) = 0 chmod("./syzkaller.IfpRr0", 0777) = 0 chdir("./syzkaller.IfpRr0") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555560c45e0, 24) = 0 [pid 382] chdir("./0") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 382] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[383], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 383 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [ 22.114163][ T23] audit: type=1400 audit(1678940789.470:73): avc: denied { execmem } for pid=381 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.136402][ T23] audit: type=1400 audit(1678940789.470:74): avc: denied { read write } for pid=381 comm="syz-executor370" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.160788][ T23] audit: type=1400 audit(1678940789.470:75): avc: denied { open } for pid=381 comm="syz-executor370" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.185047][ T23] audit: type=1400 audit(1678940789.470:76): avc: denied { ioctl } for pid=381 comm="syz-executor370" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 383] munmap(0x7f8678eef000, 32394836) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 383] close(3) = 0 [pid 383] mkdir("./bus", 0777) = 0 [ 22.280457][ T23] audit: type=1400 audit(1678940789.630:77): avc: denied { mounton } for pid=382 comm="syz-executor370" path="/root/syzkaller.IfpRr0/0/bus" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.287501][ T383] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 22.313066][ T383] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 22.321863][ T383] F2FS-fs (loop0): invalid crc value [pid 383] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 383] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 383] chdir("./bus") = 0 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [ 22.328689][ T383] F2FS-fs (loop0): Found nat_bits in checkpoint [ 22.350215][ T383] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 22.357280][ T383] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 383] close(4) = 0 [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 0 [pid 383] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] ftruncate(5, 33587195) = 0 [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [ 22.364927][ T23] audit: type=1400 audit(1678940789.720:78): avc: denied { mount } for pid=382 comm="syz-executor370" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.387727][ T23] audit: type=1400 audit(1678940789.740:79): avc: denied { write } for pid=382 comm="syz-executor370" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.409830][ T23] audit: type=1400 audit(1678940789.740:80): avc: denied { add_name } for pid=382 comm="syz-executor370" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 383] sendfile(4, 5, NULL, 281474978811909 [pid 382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 382] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 382] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[390], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 390 [pid 382] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7f867add39e0, 24) = 0 [pid 390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 390] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 382] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 22.430781][ T23] audit: type=1400 audit(1678940789.740:81): avc: denied { create } for pid=382 comm="syz-executor370" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.451315][ T23] audit: type=1400 audit(1678940789.740:82): avc: denied { read write open } for pid=382 comm="syz-executor370" path="/root/syzkaller.IfpRr0/0/bus/bus" dev="loop0" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 390] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 382] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... sendfile resumed>) = 7208960 [pid 390] open("./bus", O_RDONLY) = 7 [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 0 [pid 383] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 390] <... futex resumed>) = 1 [pid 383] <... ioctl resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 390] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 383] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] exit_group(0 [pid 383] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] <... exit_group resumed>) = ? [pid 390] <... futex resumed>) = ? [pid 383] <... futex resumed>) = ? [pid 390] +++ exited with 0 +++ [pid 383] +++ exited with 0 +++ [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=6, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 22.519909][ T383] attempt to access beyond end of device [ 22.519909][ T383] loop0: rw=2049, want=63368, limit=63271 [ 22.542649][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 22.558735][ T104] attempt to access beyond end of device [ 22.558735][ T104] loop0: rw=1, want=63384, limit=63271 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x5555560c45e0, 24) = 0 [pid 391] chdir("./1") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 391] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[392], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 392 [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 392] munmap(0x7f8678eef000, 32394836) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] mkdir("./bus", 0777) = 0 [ 22.850396][ T392] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 22.859149][ T392] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 22.868373][ T392] F2FS-fs (loop0): invalid crc value [ 22.874716][ T392] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 392] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 392] chdir("./bus") = 0 [pid 392] ioctl(4, LOOP_CLR_FD) = 0 [pid 392] close(4) = 0 [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] ftruncate(5, 33587195) = 0 [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [ 22.896443][ T392] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 22.903531][ T392] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 392] sendfile(4, 5, NULL, 281474978811909 [pid 391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 391] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[398], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 398 [pid 391] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x7f867add39e0, 24) = 0 [pid 398] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 398] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 398] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] open("./bus", O_RDONLY) = 7 [pid 398] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 392] <... sendfile resumed>) = 5177344 [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] <... ioctl resumed>, 0) = 0 [pid 398] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 398] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 0 [pid 392] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 392] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] exit_group(0) = ? [pid 398] <... futex resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 392] <... futex resumed>) = ? [pid 392] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=3, si_stime=25} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 23.003499][ T392] attempt to access beyond end of device [ 23.003499][ T392] loop0: rw=2049, want=77952, limit=63271 [ 23.003594][ T398] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 399 ./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x5555560c45e0, 24) = 0 [pid 399] chdir("./2") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 399] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[400], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 400 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 400] memfd_create("syzkaller", 0) = 3 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 400] munmap(0x7f8678eef000, 32394836) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 400] close(3) = 0 [pid 400] mkdir("./bus", 0777) = 0 [ 23.280368][ T400] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 23.288829][ T400] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 23.297742][ T400] F2FS-fs (loop0): invalid crc value [ 23.303939][ T400] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 400] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 400] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 400] chdir("./bus") = 0 [pid 400] ioctl(4, LOOP_CLR_FD) = 0 [pid 400] close(4) = 0 [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] ftruncate(5, 33587195) = 0 [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 400] sendfile(4, 5, NULL, 281474978811909 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.325732][ T400] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 23.332819][ T400] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 399] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 399] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7f867add39e0, 24) = 0 [pid 406] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... clone resumed>, parent_tid=[406], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 406 [pid 399] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 406] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 406] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 406] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 399] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... mmap resumed>) = 0x20000000 [pid 406] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 399] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] open("./bus", O_RDONLY) = 7 [pid 406] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 400] <... sendfile resumed>) = 5439488 [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 406] <... ioctl resumed>, 0) = 0 [pid 406] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... futex resumed>) = 0 [pid 400] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 400] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] exit_group(0 [pid 400] <... futex resumed>) = 1 [pid 399] <... exit_group resumed>) = ? [pid 406] <... futex resumed>) = ? [pid 400] +++ exited with 0 +++ [pid 406] +++ exited with 0 +++ [pid 399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=6, si_stime=20} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 23.435430][ T400] attempt to access beyond end of device [ 23.435430][ T400] loop0: rw=2049, want=77952, limit=63271 [ 23.443191][ T406] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x5555560c45e0, 24) = 0 [pid 407] chdir("./3") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 407] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[408], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 408 [pid 407] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 408] munmap(0x7f8678eef000, 32394836) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./bus", 0777) = 0 [ 23.767943][ T408] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 23.776550][ T408] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 23.787195][ T408] F2FS-fs (loop0): invalid crc value [ 23.793722][ T408] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 408] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 408] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./bus") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 0 [pid 408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 408] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 407] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... open resumed>) = 5 [pid 408] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 0 [pid 408] ftruncate(5, 33587195) = 0 [pid 408] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [ 23.815553][ T408] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 23.822597][ T408] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 408] sendfile(4, 5, NULL, 281474978811909 [pid 407] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 407] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 407] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[415], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 415 [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7f867add39e0, 24) = 0 [pid 415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 415] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 415] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] open("./bus", O_RDONLY) = 7 [pid 415] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 [pid 415] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 415] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 415] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 407] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 415] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [ 23.922424][ T415] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 [pid 415] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] exit_group(0 [pid 415] <... futex resumed>) = ? [pid 407] <... exit_group resumed>) = ? [pid 415] +++ exited with 0 +++ [pid 408] <... sendfile resumed>) = ? [pid 408] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=5, si_stime=32} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x5555560c45e0, 24) = 0 [pid 416] chdir("./4") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 416] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[417], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 417 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 417] munmap(0x7f8678eef000, 32394836) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 417] close(3) = 0 [pid 417] mkdir("./bus", 0777) = 0 [ 24.372979][ T417] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 24.381696][ T417] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 24.390725][ T417] F2FS-fs (loop0): invalid crc value [ 24.397081][ T417] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 417] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 417] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("./bus") = 0 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [pid 417] close(4) = 0 [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 1 [pid 417] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 417] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... open resumed>) = 5 [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] ftruncate(5, 33587195) = 0 [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 24.418561][ T417] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 24.425625][ T417] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 417] sendfile(4, 5, NULL, 281474978811909 [pid 416] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 416] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 416] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[423], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 423 [pid 416] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f867add39e0, 24) = 0 [pid 423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 423] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 416] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... close_range resumed>) = 0 [pid 423] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 416] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 416] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 416] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] open("./bus", O_RDONLY) = 7 [pid 423] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 417] <... sendfile resumed>) = 6225920 [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] <... ioctl resumed>, 0) = 0 [pid 417] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... futex resumed>) = 0 [pid 417] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 417] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] exit_group(0) = ? [pid 423] <... futex resumed>) = ? [pid 423] +++ exited with 0 +++ [pid 417] +++ exited with 0 +++ [pid 416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=4, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 24.541014][ T417] attempt to access beyond end of device [ 24.541014][ T417] loop0: rw=2049, want=77952, limit=63271 [ 24.542528][ T423] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x5555560c45e0, 24) = 0 [pid 424] chdir("./5") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 424] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 425 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 425] memfd_create("syzkaller", 0) = 3 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 425] munmap(0x7f8678eef000, 32394836) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 425] close(3) = 0 [pid 425] mkdir("./bus", 0777) = 0 [ 24.945984][ T425] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 24.954558][ T425] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 24.963776][ T425] F2FS-fs (loop0): invalid crc value [ 24.970112][ T425] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 425] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 425] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 425] chdir("./bus") = 0 [pid 425] ioctl(4, LOOP_CLR_FD) = 0 [pid 425] close(4) = 0 [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] <... futex resumed>) = 0 [pid 425] ftruncate(5, 33587195 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... ftruncate resumed>) = 0 [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 24.991566][ T425] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 24.998639][ T425] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 425] sendfile(4, 5, NULL, 281474978811909 [pid 424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 424] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[431], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 431 [pid 424] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7f867add39e0, 24) = 0 [pid 431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 431] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 431] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 424] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] open("./bus", O_RDONLY) = 7 [pid 431] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 0 [pid 431] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 425] <... sendfile resumed>) = 4718592 [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... ioctl resumed>, 0) = 0 [pid 431] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 425] <... futex resumed>) = 0 [pid 425] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 424] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 425] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] <... futex resumed>) = 0 [pid 425] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] exit_group(0 [pid 425] <... futex resumed>) = ? [pid 424] <... exit_group resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 431] <... futex resumed>) = ? [pid 431] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=4, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 25.098497][ T425] attempt to access beyond end of device [ 25.098497][ T425] loop0: rw=2049, want=77952, limit=63271 [ 25.103776][ T431] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x5555560c45e0, 24) = 0 [pid 432] chdir("./6") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 432] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 432] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[433], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 433 [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 433 attached ) = 0 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 433] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 433] munmap(0x7f8678eef000, 32394836) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] mkdir("./bus", 0777) = 0 [ 25.427147][ T433] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 25.435963][ T433] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 25.445100][ T433] F2FS-fs (loop0): invalid crc value [ 25.451610][ T433] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 433] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 433] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("./bus") = 0 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 433] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 433] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 433] ftruncate(5, 33587195) = 0 [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 25.475147][ T433] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 25.482195][ T433] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 433] sendfile(4, 5, NULL, 281474978811909 [pid 432] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 432] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 432] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 439 attached , parent_tid=[439], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 439 [pid 432] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] set_robust_list(0x7f867add39e0, 24) = 0 [pid 439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 439] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 432] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 439] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 432] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] open("./bus", O_RDONLY) = 7 [pid 439] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 433] <... sendfile resumed>) = 5505024 [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... ioctl resumed>, 0) = 0 [pid 439] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 439] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = 1 [pid 433] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 432] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 433] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 433] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] exit_group(0) = ? [pid 439] <... futex resumed>) = ? [pid 433] <... futex resumed>) = ? [pid 433] +++ exited with 0 +++ [pid 439] +++ exited with 0 +++ [pid 432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=3, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 25.588305][ T433] attempt to access beyond end of device [ 25.588305][ T433] loop0: rw=2049, want=77952, limit=63271 [ 25.592182][ T439] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x5555560c45e0, 24) = 0 [pid 440] chdir("./7") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 440] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[441], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 441 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 441] munmap(0x7f8678eef000, 32394836) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] mkdir("./bus", 0777) = 0 [ 25.900060][ T441] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 25.908628][ T441] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 25.917649][ T441] F2FS-fs (loop0): invalid crc value [ 25.924164][ T441] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 441] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 441] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./bus") = 0 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 441] ftruncate(5, 33587195 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] <... ftruncate resumed>) = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 25.946019][ T441] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 25.953106][ T441] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 441] sendfile(4, 5, NULL, 281474978811909 [pid 440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 440] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 440] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[447], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 447 [pid 440] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x7f867add39e0, 24) = 0 [pid 447] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 447] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = 1 [pid 440] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... close_range resumed>) = 0 [pid 447] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 1 [pid 440] <... futex resumed>) = 0 [pid 447] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 440] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... mmap resumed>) = 0x20000000 [pid 447] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] open("./bus", O_RDONLY) = 7 [pid 447] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... sendfile resumed>) = 4849664 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 447] <... futex resumed>) = 1 [pid 447] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 [pid 447] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 0 [pid 441] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 447] <... futex resumed>) = 1 [pid 447] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 441] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] exit_group(0) = ? [pid 447] <... futex resumed>) = ? [pid 447] +++ exited with 0 +++ [pid 441] <... futex resumed>) = ? [pid 441] +++ exited with 0 +++ [pid 440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=5, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 26.052661][ T441] attempt to access beyond end of device [ 26.052661][ T441] loop0: rw=2049, want=77952, limit=63271 [ 26.065196][ T447] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 448 ./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x5555560c45e0, 24) = 0 [pid 448] chdir("./8") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 448] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 449 attached , parent_tid=[449], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 449 [pid 448] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 449] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 449] munmap(0x7f8678eef000, 32394836) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 449] close(3) = 0 [pid 449] mkdir("./bus", 0777) = 0 [ 26.340235][ T449] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 26.348879][ T449] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.357995][ T449] F2FS-fs (loop0): invalid crc value [ 26.364459][ T449] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 449] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 449] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 449] chdir("./bus") = 0 [pid 449] ioctl(4, LOOP_CLR_FD) = 0 [pid 449] close(4) = 0 [pid 449] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... futex resumed>) = 1 [pid 449] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 449] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... futex resumed>) = 1 [pid 449] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 449] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] ftruncate(5, 33587195) = 0 [pid 449] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 26.385940][ T449] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 26.393037][ T449] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 449] sendfile(4, 5, NULL, 281474978811909 [pid 448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 448] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 448] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 455 attached , parent_tid=[455], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 455 [pid 455] set_robust_list(0x7f867add39e0, 24) = 0 [pid 455] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 455] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 455] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 455] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] open("./bus", O_RDONLY [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... open resumed>) = 7 [pid 455] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... ioctl resumed>, 0) = 0 [pid 455] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 455] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [ 26.489687][ T455] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 [pid 455] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] exit_group(0 [pid 455] <... futex resumed>) = ? [pid 448] <... exit_group resumed>) = ? [pid 449] <... sendfile resumed>) = ? [pid 449] +++ exited with 0 +++ [pid 455] +++ exited with 0 +++ [pid 448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=6, si_stime=27} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x5555560c45e0, 24) = 0 [pid 456] chdir("./9") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 456] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7f868130f9e0, 24 [pid 456] <... clone resumed>, parent_tid=[457], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 457 [pid 457] <... set_robust_list resumed>) = 0 [pid 456] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 457] munmap(0x7f8678eef000, 32394836) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] mkdir("./bus", 0777) = 0 [ 26.939591][ T457] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 26.948262][ T457] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 26.957479][ T457] F2FS-fs (loop0): invalid crc value [ 26.963907][ T457] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 457] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 457] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./bus") = 0 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 457] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 457] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 457] ftruncate(5, 33587195 [pid 456] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... ftruncate resumed>) = 0 [pid 457] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [ 26.985327][ T457] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 26.992388][ T457] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 457] sendfile(4, 5, NULL, 281474978811909 [pid 456] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 456] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 456] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 456] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[463], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 463 ./strace-static-x86_64: Process 463 attached [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] set_robust_list(0x7f867add39e0, 24) = 0 [pid 463] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 463] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 463] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] open("./bus", O_RDONLY) = 7 [pid 463] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 [pid 463] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 463] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] <... futex resumed>) = 0 [ 27.087606][ T463] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=13 [pid 463] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] exit_group(0) = ? [pid 463] <... futex resumed>) = ? [pid 463] +++ exited with 0 +++ [pid 457] <... sendfile resumed>) = ? [pid 457] +++ exited with 0 +++ [pid 456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=4, si_stime=31} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x5555560c45e0, 24) = 0 [pid 464] chdir("./10") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 464] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[465], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 465 [pid 464] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 465] munmap(0x7f8678eef000, 32394836) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 465] close(3) = 0 [pid 465] mkdir("./bus", 0777) = 0 [ 27.533703][ T465] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 27.542214][ T465] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.551171][ T465] F2FS-fs (loop0): invalid crc value [ 27.557738][ T465] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 465] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 465] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("./bus") = 0 [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4) = 0 [pid 465] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 465] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 0 [pid 465] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 465] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 1 [pid 465] ftruncate(5, 33587195 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... ftruncate resumed>) = 0 [pid 465] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 27.579194][ T465] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 27.586262][ T465] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 465] sendfile(4, 5, NULL, 281474978811909 [pid 464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 464] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 464] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 464] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[471], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 471 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7f867add39e0, 24) = 0 [pid 471] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 471] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 471] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] open("./bus", O_RDONLY) = 7 [pid 471] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... futex resumed>) = 1 [pid 471] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 [pid 471] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 471] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 464] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 471] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 471] <... futex resumed>) = 1 [ 27.691334][ T471] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=15 [pid 471] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] exit_group(0) = ? [pid 471] <... futex resumed>) = 231 [pid 465] <... sendfile resumed>) = ? [pid 471] +++ exited with 0 +++ [ 27.821959][ T465] BUG: scheduling while atomic: syz-executor370/465/0x00000002 [ 27.829528][ T465] Modules linked in: [ 27.833455][ T465] Preemption disabled at: [ 27.833482][ T465] [] unmap_page_range+0xad4/0x2070 [ 27.844460][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 27.854669][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 27.864709][ T465] Call Trace: [ 27.868033][ T465] dump_stack_lvl+0x1e2/0x24b [ 27.872702][ T465] ? wake_up_klogd+0xb8/0xf0 [ 27.877310][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 27.882771][ T465] ? kvm_sched_clock_read+0x18/0x40 [ 27.887970][ T465] ? sched_clock_cpu+0x1b/0x3b0 [ 27.892819][ T465] ? unmap_page_range+0xad4/0x2070 [ 27.897913][ T465] dump_stack+0x15/0x17 [ 27.902051][ T465] __schedule_bug+0x1b1/0x2b0 [ 27.906704][ T465] ? schedule_debug+0x180/0x180 [ 27.911532][ T465] ? __irq_exit_rcu+0x41/0x150 [ 27.916335][ T465] schedule_debug+0x97/0x180 [ 27.920946][ T465] __schedule+0x106/0xc00 [ 27.925259][ T465] ? release_firmware_map_entry+0x194/0x194 [ 27.931138][ T465] ? __kasan_check_write+0x14/0x20 [ 27.936227][ T465] ? _raw_spin_lock+0xa3/0x1b0 [ 27.940970][ T465] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 27.946318][ T465] schedule+0x14b/0x1e0 [ 27.950456][ T465] schedule_preempt_disabled+0x13/0x20 [ 27.955893][ T465] __mutex_lock+0x8c2/0x1340 [ 27.960460][ T465] ? set_page_dirty+0x1c6/0x350 [ 27.965306][ T465] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 27.972079][ T465] __mutex_lock_slowpath+0xe/0x10 [ 27.977087][ T465] mutex_lock+0x134/0x1e0 [ 27.981413][ T465] ? mutex_trylock+0x180/0x180 [ 27.986166][ T465] ? kmem_cache_alloc+0x1a4/0x300 [ 27.991173][ T465] ? f2fs_register_inmem_page+0x13e/0x480 [ 27.996876][ T465] f2fs_register_inmem_page+0x22a/0x480 [ 28.002418][ T465] f2fs_set_data_page_dirty+0x5d0/0x750 [ 28.007940][ T465] set_page_dirty+0x1c6/0x350 [ 28.012597][ T465] ? f2fs_write_data_pages+0x80/0x80 [ 28.017866][ T465] unmap_page_range+0xffa/0x2070 [ 28.022793][ T465] ? copy_page_range+0x10a0/0x10a0 [ 28.027883][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 28.033505][ T465] ? sched_clock+0x3a/0x40 [ 28.037909][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 28.043554][ T465] ? uprobe_munmap+0x18c/0x450 [ 28.048320][ T465] unmap_vmas+0x3d4/0x5b0 [ 28.052631][ T465] ? unmap_page_range+0x2070/0x2070 [ 28.057818][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 28.062657][ T465] exit_mmap+0x2f9/0x5c0 [ 28.066879][ T465] ? vm_brk+0x30/0x30 [ 28.070840][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 28.076021][ T465] __mmput+0x95/0x2c0 [ 28.080023][ T465] mmput+0x4b/0x50 [ 28.083734][ T465] exit_mm+0x5cd/0x790 [ 28.087801][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 28.093067][ T465] ? do_exit+0x2340/0x2340 [ 28.097464][ T465] ? taskstats_exit+0x47d/0xba0 [ 28.102304][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 28.107139][ T465] do_exit+0x5f2/0x2340 [ 28.111279][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.116457][ T465] ? finish_task_switch+0x130/0x580 [ 28.121636][ T465] ? get_task_struct+0x80/0x80 [ 28.126376][ T465] ? __schedule+0x86e/0xc00 [ 28.130861][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 28.136665][ T465] ? __kasan_check_write+0x14/0x20 [ 28.141753][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 28.146846][ T465] do_group_exit+0x13a/0x300 [ 28.151416][ T465] ? __kasan_check_write+0x14/0x20 [ 28.156507][ T465] get_signal+0xe17/0x1440 [ 28.160907][ T465] arch_do_signal+0x8e/0x650 [ 28.165476][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 28.170917][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 28.176265][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 28.181532][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 28.186714][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 28.192168][ T465] do_syscall_64+0x40/0x70 [ 28.196564][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.202435][ T465] RIP: 0033:0x7f86813636c9 [ 28.206825][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 28.214177][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 28.222569][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 28.230521][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 28.238502][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 28.246459][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 28.254413][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 28.262535][ T465] check_preemption_disabled: 4 callbacks suppressed [ 28.262547][ T465] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor370/465 [ 28.278426][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 28.284606][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 28.296222][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 28.306256][ T465] Call Trace: [ 28.309550][ T465] dump_stack_lvl+0x1e2/0x24b [ 28.314211][ T465] ? wake_up_klogd+0xb8/0xf0 [ 28.318783][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 28.324230][ T465] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 28.330967][ T465] dump_stack+0x15/0x17 [ 28.335109][ T465] check_preemption_disabled+0xf7/0x100 [ 28.340639][ T465] __this_cpu_preempt_check+0x13/0x20 [ 28.345990][ T465] __mod_node_page_state+0x6d/0xf0 [ 28.351078][ T465] __mod_lruvec_state+0x48/0x70 [ 28.355905][ T465] page_remove_file_rmap+0x65c/0x960 [ 28.361171][ T465] ? mutex_trylock+0x180/0x180 [ 28.365914][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 28.370919][ T465] ? __kasan_check_read+0x11/0x20 [ 28.375918][ T465] ? lock_page_memcg+0x9b/0x190 [ 28.380753][ T465] page_remove_rmap+0x158/0x6d0 [ 28.385617][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 28.390796][ T465] ? mark_page_accessed+0x864/0xc80 [ 28.395992][ T465] unmap_page_range+0x119b/0x2070 [ 28.401008][ T465] ? copy_page_range+0x10a0/0x10a0 [ 28.406096][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 28.411705][ T465] ? sched_clock+0x3a/0x40 [ 28.416100][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 28.421719][ T465] ? uprobe_munmap+0x18c/0x450 [ 28.426470][ T465] unmap_vmas+0x3d4/0x5b0 [ 28.430777][ T465] ? unmap_page_range+0x2070/0x2070 [ 28.435949][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 28.440780][ T465] exit_mmap+0x2f9/0x5c0 [ 28.445005][ T465] ? vm_brk+0x30/0x30 [ 28.448975][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 28.454153][ T465] __mmput+0x95/0x2c0 [ 28.458113][ T465] mmput+0x4b/0x50 [ 28.461818][ T465] exit_mm+0x5cd/0x790 [ 28.465862][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 28.471142][ T465] ? do_exit+0x2340/0x2340 [ 28.475539][ T465] ? taskstats_exit+0x47d/0xba0 [ 28.480371][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 28.485202][ T465] do_exit+0x5f2/0x2340 [ 28.489361][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.494557][ T465] ? finish_task_switch+0x130/0x580 [ 28.499737][ T465] ? get_task_struct+0x80/0x80 [ 28.504481][ T465] ? __schedule+0x86e/0xc00 [ 28.508961][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 28.514745][ T465] ? __kasan_check_write+0x14/0x20 [ 28.519835][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 28.524930][ T465] do_group_exit+0x13a/0x300 [ 28.529504][ T465] ? __kasan_check_write+0x14/0x20 [ 28.534593][ T465] get_signal+0xe17/0x1440 [ 28.539009][ T465] arch_do_signal+0x8e/0x650 [ 28.543577][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 28.549016][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 28.554366][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 28.559635][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 28.564827][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 28.570261][ T465] do_syscall_64+0x40/0x70 [ 28.574683][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.580551][ T465] RIP: 0033:0x7f86813636c9 [ 28.584939][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 28.592282][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 28.600680][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 28.608626][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 28.616576][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 28.624523][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 28.632474][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 28.640480][ T465] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor370/465 [ 28.649774][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 28.655942][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 28.667549][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 28.677583][ T465] Call Trace: [ 28.680854][ T465] dump_stack_lvl+0x1e2/0x24b [ 28.685532][ T465] ? wake_up_klogd+0xb8/0xf0 [ 28.690121][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 28.695558][ T465] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 28.702301][ T465] dump_stack+0x15/0x17 [ 28.706452][ T465] check_preemption_disabled+0xf7/0x100 [ 28.711979][ T465] __this_cpu_preempt_check+0x13/0x20 [ 28.717329][ T465] __mod_node_page_state+0x89/0xf0 [ 28.722417][ T465] __mod_lruvec_state+0x48/0x70 [ 28.727243][ T465] page_remove_file_rmap+0x65c/0x960 [ 28.732507][ T465] ? mutex_trylock+0x180/0x180 [ 28.737249][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 28.742249][ T465] ? __kasan_check_read+0x11/0x20 [ 28.747253][ T465] ? lock_page_memcg+0x9b/0x190 [ 28.752083][ T465] page_remove_rmap+0x158/0x6d0 [ 28.756921][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 28.762100][ T465] ? mark_page_accessed+0x864/0xc80 [ 28.767276][ T465] unmap_page_range+0x119b/0x2070 [ 28.772278][ T465] ? copy_page_range+0x10a0/0x10a0 [ 28.777367][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 28.782975][ T465] ? sched_clock+0x3a/0x40 [ 28.787372][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 28.792991][ T465] ? uprobe_munmap+0x18c/0x450 [ 28.797748][ T465] unmap_vmas+0x3d4/0x5b0 [ 28.802055][ T465] ? unmap_page_range+0x2070/0x2070 [ 28.807250][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 28.812078][ T465] exit_mmap+0x2f9/0x5c0 [ 28.816348][ T465] ? vm_brk+0x30/0x30 [ 28.820343][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 28.825542][ T465] __mmput+0x95/0x2c0 [ 28.829504][ T465] mmput+0x4b/0x50 [ 28.833204][ T465] exit_mm+0x5cd/0x790 [ 28.837250][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 28.842516][ T465] ? do_exit+0x2340/0x2340 [ 28.846914][ T465] ? taskstats_exit+0x47d/0xba0 [ 28.851752][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 28.856599][ T465] do_exit+0x5f2/0x2340 [ 28.860749][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 28.865938][ T465] ? finish_task_switch+0x130/0x580 [ 28.871118][ T465] ? get_task_struct+0x80/0x80 [ 28.875977][ T465] ? __schedule+0x86e/0xc00 [ 28.880468][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 28.886256][ T465] ? __kasan_check_write+0x14/0x20 [ 28.891345][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 28.896443][ T465] do_group_exit+0x13a/0x300 [ 28.901019][ T465] ? __kasan_check_write+0x14/0x20 [ 28.906137][ T465] get_signal+0xe17/0x1440 [ 28.910544][ T465] arch_do_signal+0x8e/0x650 [ 28.915122][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 28.920568][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 28.925918][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 28.931189][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 28.936365][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 28.941800][ T465] do_syscall_64+0x40/0x70 [ 28.946285][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 28.952159][ T465] RIP: 0033:0x7f86813636c9 [ 28.956572][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 28.963915][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 28.972316][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 28.980273][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 28.988223][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 28.996172][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 29.004124][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 29.012155][ T465] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-executor370/465 [ 29.021519][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 29.027696][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 29.039306][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 29.049340][ T465] Call Trace: [ 29.052612][ T465] dump_stack_lvl+0x1e2/0x24b [ 29.057268][ T465] ? wake_up_klogd+0xb8/0xf0 [ 29.061838][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.067280][ T465] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 29.074025][ T465] dump_stack+0x15/0x17 [ 29.078162][ T465] check_preemption_disabled+0xf7/0x100 [ 29.083684][ T465] __this_cpu_preempt_check+0x13/0x20 [ 29.089038][ T465] __mod_node_page_state+0xac/0xf0 [ 29.094134][ T465] __mod_lruvec_state+0x48/0x70 [ 29.098968][ T465] page_remove_file_rmap+0x65c/0x960 [ 29.104233][ T465] ? mutex_trylock+0x180/0x180 [ 29.108978][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 29.113982][ T465] ? __kasan_check_read+0x11/0x20 [ 29.118987][ T465] ? lock_page_memcg+0x9b/0x190 [ 29.123814][ T465] page_remove_rmap+0x158/0x6d0 [ 29.128683][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 29.133882][ T465] ? mark_page_accessed+0x864/0xc80 [ 29.139069][ T465] unmap_page_range+0x119b/0x2070 [ 29.144080][ T465] ? copy_page_range+0x10a0/0x10a0 [ 29.149172][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 29.154780][ T465] ? sched_clock+0x3a/0x40 [ 29.159181][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 29.164795][ T465] ? uprobe_munmap+0x18c/0x450 [ 29.169548][ T465] unmap_vmas+0x3d4/0x5b0 [ 29.173857][ T465] ? unmap_page_range+0x2070/0x2070 [ 29.179035][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 29.183861][ T465] exit_mmap+0x2f9/0x5c0 [ 29.188084][ T465] ? vm_brk+0x30/0x30 [ 29.192048][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 29.197234][ T465] __mmput+0x95/0x2c0 [ 29.201196][ T465] mmput+0x4b/0x50 [ 29.204898][ T465] exit_mm+0x5cd/0x790 [ 29.208949][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 29.214214][ T465] ? do_exit+0x2340/0x2340 [ 29.218607][ T465] ? taskstats_exit+0x47d/0xba0 [ 29.223439][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 29.228273][ T465] do_exit+0x5f2/0x2340 [ 29.232415][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.237595][ T465] ? finish_task_switch+0x130/0x580 [ 29.242949][ T465] ? get_task_struct+0x80/0x80 [ 29.247696][ T465] ? __schedule+0x86e/0xc00 [ 29.252183][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 29.257971][ T465] ? __kasan_check_write+0x14/0x20 [ 29.263068][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 29.268159][ T465] do_group_exit+0x13a/0x300 [ 29.272730][ T465] ? __kasan_check_write+0x14/0x20 [ 29.277825][ T465] get_signal+0xe17/0x1440 [ 29.282225][ T465] arch_do_signal+0x8e/0x650 [ 29.286797][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 29.292236][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 29.297589][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 29.302853][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 29.308034][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 29.313493][ T465] do_syscall_64+0x40/0x70 [ 29.317892][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.323763][ T465] RIP: 0033:0x7f86813636c9 [ 29.328159][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 29.335523][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 29.343917][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 29.351868][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 29.359817][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 29.367770][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 29.375725][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 29.383747][ T465] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor370/465 [ 29.393057][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 29.399206][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 29.410813][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 29.420850][ T465] Call Trace: [ 29.424123][ T465] dump_stack_lvl+0x1e2/0x24b [ 29.428783][ T465] ? wake_up_klogd+0xb8/0xf0 [ 29.433354][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.438797][ T465] ? dump_stack_lvl+0x211/0x24b [ 29.443627][ T465] dump_stack+0x15/0x17 [ 29.447764][ T465] check_preemption_disabled+0xf7/0x100 [ 29.453295][ T465] __this_cpu_preempt_check+0x13/0x20 [ 29.458650][ T465] __mod_memcg_state+0x51/0x230 [ 29.463480][ T465] __mod_memcg_lruvec_state+0x50/0x310 [ 29.468919][ T465] ? __this_cpu_preempt_check+0x13/0x20 [ 29.474444][ T465] ? __mod_node_page_state+0xac/0xf0 [ 29.479710][ T465] __mod_lruvec_state+0x5b/0x70 [ 29.484548][ T465] page_remove_file_rmap+0x65c/0x960 [ 29.489813][ T465] ? mutex_trylock+0x180/0x180 [ 29.494568][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 29.499574][ T465] ? __kasan_check_read+0x11/0x20 [ 29.504582][ T465] ? lock_page_memcg+0x9b/0x190 [ 29.509414][ T465] page_remove_rmap+0x158/0x6d0 [ 29.514249][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 29.519429][ T465] ? mark_page_accessed+0x864/0xc80 [ 29.524609][ T465] unmap_page_range+0x119b/0x2070 [ 29.529613][ T465] ? copy_page_range+0x10a0/0x10a0 [ 29.534706][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 29.540315][ T465] ? sched_clock+0x3a/0x40 [ 29.544711][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 29.550324][ T465] ? uprobe_munmap+0x18c/0x450 [ 29.555068][ T465] unmap_vmas+0x3d4/0x5b0 [ 29.559377][ T465] ? unmap_page_range+0x2070/0x2070 [ 29.564553][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 29.569379][ T465] exit_mmap+0x2f9/0x5c0 [ 29.573596][ T465] ? vm_brk+0x30/0x30 [ 29.577557][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 29.582738][ T465] __mmput+0x95/0x2c0 [ 29.586705][ T465] mmput+0x4b/0x50 [ 29.590411][ T465] exit_mm+0x5cd/0x790 [ 29.594459][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 29.599723][ T465] ? do_exit+0x2340/0x2340 [ 29.604120][ T465] ? taskstats_exit+0x47d/0xba0 [ 29.608951][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 29.613785][ T465] do_exit+0x5f2/0x2340 [ 29.617925][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 29.623103][ T465] ? finish_task_switch+0x130/0x580 [ 29.628285][ T465] ? get_task_struct+0x80/0x80 [ 29.633032][ T465] ? __schedule+0x86e/0xc00 [ 29.637522][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 29.643324][ T465] ? __kasan_check_write+0x14/0x20 [ 29.648429][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 29.653534][ T465] do_group_exit+0x13a/0x300 [ 29.658110][ T465] ? __kasan_check_write+0x14/0x20 [ 29.663201][ T465] get_signal+0xe17/0x1440 [ 29.667600][ T465] arch_do_signal+0x8e/0x650 [ 29.672187][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 29.677639][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 29.683002][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 29.688270][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 29.693456][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 29.698895][ T465] do_syscall_64+0x40/0x70 [ 29.703295][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 29.709167][ T465] RIP: 0033:0x7f86813636c9 [ 29.713561][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 29.720907][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 29.729305][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 29.737296][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 29.745256][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 29.753223][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 29.761193][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 29.769214][ T465] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-executor370/465 [ 29.778606][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 29.784771][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 29.796378][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 29.806422][ T465] Call Trace: [ 29.809695][ T465] dump_stack_lvl+0x1e2/0x24b [ 29.814351][ T465] ? wake_up_klogd+0xb8/0xf0 [ 29.818919][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 29.824358][ T465] ? dump_stack_lvl+0x211/0x24b [ 29.829195][ T465] dump_stack+0x15/0x17 [ 29.833342][ T465] check_preemption_disabled+0xf7/0x100 [ 29.838865][ T465] __this_cpu_preempt_check+0x13/0x20 [ 29.844216][ T465] __mod_memcg_state+0xb4/0x230 [ 29.849045][ T465] __mod_memcg_lruvec_state+0x50/0x310 [ 29.854481][ T465] ? __this_cpu_preempt_check+0x13/0x20 [ 29.860010][ T465] ? __mod_node_page_state+0xac/0xf0 [ 29.865295][ T465] __mod_lruvec_state+0x5b/0x70 [ 29.870126][ T465] page_remove_file_rmap+0x65c/0x960 [ 29.875387][ T465] ? mutex_trylock+0x180/0x180 [ 29.880134][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 29.885139][ T465] ? __kasan_check_read+0x11/0x20 [ 29.890138][ T465] ? lock_page_memcg+0x9b/0x190 [ 29.894965][ T465] page_remove_rmap+0x158/0x6d0 [ 29.899794][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 29.904972][ T465] ? mark_page_accessed+0x864/0xc80 [ 29.910149][ T465] unmap_page_range+0x119b/0x2070 [ 29.915157][ T465] ? copy_page_range+0x10a0/0x10a0 [ 29.920259][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 29.925893][ T465] ? sched_clock+0x3a/0x40 [ 29.930289][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 29.935901][ T465] ? uprobe_munmap+0x18c/0x450 [ 29.940640][ T465] unmap_vmas+0x3d4/0x5b0 [ 29.944945][ T465] ? unmap_page_range+0x2070/0x2070 [ 29.950117][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 29.954941][ T465] exit_mmap+0x2f9/0x5c0 [ 29.959158][ T465] ? vm_brk+0x30/0x30 [ 29.963121][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 29.968296][ T465] __mmput+0x95/0x2c0 [ 29.972262][ T465] mmput+0x4b/0x50 [ 29.975958][ T465] exit_mm+0x5cd/0x790 [ 29.980001][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 29.985285][ T465] ? do_exit+0x2340/0x2340 [ 29.989676][ T465] ? taskstats_exit+0x47d/0xba0 [ 29.994502][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 29.999327][ T465] do_exit+0x5f2/0x2340 [ 30.003460][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.008633][ T465] ? finish_task_switch+0x130/0x580 [ 30.013829][ T465] ? get_task_struct+0x80/0x80 [ 30.018568][ T465] ? __schedule+0x86e/0xc00 [ 30.023046][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 30.028833][ T465] ? __kasan_check_write+0x14/0x20 [ 30.033927][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 30.039014][ T465] do_group_exit+0x13a/0x300 [ 30.043584][ T465] ? __kasan_check_write+0x14/0x20 [ 30.048680][ T465] get_signal+0xe17/0x1440 [ 30.053102][ T465] arch_do_signal+0x8e/0x650 [ 30.057672][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 30.063131][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 30.068493][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 30.073765][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 30.078946][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 30.084390][ T465] do_syscall_64+0x40/0x70 [ 30.088782][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.094652][ T465] RIP: 0033:0x7f86813636c9 [ 30.099040][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 30.106405][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 30.114796][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 30.122748][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 30.130702][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 30.138681][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 30.146643][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 30.154671][ T465] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor370/465 [ 30.163899][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 30.170036][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 30.182349][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 30.192401][ T465] Call Trace: [ 30.195674][ T465] dump_stack_lvl+0x1e2/0x24b [ 30.200332][ T465] ? panic+0x7d7/0x7d7 [ 30.204379][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.209848][ T465] ? check_preemption_disabled+0xf7/0x100 [ 30.215562][ T465] dump_stack+0x15/0x17 [ 30.219698][ T465] check_preemption_disabled+0xf7/0x100 [ 30.225240][ T465] __this_cpu_preempt_check+0x13/0x20 [ 30.230597][ T465] __mod_memcg_lruvec_state+0x5c/0x310 [ 30.236035][ T465] ? __this_cpu_preempt_check+0x13/0x20 [ 30.241563][ T465] ? __mod_node_page_state+0xac/0xf0 [ 30.246835][ T465] __mod_lruvec_state+0x5b/0x70 [ 30.251665][ T465] page_remove_file_rmap+0x65c/0x960 [ 30.256929][ T465] ? mutex_trylock+0x180/0x180 [ 30.261668][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 30.266688][ T465] ? __kasan_check_read+0x11/0x20 [ 30.271716][ T465] ? lock_page_memcg+0x9b/0x190 [ 30.276544][ T465] page_remove_rmap+0x158/0x6d0 [ 30.281382][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 30.286581][ T465] ? mark_page_accessed+0x864/0xc80 [ 30.291771][ T465] unmap_page_range+0x119b/0x2070 [ 30.296789][ T465] ? copy_page_range+0x10a0/0x10a0 [ 30.301874][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 30.307482][ T465] ? sched_clock+0x3a/0x40 [ 30.311879][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 30.317491][ T465] ? uprobe_munmap+0x18c/0x450 [ 30.322241][ T465] unmap_vmas+0x3d4/0x5b0 [ 30.326544][ T465] ? unmap_page_range+0x2070/0x2070 [ 30.331722][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 30.336548][ T465] exit_mmap+0x2f9/0x5c0 [ 30.340774][ T465] ? vm_brk+0x30/0x30 [ 30.344740][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 30.349917][ T465] __mmput+0x95/0x2c0 [ 30.353877][ T465] mmput+0x4b/0x50 [ 30.357581][ T465] exit_mm+0x5cd/0x790 [ 30.361645][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 30.366905][ T465] ? do_exit+0x2340/0x2340 [ 30.371295][ T465] ? taskstats_exit+0x47d/0xba0 [ 30.376124][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 30.380950][ T465] do_exit+0x5f2/0x2340 [ 30.385111][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.390293][ T465] ? finish_task_switch+0x130/0x580 [ 30.395470][ T465] ? get_task_struct+0x80/0x80 [ 30.400234][ T465] ? __schedule+0x86e/0xc00 [ 30.404724][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 30.410511][ T465] ? __kasan_check_write+0x14/0x20 [ 30.415598][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 30.420693][ T465] do_group_exit+0x13a/0x300 [ 30.425262][ T465] ? __kasan_check_write+0x14/0x20 [ 30.430371][ T465] get_signal+0xe17/0x1440 [ 30.434769][ T465] arch_do_signal+0x8e/0x650 [ 30.439340][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 30.444798][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 30.450147][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 30.455409][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 30.460584][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 30.466038][ T465] do_syscall_64+0x40/0x70 [ 30.470434][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.476302][ T465] RIP: 0033:0x7f86813636c9 [ 30.480696][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 30.488071][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 30.496457][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 30.504430][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 30.512381][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 30.520330][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 30.528284][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 30.536282][ T465] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor370/465 [ 30.545599][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 30.551744][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 30.563338][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 30.573371][ T465] Call Trace: [ 30.576640][ T465] dump_stack_lvl+0x1e2/0x24b [ 30.581296][ T465] ? panic+0x7d7/0x7d7 [ 30.585348][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.590790][ T465] ? check_preemption_disabled+0xf7/0x100 [ 30.596483][ T465] dump_stack+0x15/0x17 [ 30.600629][ T465] check_preemption_disabled+0xf7/0x100 [ 30.606174][ T465] __this_cpu_preempt_check+0x13/0x20 [ 30.611527][ T465] __mod_memcg_lruvec_state+0xbf/0x310 [ 30.616966][ T465] ? __mod_node_page_state+0xac/0xf0 [ 30.622226][ T465] __mod_lruvec_state+0x5b/0x70 [ 30.627055][ T465] page_remove_file_rmap+0x65c/0x960 [ 30.632319][ T465] ? mutex_trylock+0x180/0x180 [ 30.637059][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 30.642062][ T465] ? __kasan_check_read+0x11/0x20 [ 30.647084][ T465] ? lock_page_memcg+0x9b/0x190 [ 30.651913][ T465] page_remove_rmap+0x158/0x6d0 [ 30.656745][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 30.661925][ T465] ? mark_page_accessed+0x864/0xc80 [ 30.667120][ T465] unmap_page_range+0x119b/0x2070 [ 30.672151][ T465] ? copy_page_range+0x10a0/0x10a0 [ 30.677272][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 30.682987][ T465] ? sched_clock+0x3a/0x40 [ 30.687397][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 30.693009][ T465] ? uprobe_munmap+0x18c/0x450 [ 30.697757][ T465] unmap_vmas+0x3d4/0x5b0 [ 30.702068][ T465] ? unmap_page_range+0x2070/0x2070 [ 30.707246][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 30.712078][ T465] exit_mmap+0x2f9/0x5c0 [ 30.716299][ T465] ? vm_brk+0x30/0x30 [ 30.720261][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 30.725436][ T465] __mmput+0x95/0x2c0 [ 30.729401][ T465] mmput+0x4b/0x50 [ 30.733101][ T465] exit_mm+0x5cd/0x790 [ 30.737155][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 30.742421][ T465] ? do_exit+0x2340/0x2340 [ 30.746816][ T465] ? taskstats_exit+0x47d/0xba0 [ 30.751649][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 30.756479][ T465] do_exit+0x5f2/0x2340 [ 30.760621][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 30.765820][ T465] ? finish_task_switch+0x130/0x580 [ 30.771084][ T465] ? get_task_struct+0x80/0x80 [ 30.775827][ T465] ? __schedule+0x86e/0xc00 [ 30.780315][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 30.786100][ T465] ? __kasan_check_write+0x14/0x20 [ 30.791191][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 30.796284][ T465] do_group_exit+0x13a/0x300 [ 30.800852][ T465] ? __kasan_check_write+0x14/0x20 [ 30.805944][ T465] get_signal+0xe17/0x1440 [ 30.810342][ T465] arch_do_signal+0x8e/0x650 [ 30.814911][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 30.820348][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 30.825699][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 30.830961][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 30.836138][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 30.841583][ T465] do_syscall_64+0x40/0x70 [ 30.845980][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 30.851851][ T465] RIP: 0033:0x7f86813636c9 [ 30.856245][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 30.863590][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 30.872010][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 30.879967][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 30.887925][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 30.895879][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 30.903838][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 30.911889][ T465] BUG: using __this_cpu_write() in preemptible [00000000] code: syz-executor370/465 [ 30.921297][ T465] caller is __this_cpu_preempt_check+0x13/0x20 [ 30.927477][ T465] CPU: 0 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 30.939089][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 30.949124][ T465] Call Trace: [ 30.952396][ T465] dump_stack_lvl+0x1e2/0x24b [ 30.957051][ T465] ? panic+0x7d7/0x7d7 [ 30.961097][ T465] ? bfq_pos_tree_add_move+0x43e/0x43e [ 30.966532][ T465] ? check_preemption_disabled+0xf7/0x100 [ 30.972225][ T465] dump_stack+0x15/0x17 [ 30.976362][ T465] check_preemption_disabled+0xf7/0x100 [ 30.981887][ T465] __this_cpu_preempt_check+0x13/0x20 [ 30.987235][ T465] __mod_memcg_lruvec_state+0x136/0x310 [ 30.992761][ T465] ? __mod_node_page_state+0xac/0xf0 [ 30.998029][ T465] __mod_lruvec_state+0x5b/0x70 [ 31.002861][ T465] page_remove_file_rmap+0x65c/0x960 [ 31.008137][ T465] ? mutex_trylock+0x180/0x180 [ 31.012913][ T465] ? page_remove_rmap+0x6d0/0x6d0 [ 31.017924][ T465] ? __kasan_check_read+0x11/0x20 [ 31.022931][ T465] ? lock_page_memcg+0x9b/0x190 [ 31.027759][ T465] page_remove_rmap+0x158/0x6d0 [ 31.032587][ T465] ? page_add_file_rmap+0xa80/0xa80 [ 31.037765][ T465] ? mark_page_accessed+0x864/0xc80 [ 31.042939][ T465] unmap_page_range+0x119b/0x2070 [ 31.047947][ T465] ? copy_page_range+0x10a0/0x10a0 [ 31.053043][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 31.058661][ T465] ? sched_clock+0x3a/0x40 [ 31.063054][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 31.068662][ T465] ? uprobe_munmap+0x18c/0x450 [ 31.073406][ T465] unmap_vmas+0x3d4/0x5b0 [ 31.077716][ T465] ? unmap_page_range+0x2070/0x2070 [ 31.082895][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 31.087725][ T465] exit_mmap+0x2f9/0x5c0 [ 31.091951][ T465] ? vm_brk+0x30/0x30 [ 31.095912][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 31.101089][ T465] __mmput+0x95/0x2c0 [ 31.105058][ T465] mmput+0x4b/0x50 [ 31.108766][ T465] exit_mm+0x5cd/0x790 [ 31.112813][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 31.118083][ T465] ? do_exit+0x2340/0x2340 [ 31.122485][ T465] ? taskstats_exit+0x47d/0xba0 [ 31.127315][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 31.132145][ T465] do_exit+0x5f2/0x2340 [ 31.136286][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.141464][ T465] ? finish_task_switch+0x130/0x580 [ 31.146644][ T465] ? get_task_struct+0x80/0x80 [ 31.151385][ T465] ? __schedule+0x86e/0xc00 [ 31.155864][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 31.161654][ T465] ? __kasan_check_write+0x14/0x20 [ 31.166749][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 31.171840][ T465] do_group_exit+0x13a/0x300 [ 31.176412][ T465] ? __kasan_check_write+0x14/0x20 [ 31.181508][ T465] get_signal+0xe17/0x1440 [ 31.185910][ T465] arch_do_signal+0x8e/0x650 [ 31.190483][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 31.195924][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 31.201280][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 31.206540][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 31.211720][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 31.217156][ T465] do_syscall_64+0x40/0x70 [ 31.221556][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 31.227422][ T465] RIP: 0033:0x7f86813636c9 [ 31.231810][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 31.239153][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 31.247544][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 31.255757][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 31.263716][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 31.271673][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 31.279627][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 31.289578][ T465] ------------[ cut here ]------------ [ 31.295174][ T465] DEBUG_LOCKS_WARN_ON(val > preempt_count()) [ 31.295209][ T465] WARNING: CPU: 1 PID: 465 at kernel/sched/core.c:4477 preempt_count_sub+0xa8/0x160 [ 31.310835][ T465] Modules linked in: [ 31.314886][ T465] CPU: 1 PID: 465 Comm: syz-executor370 Tainted: G W 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 31.326697][ T465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 31.336932][ T465] RIP: 0010:preempt_count_sub+0xa8/0x160 [ 31.342707][ T465] Code: 42 8a 04 30 84 c0 0f 85 89 00 00 00 83 3d 37 e6 54 05 00 75 d2 48 c7 c7 20 5d e9 84 48 c7 c6 c0 5d e9 84 31 c0 e8 58 f3 f4 ff <0f> 0b eb b9 e8 7f 2a 00 01 85 c0 74 b0 48 c7 c0 38 2b 9f 86 48 c1 [ 31.362493][ T465] RSP: 0018:ffffc90000df7528 EFLAGS: 00010246 [ 31.368660][ T465] RAX: 4430a681aca5f100 RBX: 0000000000000001 RCX: ffff88810c658000 [ 31.376790][ T465] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 31.384920][ T465] RBP: ffffc90000df7538 R08: ffffffff81540db8 R09: ffffed103ee24e93 [ 31.393054][ T465] R10: ffffed103ee24e93 R11: 1ffff1103ee24e92 R12: 1ffff920001bef20 [ 31.401114][ T465] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffffc90000df78e0 [ 31.409222][ T465] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.418213][ T465] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.424961][ T465] CR2: 00007f8681310000 CR3: 000000011e6ea000 CR4: 00000000003506b0 [ 31.433159][ T465] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.441121][ T465] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.449195][ T465] Call Trace: [ 31.452661][ T465] _raw_spin_unlock+0x4d/0x70 [ 31.457419][ T465] unmap_page_range+0x1dd8/0x2070 [ 31.462579][ T465] ? copy_page_range+0x10a0/0x10a0 [ 31.467797][ T465] ? munlock_vma_pages_range+0xa14/0xab0 [ 31.473570][ T465] ? sched_clock+0x3a/0x40 [ 31.478102][ T465] ? munlock_vma_pages_range+0x86f/0xab0 [ 31.483857][ T465] ? uprobe_munmap+0x18c/0x450 [ 31.488724][ T465] unmap_vmas+0x3d4/0x5b0 [ 31.493194][ T465] ? unmap_page_range+0x2070/0x2070 [ 31.498489][ T465] ? tlb_gather_mmu+0x2c7/0x3c0 [ 31.503462][ T465] exit_mmap+0x2f9/0x5c0 [ 31.507877][ T465] ? vm_brk+0x30/0x30 [ 31.511974][ T465] ? uprobe_clear_state+0x2c3/0x330 [ 31.517429][ T465] __mmput+0x95/0x2c0 [ 31.521496][ T465] mmput+0x4b/0x50 [ 31.525367][ T465] exit_mm+0x5cd/0x790 [ 31.529792][ T465] ? __delayacct_add_tsk+0x68d/0x720 [ 31.535224][ T465] ? do_exit+0x2340/0x2340 [ 31.539716][ T465] ? taskstats_exit+0x47d/0xba0 [ 31.544702][ T465] ? tty_audit_exit+0x13b/0x1e0 [ 31.549660][ T465] do_exit+0x5f2/0x2340 [ 31.553950][ T465] ? _raw_spin_unlock_irq+0x4e/0x70 [ 31.559232][ T465] ? finish_task_switch+0x130/0x580 [ 31.564594][ T465] ? get_task_struct+0x80/0x80 [ 31.569455][ T465] ? __schedule+0x86e/0xc00 [ 31.574109][ T465] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 31.580032][ T465] ? __kasan_check_write+0x14/0x20 [ 31.585280][ T465] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 31.590500][ T465] do_group_exit+0x13a/0x300 [ 31.595229][ T465] ? __kasan_check_write+0x14/0x20 [ 31.600425][ T465] get_signal+0xe17/0x1440 [ 31.604975][ T465] arch_do_signal+0x8e/0x650 [ 31.609670][ T465] ? __do_sys_rt_sigreturn+0x1e0/0x1e0 [ 31.615268][ T465] ? __x64_sys_sendfile64+0x1ce/0x230 [ 31.620723][ T465] ? __ia32_sys_sendfile+0x250/0x250 [ 31.626136][ T465] exit_to_user_mode_loop+0xa3/0xe0 [ 31.631412][ T465] syscall_exit_to_user_mode+0x77/0xa0 [ 31.636994][ T465] do_syscall_64+0x40/0x70 [ 31.641556][ T465] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 31.647615][ T465] RIP: 0033:0x7f86813636c9 [ 31.652172][ T465] Code: Unable to access opcode bytes at RIP 0x7f868136369f. [ 31.659554][ T465] RSP: 002b:00007f868130f308 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 31.668141][ T465] RAX: 0000000001179000 RBX: 00007f86813f07e8 RCX: 00007f86813636c9 [ 31.676231][ T465] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [pid 465] +++ exited with 0 +++ [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=4, si_stime=96} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 31.684308][ T465] RBP: 00007f86813f07e0 R08: 0000000000000000 R09: 0000000000000000 [ 31.692580][ T465] R10: 0001000000201005 R11: 0000000000000246 R12: 00007f86813f07ec [ 31.700670][ T465] R13: 00007f86813bcf28 R14: 0032656c69662f2e R15: 0000000000022000 [ 31.708786][ T465] ---[ end trace 76762afaf09b868f ]--- umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 473 ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x5555560c45e0, 24) = 0 [pid 473] chdir("./11") = 0 [pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 473] setpgid(0, 0) = 0 [pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 473] write(3, "1000", 4) = 4 [pid 473] close(3) = 0 [pid 473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 473] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 473] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[474], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 474 [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 474] memfd_create("syzkaller", 0) = 3 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 474] munmap(0x7f8678eef000, 32394836) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 474] close(3) = 0 [pid 474] mkdir("./bus", 0777) = 0 [ 32.059976][ T474] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 32.068556][ T474] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.077564][ T474] F2FS-fs (loop0): invalid crc value [ 32.084022][ T474] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 474] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 474] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 474] chdir("./bus") = 0 [pid 474] ioctl(4, LOOP_CLR_FD) = 0 [pid 474] close(4) = 0 [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] <... futex resumed>) = 1 [pid 474] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] <... futex resumed>) = 0 [pid 474] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] ftruncate(5, 33587195) = 0 [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 32.105588][ T474] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.112929][ T474] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 474] sendfile(4, 5, NULL, 281474978811909 [pid 473] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 473] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 473] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[480], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 480 [pid 473] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x7f867add39e0, 24) = 0 [pid 480] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 480] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 1 [pid 480] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 480] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 1 [pid 480] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 1 [pid 480] open("./bus", O_RDONLY) = 7 [pid 480] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 1 [pid 480] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 474] <... sendfile resumed>) = 5308416 [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] <... ioctl resumed>, 0) = 0 [pid 480] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] <... futex resumed>) = 1 [pid 473] <... futex resumed>) = 0 [pid 480] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] <... futex resumed>) = 0 [pid 474] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 474] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] <... futex resumed>) = 0 [pid 473] exit_group(0) = ? [pid 480] <... futex resumed>) = ? [pid 480] +++ exited with 0 +++ [pid 474] <... futex resumed>) = ? [pid 474] +++ exited with 0 +++ [pid 473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=473, si_uid=0, si_status=0, si_utime=5, si_stime=25} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 32.222672][ T474] attempt to access beyond end of device [ 32.222672][ T474] loop0: rw=2049, want=77952, limit=63271 [ 32.222815][ T480] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x5555560c45e0, 24) = 0 [pid 481] chdir("./12") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 481] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[482], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 482 [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 482] memfd_create("syzkaller", 0) = 3 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 482] munmap(0x7f8678eef000, 32394836) = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 482] close(3) = 0 [pid 482] mkdir("./bus", 0777) = 0 [ 32.583036][ T482] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 32.591848][ T482] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.600949][ T482] F2FS-fs (loop0): invalid crc value [ 32.607366][ T482] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 482] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 482] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 482] chdir("./bus") = 0 [pid 482] ioctl(4, LOOP_CLR_FD) = 0 [pid 482] close(4) = 0 [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 482] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 481] <... futex resumed>) = 0 [pid 482] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... open resumed>) = 5 [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 0 [pid 482] ftruncate(5, 33587195) = 0 [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [ 32.628801][ T482] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.635887][ T482] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 482] sendfile(4, 5, NULL, 281474978811909 [pid 481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 481] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 481] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x7f867add39e0, 24 [pid 481] <... clone resumed>, parent_tid=[488], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 488 [pid 488] <... set_robust_list resumed>) = 0 [pid 488] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 488] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 488] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 481] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] open("./bus", O_RDONLY) = 7 [pid 488] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 488] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 481] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] <... sendfile resumed>) = 4587520 [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... ioctl resumed>, 0) = 0 [pid 488] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 0 [pid 482] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 482] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 481] exit_group(0) = ? [pid 482] <... futex resumed>) = ? [pid 482] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ [pid 481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=481, si_uid=0, si_status=0, si_utime=4, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 32.738011][ T482] attempt to access beyond end of device [ 32.738011][ T482] loop0: rw=2049, want=77952, limit=63271 [ 32.750454][ T488] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x5555560c45e0, 24) = 0 [pid 489] chdir("./13") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 489] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 490 attached , parent_tid=[490], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 490 [pid 490] set_robust_list(0x7f868130f9e0, 24 [pid 489] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 490] <... set_robust_list resumed>) = 0 [pid 490] memfd_create("syzkaller", 0) = 3 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 490] munmap(0x7f8678eef000, 32394836) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 490] close(3) = 0 [pid 490] mkdir("./bus", 0777) = 0 [ 33.016914][ T490] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 33.025382][ T490] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 33.034435][ T490] F2FS-fs (loop0): invalid crc value [ 33.040947][ T490] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 490] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 490] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 490] chdir("./bus") = 0 [pid 490] ioctl(4, LOOP_CLR_FD) = 0 [pid 490] close(4) = 0 [pid 490] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... futex resumed>) = 1 [pid 490] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 490] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 490] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000 [pid 489] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... open resumed>) = 5 [pid 490] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 490] ftruncate(5, 33587195 [pid 489] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] <... ftruncate resumed>) = 0 [pid 490] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] sendfile(4, 5, NULL, 281474978811909 [pid 489] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 33.062465][ T490] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.069643][ T490] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 489] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 489] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 489] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 496 attached , parent_tid=[496], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 496 [pid 496] set_robust_list(0x7f867add39e0, 24) = 0 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... open resumed>) = 6 [pid 496] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 496] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 1 [pid 496] open("./bus", O_RDONLY) = 7 [pid 496] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... futex resumed>) = 1 [pid 496] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE, 0) = 0 [pid 496] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 496] <... futex resumed>) = 1 [pid 489] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 489] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 496] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [ 33.175945][ T496] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 [pid 496] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] exit_group(0 [pid 496] <... futex resumed>) = ? [pid 489] <... exit_group resumed>) = ? [pid 490] <... sendfile resumed>) = ? [pid 490] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ [pid 489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=4, si_stime=32} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 497 ./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x5555560c45e0, 24) = 0 [pid 497] chdir("./14") = 0 [pid 497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 497] setpgid(0, 0) = 0 [pid 497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 497] write(3, "1000", 4) = 4 [pid 497] close(3) = 0 [pid 497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 497] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 497] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[498], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 498 [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 498 attached [pid 498] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 498] memfd_create("syzkaller", 0) = 3 [pid 498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 498] munmap(0x7f8678eef000, 32394836) = 0 [pid 498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 498] close(3) = 0 [pid 498] mkdir("./bus", 0777) = 0 [ 33.607557][ T498] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 33.616082][ T498] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 33.625216][ T498] F2FS-fs (loop0): invalid crc value [ 33.631529][ T498] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 498] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 498] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 498] chdir("./bus") = 0 [pid 498] ioctl(4, LOOP_CLR_FD) = 0 [pid 498] close(4) = 0 [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [pid 498] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [pid 498] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 498] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 0 [pid 498] ftruncate(5, 33587195) = 0 [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [ 33.654383][ T498] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.661523][ T498] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 498] sendfile(4, 5, NULL, 281474978811909 [pid 497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 497] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 497] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 497] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 504 attached , parent_tid=[504], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 504 [pid 504] set_robust_list(0x7f867add39e0, 24) = 0 [pid 504] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 504] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... open resumed>) = 6 [pid 504] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 504] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 504] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 497] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 504] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 497] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] open("./bus", O_RDONLY [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... open resumed>) = 7 [pid 504] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 497] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... ioctl resumed>, 0) = 0 [pid 498] <... sendfile resumed>) = 4194304 [pid 504] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 1 [pid 498] <... futex resumed>) = 0 [pid 497] <... futex resumed>) = 0 [pid 498] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 498] <... futex resumed>) = 0 [pid 497] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 498] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 498] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 497] <... futex resumed>) = 0 [pid 497] exit_group(0 [pid 504] <... futex resumed>) = ? [pid 497] <... exit_group resumed>) = ? [pid 498] <... futex resumed>) = ? [pid 498] +++ exited with 0 +++ [pid 504] +++ exited with 0 +++ [pid 497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=497, si_uid=0, si_status=0, si_utime=3, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 33.752105][ T504] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=17 [ 33.752394][ T498] attempt to access beyond end of device [ 33.752394][ T498] loop0: rw=2049, want=77952, limit=63271 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x5555560c45e0, 24) = 0 [pid 505] chdir("./15") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 505] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[506], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 506 [pid 505] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 506] memfd_create("syzkaller", 0) = 3 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 506] munmap(0x7f8678eef000, 32394836) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 506] close(3) = 0 [pid 506] mkdir("./bus", 0777) = 0 [ 34.064691][ T506] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 34.073196][ T506] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.082124][ T506] F2FS-fs (loop0): invalid crc value [ 34.088383][ T506] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 506] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 506] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 506] chdir("./bus") = 0 [pid 506] ioctl(4, LOOP_CLR_FD) = 0 [pid 506] close(4) = 0 [pid 506] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 506] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 505] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... open resumed>) = 4 [pid 506] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... futex resumed>) = 1 [pid 506] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 506] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 506] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 505] <... futex resumed>) = 0 [pid 506] ftruncate(5, 33587195 [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... ftruncate resumed>) = 0 [pid 506] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 506] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 505] <... futex resumed>) = 0 [pid 506] sendfile(4, 5, NULL, 281474978811909 [ 34.110167][ T506] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 34.117251][ T506] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 505] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[512], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 512 [pid 505] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x7f867add39e0, 24) = 0 [pid 512] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 512] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... futex resumed>) = 1 [pid 512] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 512] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... futex resumed>) = 1 [pid 512] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... futex resumed>) = 1 [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 505] <... futex resumed>) = ? [pid 506] <... sendfile resumed>) = ? [pid 506] +++ killed by SIGBUS +++ [pid 512] +++ killed by SIGBUS +++ [pid 505] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=505, si_uid=0, si_status=SIGBUS, si_utime=4, si_stime=14} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x5555560c45e0, 24) = 0 [pid 513] chdir("./16") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 513] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[514], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 514 [pid 513] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 514] memfd_create("syzkaller", 0) = 3 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 514] munmap(0x7f8678eef000, 32394836) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 514] close(3) = 0 [pid 514] mkdir("./bus", 0777) = 0 [ 34.501052][ T514] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 34.509620][ T514] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.518468][ T514] F2FS-fs (loop0): invalid crc value [ 34.524751][ T514] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 514] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 514] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 514] chdir("./bus") = 0 [pid 514] ioctl(4, LOOP_CLR_FD) = 0 [pid 514] close(4) = 0 [pid 514] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 514] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 514] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 0 [pid 514] ftruncate(5, 33587195) = 0 [pid 514] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [ 34.546226][ T514] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 34.553376][ T514] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 514] sendfile(4, 5, NULL, 281474978811909 [pid 513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 513] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 513] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 513] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 520 attached , parent_tid=[520], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 520 [pid 520] set_robust_list(0x7f867add39e0, 24 [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... set_robust_list resumed>) = 0 [pid 520] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 520] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... close_range resumed>) = 0 [pid 513] <... futex resumed>) = 0 [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... mmap resumed>) = 0x20000000 [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 520] open("./bus", O_RDONLY [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] <... open resumed>) = 7 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] <... futex resumed>) = 0 [pid 520] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... ioctl resumed>, 0) = 0 [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] <... futex resumed>) = 1 [pid 520] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 520] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 520] <... futex resumed>) = 1 [ 34.652342][ T520] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 [pid 520] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] exit_group(0 [pid 520] <... futex resumed>) = ? [pid 513] <... exit_group resumed>) = ? [pid 514] <... sendfile resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 520] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=6, si_stime=27} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 521 attached , child_tidptr=0x5555560c45d0) = 521 [pid 521] set_robust_list(0x5555560c45e0, 24) = 0 [pid 521] chdir("./17") = 0 [pid 521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 521] setpgid(0, 0) = 0 [pid 521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 521] write(3, "1000", 4) = 4 [pid 521] close(3) = 0 [pid 521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 521] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 521] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[522], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 522 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 522] memfd_create("syzkaller", 0) = 3 [pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 522] munmap(0x7f8678eef000, 32394836) = 0 [pid 522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 522] close(3) = 0 [pid 522] mkdir("./bus", 0777) = 0 [ 35.105206][ T522] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 35.113715][ T522] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.122779][ T522] F2FS-fs (loop0): invalid crc value [ 35.129048][ T522] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 522] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 522] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 522] chdir("./bus") = 0 [pid 522] ioctl(4, LOOP_CLR_FD) = 0 [pid 522] close(4) = 0 [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] ftruncate(5, 33587195) = 0 [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 35.150468][ T522] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.157562][ T522] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 522] sendfile(4, 5, NULL, 281474978811909 [pid 521] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 521] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 521] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[528], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 528 [pid 521] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x7f867add39e0, 24) = 0 [pid 528] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 528] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = 1 [pid 521] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... close_range resumed>) = 0 [pid 528] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = 1 [pid 521] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... mmap resumed>) = 0x20000000 [pid 528] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] open("./bus", O_RDONLY) = 7 [pid 528] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 522] <... sendfile resumed>) = 5439488 [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 528] <... ioctl resumed>, 0) = 0 [pid 528] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... futex resumed>) = 1 [pid 522] <... futex resumed>) = 0 [pid 528] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 522] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 522] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 521] <... futex resumed>) = 0 [pid 522] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 521] exit_group(0 [pid 528] <... futex resumed>) = ? [pid 522] <... futex resumed>) = ? [pid 521] <... exit_group resumed>) = ? [pid 528] +++ exited with 0 +++ [pid 522] +++ exited with 0 +++ [pid 521] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=521, si_uid=0, si_status=0, si_utime=3, si_stime=23} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 35.262348][ T522] attempt to access beyond end of device [ 35.262348][ T522] loop0: rw=2049, want=77952, limit=63271 [ 35.272633][ T528] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=1 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x5555560c45e0, 24) = 0 [pid 529] chdir("./18") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 529] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 530 attached , parent_tid=[530], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 530 [pid 530] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 530] memfd_create("syzkaller", 0) = 3 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 530] munmap(0x7f8678eef000, 32394836) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 530] close(3) = 0 [pid 530] mkdir("./bus", 0777) = 0 [ 35.568439][ T530] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 35.577015][ T530] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.586184][ T530] F2FS-fs (loop0): invalid crc value [ 35.592801][ T530] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 530] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 530] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 530] chdir("./bus") = 0 [pid 530] ioctl(4, LOOP_CLR_FD) = 0 [pid 530] close(4) = 0 [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [pid 530] ftruncate(5, 33587195) = 0 [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 1 [ 35.614371][ T530] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.621419][ T530] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 530] sendfile(4, 5, NULL, 281474978811909 [pid 529] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 529] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 529] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[536], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 536 ./strace-static-x86_64: Process 536 attached [pid 529] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] set_robust_list(0x7f867add39e0, 24) = 0 [pid 536] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 536] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 529] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] <... close_range resumed>) = 0 [pid 536] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 529] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] <... mmap resumed>) = 0x20000000 [pid 536] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 536] open("./bus", O_RDONLY) = 7 [pid 536] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 529] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... sendfile resumed>) = 5177344 [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] <... ioctl resumed>, 0) = 0 [pid 536] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 529] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 530] <... futex resumed>) = 0 [pid 530] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 536] <... futex resumed>) = 1 [pid 536] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 530] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 530] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] exit_group(0) = ? [pid 536] <... futex resumed>) = ? [pid 536] +++ exited with 0 +++ [pid 530] <... futex resumed>) = ? [pid 530] +++ exited with 0 +++ [pid 529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=5, si_stime=21} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 35.725568][ T536] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=4 [ 35.725635][ T530] attempt to access beyond end of device [ 35.725635][ T530] loop0: rw=2049, want=77952, limit=63271 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 537 ./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x5555560c45e0, 24) = 0 [pid 537] chdir("./19") = 0 [pid 537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 537] setpgid(0, 0) = 0 [pid 537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 537] write(3, "1000", 4) = 4 [pid 537] close(3) = 0 [pid 537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 537] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 537] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 538 attached , parent_tid=[538], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 538 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 538] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 538] memfd_create("syzkaller", 0) = 3 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 538] munmap(0x7f8678eef000, 32394836) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 538] close(3) = 0 [pid 538] mkdir("./bus", 0777) = 0 [ 36.026450][ T538] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 36.035042][ T538] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.043878][ T538] F2FS-fs (loop0): invalid crc value [ 36.050194][ T538] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 538] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 538] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 538] chdir("./bus") = 0 [pid 538] ioctl(4, LOOP_CLR_FD) = 0 [pid 538] close(4) = 0 [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = 1 [pid 538] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = 1 [pid 538] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = 1 [pid 538] ftruncate(5, 33587195) = 0 [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... futex resumed>) = 1 [ 36.071540][ T538] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.078599][ T538] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 538] sendfile(4, 5, NULL, 281474978811909 [pid 537] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 537] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 537] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 537] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[544], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 544 [pid 537] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x7f867add39e0, 24) = 0 [pid 544] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 544] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE [pid 537] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... close_range resumed>) = 0 [pid 544] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 537] <... futex resumed>) = 1 [pid 537] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] open("./bus", O_RDONLY) = 7 [pid 544] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 544] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 544] <... futex resumed>) = 0 [pid 544] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 537] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... ioctl resumed>, 0) = 0 [pid 538] <... sendfile resumed>) = 5767168 [pid 544] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 544] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = 0 [pid 538] <... futex resumed>) = 0 [pid 537] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 537] <... futex resumed>) = 0 [pid 538] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 537] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 537] <... futex resumed>) = 0 [pid 537] exit_group(0 [pid 538] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] <... exit_group resumed>) = ? [pid 538] <... futex resumed>) = ? [pid 544] <... futex resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 538] +++ exited with 0 +++ [pid 537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=537, si_uid=0, si_status=0, si_utime=4, si_stime=26} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 36.190276][ T544] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=10 [ 36.190559][ T538] attempt to access beyond end of device [ 36.190559][ T538] loop0: rw=2049, want=77952, limit=63271 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x5555560c45e0, 24) = 0 [pid 545] chdir("./20") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 545] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 546 attached , parent_tid=[546], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 546 [pid 546] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 546] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 546] memfd_create("syzkaller", 0) = 3 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 546] munmap(0x7f8678eef000, 32394836) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 546] close(3) = 0 [pid 546] mkdir("./bus", 0777) = 0 [ 36.488822][ T546] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 36.497436][ T546] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.506406][ T546] F2FS-fs (loop0): invalid crc value [ 36.512762][ T546] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 546] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 546] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 546] chdir("./bus") = 0 [pid 546] ioctl(4, LOOP_CLR_FD) = 0 [pid 546] close(4) = 0 [pid 546] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 546] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 546] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 545] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 0 [pid 546] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 546] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] ftruncate(5, 33587195) = 0 [pid 546] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [ 36.534666][ T546] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.541697][ T546] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 546] sendfile(4, 5, NULL, 281474978811909 [pid 545] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 545] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 545] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[552], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 552 [pid 545] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x7f867add39e0, 24) = 0 [pid 552] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 552] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 552] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 552] <... futex resumed>) = 1 [pid 552] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 545] <... futex resumed>) = ? [pid 546] <... sendfile resumed>) = ? [pid 546] +++ killed by SIGBUS +++ [pid 552] +++ killed by SIGBUS +++ [pid 545] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=545, si_uid=0, si_status=SIGBUS, si_utime=2, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 553 ./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x5555560c45e0, 24) = 0 [pid 553] chdir("./21") = 0 [pid 553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 553] setpgid(0, 0) = 0 [pid 553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] write(3, "1000", 4) = 4 [pid 553] close(3) = 0 [pid 553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 553] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 553] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[554], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 554 ./strace-static-x86_64: Process 554 attached [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] set_robust_list(0x7f868130f9e0, 24 [pid 553] <... futex resumed>) = 0 [pid 554] <... set_robust_list resumed>) = 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 554] memfd_create("syzkaller", 0) = 3 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 554] munmap(0x7f8678eef000, 32394836) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 554] close(3) = 0 [pid 554] mkdir("./bus", 0777) = 0 [ 36.903305][ T554] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 36.911877][ T554] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.921036][ T554] F2FS-fs (loop0): invalid crc value [ 36.927526][ T554] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 554] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 554] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 554] chdir("./bus") = 0 [pid 554] ioctl(4, LOOP_CLR_FD) = 0 [pid 554] close(4) = 0 [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 1 [pid 554] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 554] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 0 [pid 554] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 1 [pid 554] ftruncate(5, 33587195) = 0 [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... futex resumed>) = 1 [ 36.949028][ T554] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.956118][ T554] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 554] sendfile(4, 5, NULL, 281474978811909 [pid 553] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 553] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 553] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 553] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[560], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 560 [pid 553] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x7f867add39e0, 24) = 0 [pid 560] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 560] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 1 [pid 560] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 560] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 0 [pid 553] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 1 [pid 560] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 553] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] open("./bus", O_RDONLY) = 7 [pid 553] <... futex resumed>) = 0 [pid 560] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 0 [pid 553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 560] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 553] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... sendfile resumed>) = 5111808 [pid 560] <... ioctl resumed>, 0) = 0 [pid 560] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] <... futex resumed>) = 1 [pid 553] <... futex resumed>) = 0 [pid 560] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 553] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 553] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] <... sendmsg resumed>) = -1 EBADF (Bad file descriptor) [pid 554] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 553] <... futex resumed>) = 0 [pid 553] exit_group(0 [pid 560] <... futex resumed>) = ? [pid 553] <... exit_group resumed>) = ? [pid 560] +++ exited with 0 +++ [pid 554] +++ exited with 0 +++ [pid 553] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=553, si_uid=0, si_status=0, si_utime=5, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 37.055181][ T560] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=17 [ 37.064340][ T560] attempt to access beyond end of device [ 37.064340][ T560] loop0: rw=2049, want=77904, limit=63271 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 561 ./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x5555560c45e0, 24) = 0 [pid 561] chdir("./22") = 0 [pid 561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 561] setpgid(0, 0) = 0 [pid 561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 561] write(3, "1000", 4) = 4 [pid 561] close(3) = 0 [pid 561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 561] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 561] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[562], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 562 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 562 attached [pid 562] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 562] memfd_create("syzkaller", 0) = 3 [pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 562] munmap(0x7f8678eef000, 32394836) = 0 [pid 562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 562] close(3) = 0 [pid 562] mkdir("./bus", 0777) = 0 [ 37.342097][ T562] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 37.350949][ T562] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.360067][ T562] F2FS-fs (loop0): invalid crc value [ 37.366649][ T562] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 562] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 562] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 562] chdir("./bus") = 0 [pid 562] ioctl(4, LOOP_CLR_FD) = 0 [pid 562] close(4) = 0 [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 5 [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] ftruncate(5, 33587195) = 0 [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [ 37.388000][ T562] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.395067][ T562] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 562] sendfile(4, 5, NULL, 281474978811909 [pid 561] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 561] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f867adb3000 [pid 561] mprotect(0x7f867adb4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 561] clone(child_stack=0x7f867add33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[568], tls=0x7f867add3700, child_tidptr=0x7f867add39d0) = 568 [pid 561] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 568 attached [pid 568] set_robust_list(0x7f867add39e0, 24) = 0 [pid 568] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6 [pid 568] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] close_range(4294967295, 4294967295, CLOSE_RANGE_UNSHARE) = 0 [pid 568] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 561] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] open("./bus", O_RDONLY) = 7 [pid 568] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f86813f07fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] ioctl(7, F2FS_IOC_START_ATOMIC_WRITE [pid 562] <... sendfile resumed>) = 4849664 [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 562] futex(0x7f86813f07e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 568] <... ioctl resumed>, 0) = 0 [pid 568] futex(0x7f86813f07fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] <... futex resumed>) = 0 [pid 561] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 561] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] futex(0x7f86813f07f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] <... futex resumed>) = 0 [pid 562] sendmsg(-1, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EBADF (Bad file descriptor) [pid 562] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... futex resumed>) = 0 [pid 561] exit_group(0) = ? [pid 562] <... futex resumed>) = ? [pid 562] +++ exited with 0 +++ [pid 568] <... futex resumed>) = ? [pid 568] +++ exited with 0 +++ [pid 561] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=561, si_uid=0, si_status=0, si_utime=4, si_stime=22} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555560c5620 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 37.496281][ T568] F2FS-fs (loop0): Unexpected flush for atomic writes: ino=4, npages=2 [ 37.496289][ T562] attempt to access beyond end of device [ 37.496289][ T562] loop0: rw=2049, want=77952, limit=63271 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555560cd660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555560cd660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x5555560c5620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560c45d0) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x5555560c45e0, 24) = 0 [pid 569] chdir("./23") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f86812ef000 [pid 569] mprotect(0x7f86812f0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] clone(child_stack=0x7f868130f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[570], tls=0x7f868130f700, child_tidptr=0x7f868130f9d0) = 570 [pid 569] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f86813f07ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x7f868130f9e0, 24) = 0 [pid 570] memfd_create("syzkaller", 0) = 3 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8678eef000 [pid 570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836) = 32394836 [pid 570] munmap(0x7f8678eef000, 32394836) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 570] close(3) = 0 [pid 570] mkdir("./bus", 0777) = 0 [ 37.811633][ T570] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 37.820329][ T570] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.829625][ T570] F2FS-fs (loop0): invalid crc value [ 37.836076][ T570] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 570] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 570] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 570] chdir("./bus") = 0 [pid 570] ioctl(4, LOOP_CLR_FD) = 0 [pid 570] close(4) = 0 [pid 570] futex(0x7f86813f07ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7f86813f07e8, FUTEX_WAKE_PRIVATE, 1000000) = 0