./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2005901623 <...> Warning: Permanently added '10.128.1.92' (ED25519) to the list of known hosts. execve("./syz-executor2005901623", ["./syz-executor2005901623"], 0x7fff821918f0 /* 10 vars */) = 0 brk(NULL) = 0x55556814a000 brk(0x55556814ad40) = 0x55556814ad40 arch_prctl(ARCH_SET_FS, 0x55556814a3c0) = 0 set_tid_address(0x55556814a690) = 5075 set_robust_list(0x55556814a6a0, 24) = 0 rseq(0x55556814ace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2005901623", 4096) = 28 getrandom("\xbb\x12\x08\x10\x3d\xad\xdf\x3f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556814ad40 brk(0x55556816bd40) = 0x55556816bd40 brk(0x55556816c000) = 0x55556816c000 mprotect(0x7f3b8532b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5075 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5075", 4) = 4 close(3) = 0 mkdir("./syzkaller.o6o7DR", 0700) = 0 chmod("./syzkaller.o6o7DR", 0777) = 0 chdir("./syzkaller.o6o7DR") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached , child_tidptr=0x55556814a690) = 5076 [pid 5076] set_robust_list(0x55556814a6a0, 24) = 0 [pid 5076] chdir("./0") = 0 [pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] setpgid(0, 0) = 0 [pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5076] write(3, "1000", 4) = 4 [pid 5076] close(3) = 0 [pid 5076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5076] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] rt_sigaction(SIGRT_1, {sa_handler=0x7f3b852d1990, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3b852c32d0}, NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b8523a000 [pid 5076] mprotect(0x7f3b8523b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b8525a990, parent_tid=0x7f3b8525a990, exit_signal=0, stack=0x7f3b8523a000, stack_size=0x20300, tls=0x7f3b8525a6c0}./strace-static-x86_64: Process 5078 attached [pid 5078] rseq(0x7f3b8525afe0, 0x20, 0, 0x53053053) = 0 [pid 5078] set_robust_list(0x7f3b8525a9a0, 24 [pid 5076] <... clone3 resumed> => {parent_tid=[5078]}, 88) = 5078 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] memfd_create("syzkaller", 0 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] <... memfd_create resumed>) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b7ce00000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5078] munmap(0x7f3b7ce00000, 138412032) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] close(4) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [ 76.544400][ T5078] loop0: detected capacity change from 0 to 40427 [ 76.570180][ T5078] ======================================================= [ 76.570180][ T5078] WARNING: The mand mount option has been deprecated and [ 76.570180][ T5078] and is ignored by this kernel. Remove the mand [ 76.570180][ T5078] option from the mount to silence this warning. [ 76.570180][ T5078] ======================================================= [ 76.619272][ T5078] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5078] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK, "fsync_mode=posix,noinline_data,discard,inline_dentry,") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5078] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5078] openat(AT_FDCWD, ".", O_RDONLY [pid 5076] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... openat resumed>) = 4 [ 76.663955][ T5078] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5078] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5078] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5078] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [ 76.731929][ T5078] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 76.739774][ T5078] CPU: 1 PID: 5078 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 76.748480][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 76.758644][ T5078] Call Trace: [ 76.761947][ T5078] [ 76.764889][ T5078] dump_stack_lvl+0x241/0x360 [ 76.769625][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.774868][ T5078] ? _raw_write_unlock+0x28/0x50 [pid 5076] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5076] futex(0x7f3b853316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b85219000 [pid 5076] mprotect(0x7f3b8521a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b85239990, parent_tid=0x7f3b85239990, exit_signal=0, stack=0x7f3b85219000, stack_size=0x20300, tls=0x7f3b852396c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f3b85239fe0, 0x20, 0, 0x53053053) = 0 [pid 5076] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] set_robust_list(0x7f3b852399a0, 24 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... set_robust_list resumed>) = 0 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] futex(0x7f3b853316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5083] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [ 76.779834][ T5078] ? f2fs_init_read_extent_tree+0x314/0x910 [ 76.785744][ T5078] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 76.791335][ T5078] sanity_check_extent_cache+0x15a/0x410 [ 76.797044][ T5078] f2fs_iget+0x33e1/0x46e0 [ 76.802383][ T5078] f2fs_nfs_get_inode+0x74/0x100 [ 76.807370][ T5078] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 76.813038][ T5078] generic_fh_to_dentry+0x9f/0xf0 [ 76.818084][ T5078] exportfs_decode_fh_raw+0x152/0x5f0 [ 76.823467][ T5078] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [pid 5076] futex(0x7f3b853316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 76.829296][ T5078] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 76.835215][ T5078] ? __fget_files+0x3f4/0x470 [ 76.840001][ T5078] ? __fget_files+0x28/0x470 [ 76.844618][ T5078] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 76.850459][ T5078] exportfs_decode_fh+0x3c/0x80 [ 76.855351][ T5078] do_handle_open+0x495/0x650 [ 76.860054][ T5078] ? __pfx_do_handle_open+0x10/0x10 [ 76.865327][ T5078] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.871682][ T5078] ? do_syscall_64+0x102/0x240 [ 76.876467][ T5078] do_syscall_64+0xf5/0x240 [ 76.881029][ T5078] ? clear_bhb_loop+0x35/0x90 [ 76.885833][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.891793][ T5078] RIP: 0033:0x7f3b852ab889 [ 76.896238][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.916240][ T5078] RSP: 002b:00007f3b8525a228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 76.924683][ T5078] RAX: ffffffffffffffda RBX: 00007f3b853316c8 RCX: 00007f3b852ab889 [ 76.932677][ T5078] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 76.940676][ T5078] RBP: 00007f3b853316c0 R08: 00007f3b8525a6c0 R09: 00007f3b8525a6c0 [ 76.948729][ T5078] R10: 00007f3b8525a6c0 R11: 0000000000000246 R12: 00007f3b853316cc [ 76.956750][ T5078] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 76.964891][ T5078] [ 76.968782][ T5078] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [5634, 0, 3] is incorrect, run fsck to fix [pid 5078] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5078] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.983122][ T5083] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 76.991045][ T5083] CPU: 0 PID: 5083 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 76.999845][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 77.010044][ T5083] Call Trace: [ 77.013360][ T5083] [ 77.016310][ T5083] dump_stack_lvl+0x241/0x360 [ 77.021028][ T5083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.026350][ T5083] ? _raw_write_unlock+0x28/0x50 [ 77.031348][ T5083] ? f2fs_init_read_extent_tree+0x314/0x910 [ 77.037265][ T5083] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 77.042923][ T5083] sanity_check_extent_cache+0x15a/0x410 [ 77.048615][ T5083] f2fs_iget+0x33e1/0x46e0 [ 77.053072][ T5083] f2fs_nfs_get_inode+0x74/0x100 [ 77.058032][ T5083] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 77.063695][ T5083] generic_fh_to_dentry+0x9f/0xf0 [ 77.068775][ T5083] exportfs_decode_fh_raw+0x152/0x5f0 [ 77.074172][ T5083] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 77.080009][ T5083] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 77.086030][ T5083] ? __fget_files+0x3f4/0x470 [ 77.090725][ T5083] ? __fget_files+0x28/0x470 [ 77.095339][ T5083] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 77.101175][ T5083] exportfs_decode_fh+0x3c/0x80 [ 77.106066][ T5083] do_handle_open+0x495/0x650 [ 77.110795][ T5083] ? __pfx_do_handle_open+0x10/0x10 [ 77.116118][ T5083] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.122900][ T5083] ? do_syscall_64+0x102/0x240 [ 77.127882][ T5083] do_syscall_64+0xf5/0x240 [ 77.132410][ T5083] ? clear_bhb_loop+0x35/0x90 [ 77.137110][ T5083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.143021][ T5083] RIP: 0033:0x7f3b852ab889 [ 77.147471][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.167792][ T5083] RSP: 002b:00007f3b85239228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 77.176226][ T5083] RAX: ffffffffffffffda RBX: 00007f3b853316d8 RCX: 00007f3b852ab889 [pid 5078] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5083] futex(0x7f3b853316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f3b853316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] exit_group(0 [pid 5083] <... futex resumed>) = ? [pid 5078] <... futex resumed>) = ? [pid 5076] <... exit_group resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556814b730 /* 4 entries */, 32768) = 112 [ 77.184235][ T5083] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 77.192217][ T5083] RBP: 00007f3b853316d0 R08: 00007ffdc8faca87 R09: 00007f3b852396c0 [ 77.200201][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b853316dc [ 77.208200][ T5083] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 77.216200][ T5083] [ 77.220388][ T5083] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [5634, 0, 3] is incorrect, run fsck to fix umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555568153770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555568153770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55556814b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached , child_tidptr=0x55556814a690) = 5084 [pid 5084] set_robust_list(0x55556814a6a0, 24) = 0 [pid 5084] chdir("./1") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f3b852d1990, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3b852c32d0}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b8523a000 [pid 5084] mprotect(0x7f3b8523b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b8525a990, parent_tid=0x7f3b8525a990, exit_signal=0, stack=0x7f3b8523a000, stack_size=0x20300, tls=0x7f3b8525a6c0}./strace-static-x86_64: Process 5085 attached [pid 5085] rseq(0x7f3b8525afe0, 0x20, 0, 0x53053053) = 0 [pid 5084] <... clone3 resumed> => {parent_tid=[5085]}, 88) = 5085 [pid 5085] set_robust_list(0x7f3b8525a9a0, 24 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5085] memfd_create("syzkaller", 0 [pid 5084] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... memfd_create resumed>) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b7ce00000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5085] munmap(0x7f3b7ce00000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [ 77.894749][ T5085] loop0: detected capacity change from 0 to 40427 [ 77.933166][ T5085] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5085] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK, "fsync_mode=posix,noinline_data,discard,inline_dentry,") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5085] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] openat(AT_FDCWD, ".", O_RDONLY [pid 5084] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5085] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5084] <... futex resumed>) = 0 [ 77.976796][ T5085] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 78.014656][ T5085] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 78.022731][ T5085] CPU: 1 PID: 5085 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 78.031436][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 78.041616][ T5085] Call Trace: [ 78.044921][ T5085] [ 78.047863][ T5085] dump_stack_lvl+0x241/0x360 [ 78.052567][ T5085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.057789][ T5085] ? _raw_write_unlock+0x28/0x50 [ 78.062788][ T5085] ? f2fs_init_read_extent_tree+0x314/0x910 [ 78.068709][ T5085] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 78.074280][ T5085] sanity_check_extent_cache+0x15a/0x410 [ 78.079948][ T5085] f2fs_iget+0x33e1/0x46e0 [ 78.084408][ T5085] f2fs_nfs_get_inode+0x74/0x100 [ 78.089472][ T5085] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 78.095191][ T5085] generic_fh_to_dentry+0x9f/0xf0 [ 78.100250][ T5085] exportfs_decode_fh_raw+0x152/0x5f0 [ 78.106014][ T5085] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 78.111983][ T5085] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 78.118233][ T5085] ? __fget_files+0x3f4/0x470 [ 78.122951][ T5085] ? __fget_files+0x28/0x470 [ 78.127587][ T5085] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 78.133523][ T5085] exportfs_decode_fh+0x3c/0x80 [ 78.138437][ T5085] do_handle_open+0x495/0x650 [ 78.143254][ T5085] ? __pfx_do_handle_open+0x10/0x10 [ 78.148503][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.154956][ T5085] ? do_syscall_64+0x102/0x240 [ 78.159754][ T5085] do_syscall_64+0xf5/0x240 [ 78.164313][ T5085] ? clear_bhb_loop+0x35/0x90 [ 78.169012][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.174921][ T5085] RIP: 0033:0x7f3b852ab889 [ 78.179381][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 78.199014][ T5085] RSP: 002b:00007f3b8525a228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 78.207553][ T5085] RAX: ffffffffffffffda RBX: 00007f3b853316c8 RCX: 00007f3b852ab889 [ 78.215599][ T5085] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [pid 5084] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f3b853316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b85219000 [pid 5085] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5084] mprotect(0x7f3b8521a000, 131072, PROT_READ|PROT_WRITE [pid 5085] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... mprotect resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b85239990, parent_tid=0x7f3b85239990, exit_signal=0, stack=0x7f3b85219000, stack_size=0x20300, tls=0x7f3b852396c0}./strace-static-x86_64: Process 5090 attached [pid 5090] rseq(0x7f3b85239fe0, 0x20, 0, 0x53053053 [pid 5084] <... clone3 resumed> => {parent_tid=[5090]}, 88) = 5090 [pid 5090] <... rseq resumed>) = 0 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] set_robust_list(0x7f3b852399a0, 24 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] futex(0x7f3b853316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5090] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [ 78.223688][ T5085] RBP: 00007f3b853316c0 R08: 00007f3b8525a6c0 R09: 00007f3b8525a6c0 [ 78.231930][ T5085] R10: 00007f3b8525a6c0 R11: 0000000000000246 R12: 00007f3b853316cc [ 78.239935][ T5085] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 78.247951][ T5085] [ 78.251210][ T5085] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [5634, 0, 3] is incorrect, run fsck to fix [pid 5084] futex(0x7f3b853316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 78.273321][ T5090] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 78.281164][ T5090] CPU: 0 PID: 5090 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 78.289857][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 78.299950][ T5090] Call Trace: [ 78.303246][ T5090] [ 78.306354][ T5090] dump_stack_lvl+0x241/0x360 [ 78.311068][ T5090] ? __pfx_dump_stack_lvl+0x10/0x10 [ 78.316318][ T5090] ? _raw_write_unlock+0x28/0x50 [ 78.321378][ T5090] ? f2fs_init_read_extent_tree+0x314/0x910 [ 78.327343][ T5090] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 78.332941][ T5090] sanity_check_extent_cache+0x15a/0x410 [ 78.338629][ T5090] f2fs_iget+0x33e1/0x46e0 [ 78.343093][ T5090] f2fs_nfs_get_inode+0x74/0x100 [ 78.348279][ T5090] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 78.353868][ T5090] generic_fh_to_dentry+0x9f/0xf0 [ 78.359020][ T5090] exportfs_decode_fh_raw+0x152/0x5f0 [ 78.364520][ T5090] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 78.370585][ T5090] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 78.376632][ T5090] ? __fget_files+0x3f4/0x470 [ 78.381347][ T5090] ? __fget_files+0x28/0x470 [ 78.385964][ T5090] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 78.391816][ T5090] exportfs_decode_fh+0x3c/0x80 [ 78.396699][ T5090] do_handle_open+0x495/0x650 [ 78.401474][ T5090] ? __pfx_do_handle_open+0x10/0x10 [ 78.406788][ T5090] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.413137][ T5090] ? do_syscall_64+0x102/0x240 [ 78.418001][ T5090] do_syscall_64+0xf5/0x240 [ 78.422797][ T5090] ? clear_bhb_loop+0x35/0x90 [ 78.427491][ T5090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.433399][ T5090] RIP: 0033:0x7f3b852ab889 [ 78.437826][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 78.457452][ T5090] RSP: 002b:00007f3b85239228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 78.465885][ T5090] RAX: ffffffffffffffda RBX: 00007f3b853316d8 RCX: 00007f3b852ab889 [pid 5090] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5090] futex(0x7f3b853316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f3b853316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] exit_group(0 [pid 5085] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5090] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556814b730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.473871][ T5090] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 78.481997][ T5090] RBP: 00007f3b853316d0 R08: 00007ffdc8faca87 R09: 00007f3b852396c0 [ 78.489986][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b853316dc [ 78.497973][ T5090] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 78.505983][ T5090] [ 78.509344][ T5090] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [5634, 0, 3] is incorrect, run fsck to fix newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555568153770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555568153770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55556814b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x55556814a690) = 5091 [pid 5091] set_robust_list(0x55556814a6a0, 24) = 0 [pid 5091] chdir("./2") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] rt_sigaction(SIGRT_1, {sa_handler=0x7f3b852d1990, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3b852c32d0}, NULL, 8) = 0 [pid 5091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b8523a000 [pid 5091] mprotect(0x7f3b8523b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b8525a990, parent_tid=0x7f3b8525a990, exit_signal=0, stack=0x7f3b8523a000, stack_size=0x20300, tls=0x7f3b8525a6c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5092] rseq(0x7f3b8525afe0, 0x20, 0, 0x53053053 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] <... rseq resumed>) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] set_robust_list(0x7f3b8525a9a0, 24 [pid 5091] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b7ce00000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5092] munmap(0x7f3b7ce00000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file0", 0777) = 0 [ 79.114809][ T5092] loop0: detected capacity change from 0 to 40427 [ 79.150270][ T5092] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5092] mount("/dev/loop0", "./file0", "f2fs", MS_MANDLOCK, "fsync_mode=posix,noinline_data,discard,inline_dentry,") = 0 [pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file0") = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] futex(0x7f3b853316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, ".", O_RDONLY [pid 5091] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... openat resumed>) = 4 [pid 5092] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] <... futex resumed>) = 0 [pid 5092] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5091] futex(0x7f3b853316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.192254][ T5092] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 79.233175][ T5092] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 79.241487][ T5092] CPU: 0 PID: 5092 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 79.250369][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 79.260455][ T5092] Call Trace: [ 79.263743][ T5092] [ 79.266723][ T5092] dump_stack_lvl+0x241/0x360 [ 79.271430][ T5092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.276659][ T5092] ? _raw_write_unlock+0x28/0x50 [pid 5091] futex(0x7f3b853316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5091] futex(0x7f3b853316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3b85219000 [pid 5091] mprotect(0x7f3b8521a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3b85239990, parent_tid=0x7f3b85239990, exit_signal=0, stack=0x7f3b85219000, stack_size=0x20300, tls=0x7f3b852396c0}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f3b85239fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f3b852399a0, 24 [pid 5091] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5097] <... set_robust_list resumed>) = 0 [ 79.281632][ T5092] ? f2fs_init_read_extent_tree+0x314/0x910 [ 79.287561][ T5092] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 79.293158][ T5092] sanity_check_extent_cache+0x15a/0x410 [ 79.298959][ T5092] f2fs_iget+0x33e1/0x46e0 [ 79.303542][ T5092] f2fs_nfs_get_inode+0x74/0x100 [ 79.308518][ T5092] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 79.314201][ T5092] generic_fh_to_dentry+0x9f/0xf0 [ 79.319260][ T5092] exportfs_decode_fh_raw+0x152/0x5f0 [ 79.324673][ T5092] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.330613][ T5092] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 79.336577][ T5092] ? __fget_files+0x3f4/0x470 [ 79.341272][ T5092] ? __fget_files+0x28/0x470 [ 79.345917][ T5092] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.354640][ T5092] exportfs_decode_fh+0x3c/0x80 [ 79.359540][ T5092] do_handle_open+0x495/0x650 [ 79.364248][ T5092] ? __pfx_do_handle_open+0x10/0x10 [ 79.369733][ T5092] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 79.376107][ T5092] ? do_syscall_64+0x102/0x240 [ 79.380912][ T5092] do_syscall_64+0xf5/0x240 [ 79.385448][ T5092] ? clear_bhb_loop+0x35/0x90 [ 79.390141][ T5092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.396135][ T5092] RIP: 0033:0x7f3b852ab889 [ 79.400569][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.420452][ T5092] RSP: 002b:00007f3b8525a228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] futex(0x7f3b853316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] open_by_handle_at(4, {handle_bytes=16, handle_type=2, f_handle="\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"}, O_RDONLY [pid 5091] futex(0x7f3b853316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 79.429168][ T5092] RAX: ffffffffffffffda RBX: 00007f3b853316c8 RCX: 00007f3b852ab889 [ 79.437155][ T5092] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 79.445187][ T5092] RBP: 00007f3b853316c0 R08: 00007f3b8525a6c0 R09: 00007f3b8525a6c0 [ 79.453191][ T5092] R10: 00007f3b8525a6c0 R11: 0000000000000246 R12: 00007f3b853316cc [ 79.461278][ T5092] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 79.469275][ T5092] [pid 5092] <... open_by_handle_at resumed>) = -1 ESTALE (Stale file handle) [pid 5092] futex(0x7f3b853316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.473042][ T5092] F2FS-fs (loop0): sanity_check_extent_cache: inode (ino=8) extent info [5634, 0, 3] is incorrect, run fsck to fix [ 79.487684][ T5097] F2FS-fs (loop0): Inconsistent error blkaddr:5634, sit bitmap:0 [ 79.495659][ T5097] CPU: 1 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 79.505907][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 79.516008][ T5097] Call Trace: [ 79.519386][ T5097] [ 79.522339][ T5097] dump_stack_lvl+0x241/0x360 [ 79.527216][ T5097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.532447][ T5097] ? _raw_write_unlock+0x28/0x50 [ 79.537504][ T5097] ? f2fs_init_read_extent_tree+0x314/0x910 [ 79.543449][ T5097] __f2fs_is_valid_blkaddr+0xd58/0x1490 [ 79.549024][ T5097] sanity_check_extent_cache+0x15a/0x410 [ 79.554705][ T5097] f2fs_iget+0x33e1/0x46e0 [ 79.559180][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 79.564143][ T5097] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 79.569706][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 79.574755][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 79.580178][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.586010][ T5097] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 79.591948][ T5097] ? __fget_files+0x3f4/0x470 [ 79.596651][ T5097] ? __fget_files+0x28/0x470 [ 79.601319][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.607193][ T5097] exportfs_decode_fh+0x3c/0x80 [ 79.612163][ T5097] do_handle_open+0x495/0x650 [ 79.616903][ T5097] ? __pfx_do_handle_open+0x10/0x10 [ 79.622214][ T5097] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 79.628560][ T5097] ? do_syscall_64+0x102/0x240 [ 79.633360][ T5097] do_syscall_64+0xf5/0x240 [ 79.637897][ T5097] ? clear_bhb_loop+0x35/0x90 [ 79.642688][ T5097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.648681][ T5097] RIP: 0033:0x7f3b852ab889 [ 79.653282][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.673014][ T5097] RSP: 002b:00007f3b85239228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 79.681583][ T5097] RAX: ffffffffffffffda RBX: 00007f3b853316d8 RCX: 00007f3b852ab889 [ 79.689577][ T5097] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 79.697656][ T5097] RBP: 00007f3b853316d0 R08: 00007ffdc8faca87 R09: 00007f3b852396c0 [ 79.705781][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b853316dc [ 79.713974][ T5097] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 79.721989][ T5097] [ 79.725514][ T5097] ================================================================== [ 79.733706][ T5097] BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 [ 79.742440][ T5097] Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097 [ 79.750954][ T5097] [ 79.753292][ T5097] CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 79.761977][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 79.772062][ T5097] Call Trace: [ 79.775351][ T5097] [ 79.778292][ T5097] dump_stack_lvl+0x241/0x360 [ 79.783012][ T5097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.788227][ T5097] ? __pfx__printk+0x10/0x10 [ 79.792836][ T5097] ? _printk+0xd5/0x120 [ 79.797004][ T5097] ? __virt_addr_valid+0x183/0x520 [ 79.802130][ T5097] ? __virt_addr_valid+0x183/0x520 [ 79.807262][ T5097] print_report+0x169/0x550 [ 79.811812][ T5097] ? __virt_addr_valid+0x183/0x520 [ 79.816990][ T5097] ? __virt_addr_valid+0x183/0x520 [ 79.822122][ T5097] ? __virt_addr_valid+0x44e/0x520 [ 79.827341][ T5097] ? __phys_addr+0xba/0x170 [ 79.831882][ T5097] ? sanity_check_extent_cache+0x370/0x410 [ 79.837701][ T5097] kasan_report+0x143/0x180 [ 79.842397][ T5097] ? sanity_check_extent_cache+0x370/0x410 [ 79.848319][ T5097] sanity_check_extent_cache+0x370/0x410 [ 79.853992][ T5097] f2fs_iget+0x33e1/0x46e0 [ 79.858435][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 79.863389][ T5097] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 79.868981][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 79.874193][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 79.880142][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.885997][ T5097] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 79.891972][ T5097] ? __fget_files+0x3f4/0x470 [ 79.896929][ T5097] ? __fget_files+0x28/0x470 [ 79.901709][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 79.907568][ T5097] exportfs_decode_fh+0x3c/0x80 [ 79.912542][ T5097] do_handle_open+0x495/0x650 [ 79.917245][ T5097] ? __pfx_do_handle_open+0x10/0x10 [ 79.922464][ T5097] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 79.929443][ T5097] ? do_syscall_64+0x102/0x240 [ 79.934316][ T5097] do_syscall_64+0xf5/0x240 [ 79.938948][ T5097] ? clear_bhb_loop+0x35/0x90 [ 79.943653][ T5097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.949649][ T5097] RIP: 0033:0x7f3b852ab889 [ 79.954162][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.973951][ T5097] RSP: 002b:00007f3b85239228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 79.982571][ T5097] RAX: ffffffffffffffda RBX: 00007f3b853316d8 RCX: 00007f3b852ab889 [ 79.990843][ T5097] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 79.998856][ T5097] RBP: 00007f3b853316d0 R08: 00007ffdc8faca87 R09: 00007f3b852396c0 [ 80.006853][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b853316dc [ 80.014859][ T5097] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 80.022867][ T5097] [ 80.025889][ T5097] [ 80.028211][ T5097] Allocated by task 5092: [ 80.032538][ T5097] kasan_save_track+0x3f/0x80 [ 80.037341][ T5097] __kasan_slab_alloc+0x66/0x80 [ 80.042200][ T5097] kmem_cache_alloc+0x174/0x340 [ 80.047063][ T5097] __grab_extent_tree+0x183/0x400 [ 80.052265][ T5097] f2fs_init_read_extent_tree+0x455/0x910 [ 80.057991][ T5097] f2fs_iget+0x33d1/0x46e0 [ 80.062420][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 80.067376][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 80.072410][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 80.077889][ T5097] exportfs_decode_fh+0x3c/0x80 [ 80.082836][ T5097] do_handle_open+0x495/0x650 [ 80.087531][ T5097] do_syscall_64+0xf5/0x240 [ 80.092052][ T5097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.097950][ T5097] [ 80.100275][ T5097] Freed by task 5092: [ 80.104307][ T5097] kasan_save_track+0x3f/0x80 [ 80.108992][ T5097] kasan_save_free_info+0x40/0x50 [ 80.114031][ T5097] poison_slab_object+0xa6/0xe0 [ 80.118895][ T5097] __kasan_slab_free+0x37/0x60 [ 80.123675][ T5097] kmem_cache_free+0x10b/0x2c0 [ 80.128449][ T5097] __destroy_extent_tree+0x307/0x600 [ 80.133744][ T5097] f2fs_destroy_extent_tree+0x17/0x30 [ 80.139124][ T5097] f2fs_evict_inode+0x44d/0x1550 [ 80.144074][ T5097] evict+0x2a8/0x630 [ 80.148060][ T5097] f2fs_iget+0x1a68/0x46e0 [ 80.152481][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 80.157430][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 80.162460][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 80.167854][ T5097] exportfs_decode_fh+0x3c/0x80 [ 80.172726][ T5097] do_handle_open+0x495/0x650 [ 80.177455][ T5097] do_syscall_64+0xf5/0x240 [ 80.181982][ T5097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.187886][ T5097] [ 80.190209][ T5097] The buggy address belongs to the object at ffff8880739ab1a0 [ 80.190209][ T5097] which belongs to the cache f2fs_extent_tree of size 144 [ 80.204748][ T5097] The buggy address is located 128 bytes inside of [ 80.204748][ T5097] freed 144-byte region [ffff8880739ab1a0, ffff8880739ab230) [ 80.218749][ T5097] [ 80.221081][ T5097] The buggy address belongs to the physical page: [ 80.227866][ T5097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x739ab [ 80.236743][ T5097] flags: 0xfff80000000800(slab|node=0|zone=1|lastcpupid=0xfff) [ 80.244317][ T5097] page_type: 0xffffffff() [ 80.248678][ T5097] raw: 00fff80000000800 ffff88801afb08c0 dead000000000122 0000000000000000 [ 80.257282][ T5097] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000 [ 80.265878][ T5097] page dumped because: kasan: bad access detected [ 80.272295][ T5097] page_owner tracks the page as allocated [ 80.278008][ T5097] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 5076, tgid -326355158 (syz-executor200), ts 5083, free_ts 26740999480 [ 80.298091][ T5097] post_alloc_hook+0x1ea/0x210 [ 80.302874][ T5097] get_page_from_freelist+0x3410/0x35b0 [ 80.308709][ T5097] __alloc_pages+0x256/0x6c0 [ 80.313417][ T5097] alloc_slab_page+0x5f/0x160 [ 80.318154][ T5097] new_slab+0x84/0x2f0 [ 80.322268][ T5097] ___slab_alloc+0xc73/0x1260 [ 80.327734][ T5097] kmem_cache_alloc+0x252/0x340 [ 80.332611][ T5097] __grab_extent_tree+0x183/0x400 [ 80.337734][ T5097] f2fs_init_read_extent_tree+0x455/0x910 [ 80.344502][ T5097] f2fs_iget+0x33d1/0x46e0 [ 80.348928][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 80.353879][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 80.359169][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 80.364647][ T5097] exportfs_decode_fh+0x3c/0x80 [ 80.369601][ T5097] do_handle_open+0x495/0x650 [ 80.374295][ T5097] do_syscall_64+0xf5/0x240 [ 80.378907][ T5097] page last free pid 1 tgid 1 stack trace: [ 80.384804][ T5097] free_unref_page_prepare+0x97b/0xaa0 [ 80.390403][ T5097] free_unref_page+0x37/0x3f0 [ 80.395204][ T5097] free_contig_range+0x9e/0x160 [ 80.400078][ T5097] destroy_args+0x8a/0x890 [ 80.404529][ T5097] debug_vm_pgtable+0x4be/0x550 [ 80.409497][ T5097] do_one_initcall+0x248/0x880 [ 80.414289][ T5097] do_initcall_level+0x157/0x210 [ 80.419283][ T5097] do_initcalls+0x3f/0x80 [ 80.423754][ T5097] kernel_init_freeable+0x435/0x5d0 [ 80.429064][ T5097] kernel_init+0x1d/0x2b0 [ 80.433423][ T5097] ret_from_fork+0x4b/0x80 [ 80.438131][ T5097] ret_from_fork_asm+0x1a/0x30 [ 80.443031][ T5097] [ 80.445472][ T5097] Memory state around the buggy address: [ 80.451456][ T5097] ffff8880739ab100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 80.459555][ T5097] ffff8880739ab180: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 80.467620][ T5097] >ffff8880739ab200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 80.475701][ T5097] ^ [ 80.480852][ T5097] ffff8880739ab280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.488930][ T5097] ffff8880739ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.497082][ T5097] ================================================================== [ 80.506123][ T5097] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 80.513364][ T5097] CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 [ 80.522161][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 80.532245][ T5097] Call Trace: [ 80.535535][ T5097] [ 80.538469][ T5097] dump_stack_lvl+0x241/0x360 [ 80.543168][ T5097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.548389][ T5097] ? __pfx__printk+0x10/0x10 [ 80.552995][ T5097] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 80.558992][ T5097] ? vscnprintf+0x5d/0x90 [ 80.563335][ T5097] panic+0x349/0x860 [ 80.567244][ T5097] ? check_panic_on_warn+0x21/0xb0 [ 80.572372][ T5097] ? __pfx_panic+0x10/0x10 [ 80.576802][ T5097] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 80.582814][ T5097] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 80.589160][ T5097] check_panic_on_warn+0x86/0xb0 [ 80.594139][ T5097] ? sanity_check_extent_cache+0x370/0x410 [ 80.600048][ T5097] end_report+0x77/0x160 [ 80.604309][ T5097] kasan_report+0x154/0x180 [ 80.608828][ T5097] ? sanity_check_extent_cache+0x370/0x410 [ 80.614658][ T5097] sanity_check_extent_cache+0x370/0x410 [ 80.620325][ T5097] f2fs_iget+0x33e1/0x46e0 [ 80.624770][ T5097] f2fs_nfs_get_inode+0x74/0x100 [ 80.630184][ T5097] ? __pfx_f2fs_nfs_get_inode+0x10/0x10 [ 80.636529][ T5097] generic_fh_to_dentry+0x9f/0xf0 [ 80.641660][ T5097] exportfs_decode_fh_raw+0x152/0x5f0 [ 80.647162][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 80.653117][ T5097] ? __pfx_exportfs_decode_fh_raw+0x10/0x10 [ 80.659066][ T5097] ? __fget_files+0x3f4/0x470 [ 80.663759][ T5097] ? __fget_files+0x28/0x470 [ 80.668365][ T5097] ? __pfx_vfs_dentry_acceptable+0x10/0x10 [ 80.674193][ T5097] exportfs_decode_fh+0x3c/0x80 [ 80.679058][ T5097] do_handle_open+0x495/0x650 [ 80.683754][ T5097] ? __pfx_do_handle_open+0x10/0x10 [ 80.689056][ T5097] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 80.695396][ T5097] ? do_syscall_64+0x102/0x240 [ 80.700181][ T5097] do_syscall_64+0xf5/0x240 [ 80.704704][ T5097] ? clear_bhb_loop+0x35/0x90 [ 80.709479][ T5097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.715435][ T5097] RIP: 0033:0x7f3b852ab889 [ 80.719865][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 80.739658][ T5097] RSP: 002b:00007f3b85239228 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 80.748083][ T5097] RAX: ffffffffffffffda RBX: 00007f3b853316d8 RCX: 00007f3b852ab889 [ 80.756064][ T5097] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 80.764045][ T5097] RBP: 00007f3b853316d0 R08: 00007ffdc8faca87 R09: 00007f3b852396c0 [ 80.772678][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b853316dc [ 80.780677][ T5097] R13: 00007f3b852f8160 R14: 0030656c69662f2e R15: 00007ffdc8faca88 [ 80.788688][ T5097] [ 80.791839][ T5097] Kernel Offset: disabled [ 80.796173][ T5097] Rebooting in 86400 seconds..