./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1271646343 <...> cess permissive=1 [ 18.394051][ T28] audit: type=1400 audit(1749794114.804:63): avc: denied { siginh } for pid=235 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.497781][ T241] sshd-session (241) used greatest stack depth: 22880 bytes left Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. execve("./syz-executor1271646343", ["./syz-executor1271646343"], 0x7ffdc738e950 /* 10 vars */) = 0 brk(NULL) = 0x555555ec9000 brk(0x555555ec9d40) = 0x555555ec9d40 arch_prctl(ARCH_SET_FS, 0x555555ec93c0) = 0 set_tid_address(0x555555ec9690) = 289 set_robust_list(0x555555ec96a0, 24) = 0 rseq(0x555555ec9ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1271646343", 4096) = 28 getrandom("\xf1\xea\x1a\x1c\x78\x49\x68\xcb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555ec9d40 brk(0x555555eead40) = 0x555555eead40 brk(0x555555eeb000) = 0x555555eeb000 mprotect(0x7fe19da0d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0executing program ) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 290 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 291 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 294 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x555555ec96a0, 24) = 0 [pid 293] mkdir("./syzkaller.haSPNQ", 0700./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x555555ec96a0, 24) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 290] mkdir("./syzkaller.nN4QR1", 0700) = 0 [pid 293] chmod("./syzkaller.haSPNQ", 0777) = 0 [pid 290] chmod("./syzkaller.nN4QR1", 0777) = 0 [pid 293] chdir("./syzkaller.haSPNQ") = 0 [pid 290] chdir("./syzkaller.nN4QR1") = 0 [pid 290] mkdir("./0", 0777 [pid 293] mkdir("./0", 0777 [pid 290] <... mkdir resumed>) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 290] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 293] ioctl(3, LOOP_CLR_FD [pid 290] close(3 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 290] <... close resumed>) = 0 [pid 293] close(3) = 0 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 290] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ec9690) = 296 [pid 293] <... clone resumed>, child_tidptr=0x555555ec9690) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555555ec96a0, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] rt_sigaction(SIGRT_1, {sa_handler=0x7fe19d9ad260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe19d99e410}, NULL, 8) = 0 [pid 295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d923000 [pid 295] mprotect(0x7fe19d924000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d943990, parent_tid=0x7fe19d943990, exit_signal=0, stack=0x7fe19d923000, stack_size=0x20300, tls=0x7fe19d9436c0} => {parent_tid=[297]}, 88) = 297 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7fe19d9439a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe195523000 ./strace-static-x86_64: Process 294 attached ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555555ec96a0, 24) = 0 [pid 294] set_robust_list(0x555555ec96a0, 24./strace-static-x86_64: Process 292 attached [pid 296] chdir("./0" [pid 294] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 291 attached [pid 294] getrandom( [pid 296] <... chdir resumed>) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] <... getrandom resumed>"\xaf\xd3\xa0\x4a\xbf\xef\x76\x9f", 8, GRND_NONBLOCK) = 8 [pid 296] <... prctl resumed>) = 0 [pid 296] setpgid(0, 0 [pid 294] mkdir("./syzkaller.vxWdAU", 0700 [pid 296] <... setpgid resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] <... mkdir resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 294] chmod("./syzkaller.vxWdAU", 0777 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 294] <... chmod resumed>) = 0 [pid 291] set_robust_list(0x555555ec96a0, 24 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 294] chdir("./syzkaller.vxWdAU" [pid 292] set_robust_list(0x555555ec96a0, 24 [pid 291] <... set_robust_list resumed>) = 0 [pid 296] <... symlink resumed>) = 0 [pid 294] <... chdir resumed>) = 0 [pid 296] write(1, "executing program\n", 18executing program ) = 18 [pid 296] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... set_robust_list resumed>) = 0 [pid 296] <... futex resumed>) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7fe19d9ad260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe19d99e410}, [pid 291] mkdir("./syzkaller.CIqUrs", 0700 [pid 292] mkdir("./syzkaller.ieZZNq", 0700 [pid 296] <... rt_sigaction resumed>NULL, 8) = 0 [pid 294] mkdir("./0", 0777 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d923000 [pid 294] <... mkdir resumed>) = 0 [pid 296] mprotect(0x7fe19d924000, 131072, PROT_READ|PROT_WRITE [pid 291] <... mkdir resumed>) = 0 [pid 296] <... mprotect resumed>) = 0 [ 29.796833][ T28] audit: type=1400 audit(1749794126.214:64): avc: denied { execmem } for pid=289 comm="syz-executor127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 292] <... mkdir resumed>) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 294] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 292] chmod("./syzkaller.ieZZNq", 0777 [pid 291] chmod("./syzkaller.CIqUrs", 0777 [pid 296] <... rt_sigprocmask resumed>[], 8) = 0 [pid 294] <... openat resumed>) = 3 [pid 292] <... chmod resumed>) = 0 [pid 291] <... chmod resumed>) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d943990, parent_tid=0x7fe19d943990, exit_signal=0, stack=0x7fe19d923000, stack_size=0x20300, tls=0x7fe19d9436c0} [pid 291] chdir("./syzkaller.CIqUrs" [pid 294] ioctl(3, LOOP_CLR_FD [pid 292] chdir("./syzkaller.ieZZNq" [pid 291] <... chdir resumed>) = 0 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 292] <... chdir resumed>) = 0 [pid 291] mkdir("./0", 0777 [pid 294] close(3 [ 29.845678][ T28] audit: type=1400 audit(1749794126.224:65): avc: denied { read write } for pid=293 comm="syz-executor127" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 292] mkdir("./0", 0777 [pid 296] <... clone3 resumed> => {parent_tid=[300]}, 88) = 300 [pid 294] <... close resumed>) = 0 [pid 292] <... mkdir resumed>) = 0 [pid 291] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x7fe19d9439a0, 24) = 0 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] rt_sigprocmask(SIG_SETMASK, [], [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 291] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 291] <... openat resumed>) = 3 [pid 292] <... openat resumed>) = 3 [pid 296] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 294] <... clone resumed>, child_tidptr=0x555555ec9690) = 301 [pid 292] ioctl(3, LOOP_CLR_FD [pid 291] ioctl(3, LOOP_CLR_FD [pid 296] <... futex resumed>) = 1 [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 292] close(3 [pid 291] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... futex resumed>) = 0 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe195523000 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555555ec96a0, 24) = 0 [pid 301] chdir("./0") = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] write(1, "executing program\n", 18) = 18 [pid 301] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7fe19d9ad260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe19d99e410}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d923000 [pid 301] mprotect(0x7fe19d924000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d943990, parent_tid=0x7fe19d943990, exit_signal=0, stack=0x7fe19d923000, stack_size=0x20300, tls=0x7fe19d9436c0} => {parent_tid=[302]}, 88) = 302 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 302 attached [pid 292] <... close resumed>) = 0 [pid 291] close(3 [pid 302] set_robust_list(0x7fe19d9439a0, 24 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... set_robust_list resumed>) = 0 [pid 291] <... close resumed>) = 0 [pid 302] rt_sigprocmask(SIG_SETMASK, [], [pid 292] <... clone resumed>, child_tidptr=0x555555ec9690) = 303 [pid 291] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 302] memfd_create("syzkaller", 0 [pid 291] <... clone resumed>, child_tidptr=0x555555ec9690) = 304 [pid 302] <... memfd_create resumed>) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe195523000 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555555ec96a0, 24) = 0 [pid 303] chdir("./0") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x555555ec96a0, 24 [pid 303] <... openat resumed>) = 3 [pid 304] <... set_robust_list resumed>) = 0 [pid 304] chdir("./0" [pid 303] write(3, "1000", 4) = 4 [pid 304] <... chdir resumed>) = 0 [pid 303] close(3) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0 [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 304] <... setpgid resumed>) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] <... symlink resumed>) = 0 [ 29.877145][ T28] audit: type=1400 audit(1749794126.224:66): avc: denied { open } for pid=293 comm="syz-executor127" path="/dev/loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 29.907658][ T28] audit: type=1400 audit(1749794126.224:67): avc: denied { ioctl } for pid=290 comm="syz-executor127" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 303] write(1, "executing program\n", 18 [pid 304] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 303] <... write resumed>) = 18 [pid 303] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7fe19d9ad260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe19d99e410}, NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 304] write(1, "executing program\n", 18 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program ) = 0x7fe19d923000 [pid 304] <... write resumed>) = 18 [pid 304] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] mprotect(0x7fe19d924000, 131072, PROT_READ|PROT_WRITE [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7fe19d9ad260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe19d99e410}, [pid 303] <... mprotect resumed>) = 0 [pid 304] <... rt_sigaction resumed>NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d943990, parent_tid=0x7fe19d943990, exit_signal=0, stack=0x7fe19d923000, stack_size=0x20300, tls=0x7fe19d9436c0} [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d923000 [pid 303] <... clone3 resumed> => {parent_tid=[305]}, 88) = 305 [pid 304] mprotect(0x7fe19d924000, 131072, PROT_READ|PROT_WRITE [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 304] <... mprotect resumed>) = 0 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d943990, parent_tid=0x7fe19d943990, exit_signal=0, stack=0x7fe19d923000, stack_size=0x20300, tls=0x7fe19d9436c0} [pid 303] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 304] <... clone3 resumed> => {parent_tid=[306]}, 88) = 306 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7fe19d9439a0, 24) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe195523000 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fe19d9439a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] memfd_create("syzkaller", 0) = 3 [pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe195523000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 297] <... write resumed>) = 20699119 [pid 297] munmap(0x7fe195523000, 138412032) = 0 [pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 297] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 297] <... ioctl resumed>) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("./file4", 0777) = 0 [ 30.352002][ T297] loop3: detected capacity change from 0 to 40427 [ 30.385943][ T297] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 30.395192][ T28] audit: type=1400 audit(1749794126.804:68): avc: denied { mounton } for pid=295 comm="syz-executor127" path="/root/syzkaller.haSPNQ/0/file4" dev="sda1" ino=2039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 30.438972][ T297] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 297] mount("/dev/loop3", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 300] <... write resumed>) = 20699119 [ 30.461344][ T297] F2FS-fs (loop3): fault_injection options not supported [ 30.481524][ T297] F2FS-fs (loop3): fault_type options not supported [ 30.492177][ T297] F2FS-fs (loop3): invalid crc value [pid 300] munmap(0x7fe195523000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3 [pid 302] <... write resumed>) = 20699119 [pid 302] munmap(0x7fe195523000, 138412032) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 30.512251][ T297] F2FS-fs (loop3): Found nat_bits in checkpoint [ 30.521204][ T300] loop0: detected capacity change from 0 to 40427 [pid 302] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... ioctl resumed>) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file4", 0777) = 0 [pid 300] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 302] <... ioctl resumed>) = 0 [pid 302] close(3) = 0 [pid 302] close(4) = 0 [pid 302] mkdir("./file4", 0777) = 0 [ 30.557798][ T302] loop4: detected capacity change from 0 to 40427 [ 30.567174][ T300] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 30.582233][ T302] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 30.595367][ T302] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 30.619255][ T297] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 30.629096][ T300] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.631928][ T302] F2FS-fs (loop4): fault_injection options not supported [ 30.648417][ T297] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [pid 302] mount("/dev/loop4", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 297] <... mount resumed>) = 0 [pid 297] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file4") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [ 30.659207][ T28] audit: type=1400 audit(1749794127.074:69): avc: denied { mount } for pid=295 comm="syz-executor127" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.669940][ T300] F2FS-fs (loop0): fault_injection options not supported [ 30.690142][ T302] F2FS-fs (loop4): fault_type options not supported [ 30.711525][ T300] F2FS-fs (loop0): fault_type options not supported [pid 297] close(4) = 0 [pid 297] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 295] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 4 [pid 305] <... write resumed>) = 20699119 [pid 305] munmap(0x7fe195523000, 138412032) = 0 [pid 306] <... write resumed>) = 20699119 [pid 297] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = 1 [pid 295] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] munmap(0x7fe195523000, 138412032 [pid 305] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 30.720186][ T302] F2FS-fs (loop4): invalid crc value [ 30.729772][ T28] audit: type=1400 audit(1749794127.144:70): avc: denied { write } for pid=295 comm="syz-executor127" name="/" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 305] ioctl(4, LOOP_SET_FD, 3 [pid 306] <... munmap resumed>) = 0 [pid 297] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 305] <... ioctl resumed>) = 0 [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] futex(0x7fe19da136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d902000 [pid 295] mprotect(0x7fe19d903000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d922990, parent_tid=0x7fe19d922990, exit_signal=0, stack=0x7fe19d902000, stack_size=0x20300, tls=0x7fe19d9226c0} => {parent_tid=[315]}, 88) = 315 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7fe19da136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7fe19da136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] close(3) = 0 [pid 305] close(4) = 0 [pid 305] mkdir("./file4", 0777) = 0 [pid 305] mount("/dev/loop2", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"..../strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x7fe19d9229a0, 24) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 30.761091][ T28] audit: type=1400 audit(1749794127.144:71): avc: denied { write open } for pid=295 comm="syz-executor127" path=2F726F6F742F73797A6B616C6C65722E686153504E512F302F66696C65342F233130202864656C6574656429 dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.764575][ T305] loop2: detected capacity change from 0 to 40427 [ 30.801589][ T300] F2FS-fs (loop0): invalid crc value [ 30.816049][ T297] F2FS-fs (loop3): switch discard_unit option is not allowed [ 30.819282][ T315] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 30.826590][ T302] F2FS-fs (loop4): Found nat_bits in checkpoint [ 30.838466][ T315] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 30.838489][ T315] CPU: 0 PID: 315 Comm: syz-executor127 Not tainted 6.1.138-syzkaller-00008-g74db64dcc8aa #0 [ 30.838518][ T315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 30.845887][ T28] audit: type=1400 audit(1749794127.234:72): avc: denied { remount } for pid=295 comm="syz-executor127" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.856673][ T315] RIP: 0010:update_sit_entry+0x4f9/0x15a0 [ 30.892215][ T28] audit: type=1400 audit(1749794127.294:73): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 30.910796][ T315] Code: 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ee 11 8d ff 48 8b 1b 4c 01 f3 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 55 0f 00 00 44 0f b6 23 44 89 e0 44 08 f8 [ 30.910822][ T315] RSP: 0018:ffffc90000f36fc0 EFLAGS: 00010246 [ 30.910842][ T315] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 30.910856][ T315] RDX: ffff88810fc81440 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.942226][ T302] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 30.947587][ T315] RBP: ffffc90000f37090 R08: ffff88810fc81440 R09: 0000000000000003 [ 30.973405][ T302] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 30.981091][ T315] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000 [ 30.993632][ T306] loop1: detected capacity change from 0 to 40427 [ 31.000044][ T315] R13: ffff8881142600c8 R14: 0000000000000000 R15: 0000000000000080 [ 31.066476][ T315] FS: 00007fe19d9226c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.078472][ T315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.085881][ T315] CR2: 00007fe19d921ff8 CR3: 0000000104517000 CR4: 00000000003506b0 [ 31.096781][ T315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.106818][ T315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.116089][ T315] Call Trace: [ 31.119944][ T315] [ 31.123945][ T315] ? __kasan_check_write+0x14/0x20 [ 31.129817][ T315] ? ktime_get_coarse_with_offset+0x153/0x1a0 [ 31.138327][ T315] f2fs_allocate_data_block+0x148c/0x3af0 [ 31.147110][ T315] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.155355][ T315] ? _raw_spin_unlock+0x4c/0x70 [ 31.161306][ T315] ? f2fs_inode_dirtied+0x308/0x360 [ 31.168543][ T315] ? __cfi_f2fs_allocate_data_block+0x10/0x10 [ 31.176525][ T315] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0 [ 31.183432][ T315] ? inc_valid_block_count+0x5af/0xa00 [ 31.192173][ T315] f2fs_map_blocks+0x11a8/0x3a60 [ 31.197887][ T315] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 31.205851][ T315] f2fs_iomap_begin+0x1f5/0x920 [ 31.211314][ T315] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 31.217444][ T315] iomap_iter+0x5b7/0xb30 [ 31.222946][ T315] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 31.229323][ T315] __iomap_dio_rw+0xc34/0x1bd0 [ 31.235795][ T315] ? __cfi___iomap_dio_rw+0x10/0x10 [ 31.242252][ T315] ? down_read_trylock+0x273/0x640 [ 31.249576][ T315] ? fault_in_readable+0x11a/0x150 [ 31.255529][ T315] ? fault_in_iov_iter_readable+0xc3/0x320 [ 31.263587][ T315] f2fs_file_write_iter+0x1559/0x2550 [ 31.270258][ T315] ? __cfi_f2fs_file_write_iter+0x10/0x10 [ 31.278455][ T315] ? _raw_spin_unlock+0x4c/0x70 [ 31.285668][ T315] ? finish_task_switch+0x16b/0x7b0 [ 31.292190][ T315] ? __switch_to_asm+0x3a/0x60 [ 31.297690][ T315] ? avc_policy_seqno+0x1b/0x70 [ 31.303646][ T315] ? fsnotify_perm+0x67/0x5b0 [ 31.309830][ T315] ? security_file_permission+0x8a/0xb0 [ 31.316830][ T315] vfs_write+0x5db/0xca0 [ 31.321938][ T315] ? __kasan_check_write+0x14/0x20 [ 31.330819][ T315] ? __cfi_vfs_write+0x10/0x10 [ 31.337550][ T315] ? __cfi_mutex_lock+0x10/0x10 [ 31.343473][ T315] ? __fdget_pos+0x2cd/0x380 [ 31.349610][ T315] ? ksys_write+0x71/0x240 [ 31.355204][ T315] ksys_write+0x140/0x240 [ 31.359895][ T315] ? __cfi_ksys_write+0x10/0x10 [ 31.365314][ T315] ? do_user_addr_fault+0x9ac/0x1050 [ 31.372215][ T315] ? debug_smp_processor_id+0x17/0x20 [ 31.379637][ T315] __x64_sys_write+0x7b/0x90 [ 31.384573][ T315] x64_sys_call+0x27b/0x9a0 [ 31.389867][ T315] do_syscall_64+0x4c/0xa0 [ 31.394890][ T315] ? clear_bhb_loop+0x15/0x70 [ 31.400217][ T315] ? clear_bhb_loop+0x15/0x70 [ 31.406222][ T315] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.416014][ T315] RIP: 0033:0x7fe19d986e49 [ 31.421147][ T315] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.448436][ T315] RSP: 002b:00007fe19d922218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 31.457242][ T315] RAX: ffffffffffffffda RBX: 00007fe19da136d8 RCX: 00007fe19d986e49 [ 31.467434][ T315] RDX: 000000000000003b RSI: 0000200000000080 RDI: 0000000000000004 [ 31.477039][ T315] RBP: 00007fe19da136d0 R08: 00007fe19d921fb7 R09: 0000000000000000 [ 31.486569][ T315] R10: 0000000000000014 R11: 0000000000000246 R12: 00007fe19d9db06b [ 31.496246][ T315] R13: 0000200000000088 R14: 0000200000000080 R15: 00002000000001c0 [ 31.504698][ T315] [ 31.508024][ T315] Modules linked in: [ 31.512471][ T305] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [pid 315] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 306] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 306] <... openat resumed>) = 4 [pid 297] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... futex resumed>) = 0 [pid 297] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... mount resumed>) = 0 [pid 302] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 302] chdir("./file4") = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 302] ioctl(4, LOOP_CLR_FD) = 0 [pid 302] close(4) = 0 [pid 302] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] <... ioctl resumed>) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file4", 0777) = 0 [pid 306] mount("/dev/loop1", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"... [pid 301] <... futex resumed>) = 0 [pid 295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 1 [pid 302] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 301] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... openat resumed>) = 4 [pid 302] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 302] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 301] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.516959][ T306] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 31.520590][ T305] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 31.539042][ T305] F2FS-fs (loop2): fault_injection options not supported [ 31.539259][ T302] F2FS-fs (loop4): switch discard_unit option is not allowed [ 31.547014][ T305] F2FS-fs (loop2): fault_type options not supported [ 31.566396][ T305] F2FS-fs (loop2): invalid crc value [pid 301] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 302] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 301] <... futex resumed>) = 1 [pid 302] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 301] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 302] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 302] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... futex resumed>) = 0 [pid 301] exit_group(0) = ? [pid 302] <... futex resumed>) = ? [pid 302] +++ exited with 0 +++ [ 31.572736][ T306] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 31.583292][ T306] F2FS-fs (loop1): fault_injection options not supported [ 31.592329][ T306] F2FS-fs (loop1): fault_type options not supported [ 31.604275][ T300] F2FS-fs (loop0): Found nat_bits in checkpoint [ 31.604374][ T305] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 301] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=10, si_stime=31} --- [pid 294] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 294] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 294] getdents64(3, 0x555555eca730 /* 4 entries */, 32768) = 112 [ 31.621310][ T306] F2FS-fs (loop1): invalid crc value [ 31.640605][ T306] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 294] umount2("./0/file4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 305] <... mount resumed>) = 0 [pid 305] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 305] chdir("./file4") = 0 [pid 305] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 305] ioctl(4, LOOP_CLR_FD) = 0 [pid 305] close(4) = 0 [pid 305] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 305] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 303] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [ 31.710311][ T305] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 31.720113][ T300] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 31.725575][ T305] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 31.739827][ T300] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.743677][ T305] F2FS-fs (loop2): switch discard_unit option is not allowed [pid 305] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 300] <... mount resumed>) = 0 [pid 300] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY [pid 305] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 305] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 303] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] chdir("./file4" [pid 305] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 1 [pid 305] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 303] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 305] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 303] <... futex resumed>) = 0 [pid 305] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] exit_group(0 [pid 305] <... futex resumed>) = ? [pid 303] <... exit_group resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 303] +++ exited with 0 +++ [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=10, si_stime=27} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 306] <... mount resumed>) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 292] getdents64(3, 0x555555eca730 /* 4 entries */, 32768) = 112 [pid 292] umount2("./0/file4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 306] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file4") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 31.769666][ T306] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 31.777230][ T315] ---[ end trace 0000000000000000 ]--- [ 31.783317][ T306] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 31.785491][ T315] RIP: 0010:update_sit_entry+0x4f9/0x15a0 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 306] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 300] <... chdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 304] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 300] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7fe19da136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe19d902000 [pid 300] <... futex resumed>) = 1 [pid 296] <... futex resumed>) = 0 [pid 300] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] mprotect(0x7fe19d903000, 131072, PROT_READ|PROT_WRITE [pid 300] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000 [pid 296] <... futex resumed>) = 0 [pid 304] <... mprotect resumed>) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... openat resumed>) = 4 [pid 296] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 296] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 296] <... futex resumed>) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe19d922990, parent_tid=0x7fe19d922990, exit_signal=0, stack=0x7fe19d902000, stack_size=0x20300, tls=0x7fe19d9226c0} => {parent_tid=[330]}, 88) = 330 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 31.804659][ T315] Code: 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ee 11 8d ff 48 8b 1b 4c 01 f3 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 55 0f 00 00 44 0f b6 23 44 89 e0 44 08 f8 [ 31.821222][ T306] F2FS-fs (loop1): switch discard_unit option is not allowed [ 31.841560][ T315] RSP: 0018:ffffc90000f36fc0 EFLAGS: 00010246 [ 31.848704][ T315] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 31.859142][ T315] RDX: ffff88810fc81440 RSI: 0000000000000000 RDI: 0000000000000000 [pid 304] futex(0x7fe19da136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7fe19da136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7fe19d9229a0, 24) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 31.874590][ T300] F2FS-fs (loop0): switch discard_unit option is not allowed [ 31.883866][ T330] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] PREEMPT SMP KASAN [ 31.898818][ T330] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 31.904804][ T315] RBP: ffffc90000f37090 R08: ffff88810fc81440 R09: 0000000000000003 [ 31.910055][ T330] CPU: 0 PID: 330 Comm: syz-executor127 Tainted: G D 6.1.138-syzkaller-00008-g74db64dcc8aa #0 [ 31.921716][ T315] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000 [ 31.933771][ T330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.933789][ T330] RIP: 0010:update_sit_entry+0x4f9/0x15a0 [pid 330] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 300] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 296] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 296] futex(0x7fe19da136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 296] <... futex resumed>) = 0 [pid 300] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 296] futex(0x7fe19da136cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] futex(0x7fe19da136cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 296] <... futex resumed>) = 0 [pid 300] futex(0x7fe19da136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] exit_group(0 [pid 300] <... futex resumed>) = ? [pid 296] <... exit_group resumed>) = ? [pid 300] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ [pid 290] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=10, si_stime=19} --- [pid 290] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 290] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 290] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 290] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 290] getdents64(3, 0x555555eca730 /* 4 entries */, 32768) = 112 [ 31.933826][ T330] Code: 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ee 11 8d ff 48 8b 1b 4c 01 f3 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 55 0f 00 00 44 0f b6 23 44 89 e0 44 08 f8 [ 31.933842][ T330] RSP: 0018:ffffc90000e76fc0 EFLAGS: 00010246 [ 31.933860][ T330] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 31.933873][ T330] RDX: ffff888117e38000 RSI: 0000000000000000 RDI: 0000000000000000 [ 31.933885][ T330] RBP: ffffc90000e77090 R08: ffff888117e38000 R09: 0000000000000003 [ 31.950054][ T315] R13: ffff8881142600c8 R14: 0000000000000000 R15: 0000000000000080 [ 31.957485][ T330] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000 [ 31.957507][ T330] R13: ffff8881142840c8 R14: 0000000000000000 R15: 0000000000000080 [ 31.957519][ T330] FS: 00007fe19d9226c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.957536][ T330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.957550][ T330] CR2: 00007fe19d921ff8 CR3: 0000000103b05000 CR4: 00000000003506b0 [ 31.957568][ T330] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.967109][ T315] FS: 00007fe19d9226c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.988093][ T330] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.988116][ T330] Call Trace: [ 31.988123][ T330] [ 31.988132][ T330] ? __kasan_check_write+0x14/0x20 [ 31.988168][ T330] ? ktime_get_coarse_with_offset+0x153/0x1a0 [ 31.996146][ T315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.005488][ T330] f2fs_allocate_data_block+0x148c/0x3af0 [ 32.005534][ T330] ? __cfi__raw_spin_lock+0x10/0x10 [ 32.016813][ T315] CR2: 0000555555ed2738 CR3: 0000000104517000 CR4: 00000000003506a0 [ 32.025570][ T330] ? _raw_spin_unlock+0x4c/0x70 [ 32.025609][ T330] ? f2fs_inode_dirtied+0x308/0x360 [ 32.025630][ T330] ? __cfi_f2fs_allocate_data_block+0x10/0x10 [ 32.035081][ T315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.043766][ T330] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0 [ 32.043810][ T330] ? inc_valid_block_count+0x5af/0xa00 [ 32.043839][ T330] f2fs_map_blocks+0x11a8/0x3a60 [ 32.043873][ T330] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 32.062527][ T315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.065261][ T330] f2fs_iomap_begin+0x1f5/0x920 [ 32.076096][ T315] Kernel panic - not syncing: Fatal exception [ 32.086149][ T330] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 32.086188][ T330] iomap_iter+0x5b7/0xb30 [ 32.086215][ T330] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 32.086234][ T330] __iomap_dio_rw+0xc34/0x1bd0 [ 32.086257][ T330] ? __cfi___iomap_dio_rw+0x10/0x10 [ 32.086278][ T330] ? down_read_trylock+0x273/0x640 [ 32.086306][ T330] ? fault_in_readable+0x11a/0x150 [ 32.086323][ T330] ? fault_in_iov_iter_readable+0xc3/0x320 [ 32.086344][ T330] f2fs_file_write_iter+0x1559/0x2550 [ 32.086374][ T330] ? __cfi_f2fs_file_write_iter+0x10/0x10 [ 32.086400][ T330] ? _raw_spin_unlock+0x4c/0x70 [ 32.086425][ T330] ? finish_task_switch+0x16b/0x7b0 [ 32.086449][ T330] ? __switch_to_asm+0x3a/0x60 [ 32.086471][ T330] ? avc_policy_seqno+0x1b/0x70 [ 32.086495][ T330] ? fsnotify_perm+0x67/0x5b0 [ 32.086513][ T330] ? security_file_permission+0x8a/0xb0 [ 32.086534][ T330] vfs_write+0x5db/0xca0 [ 32.086559][ T330] ? __kasan_check_write+0x14/0x20 [ 32.086587][ T330] ? __cfi_vfs_write+0x10/0x10 [ 32.086612][ T330] ? __cfi_mutex_lock+0x10/0x10 [ 32.086638][ T330] ? __fdget_pos+0x2cd/0x380 [ 32.086663][ T330] ? ksys_write+0x71/0x240 [ 32.086688][ T330] ksys_write+0x140/0x240 [ 32.086713][ T330] ? __cfi_ksys_write+0x10/0x10 [ 32.086737][ T330] ? do_user_addr_fault+0x9ac/0x1050 [ 32.086761][ T330] ? debug_smp_processor_id+0x17/0x20 [ 32.086785][ T330] __x64_sys_write+0x7b/0x90 [ 32.086810][ T330] x64_sys_call+0x27b/0x9a0 [ 32.086832][ T330] do_syscall_64+0x4c/0xa0 [ 32.086858][ T330] ? clear_bhb_loop+0x15/0x70 [ 32.086876][ T330] ? clear_bhb_loop+0x15/0x70 [ 32.086894][ T330] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 32.086923][ T330] RIP: 0033:0x7fe19d986e49 [ 32.086940][ T330] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 32.086955][ T330] RSP: 002b:00007fe19d922218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 32.086976][ T330] RAX: ffffffffffffffda RBX: 00007fe19da136d8 RCX: 00007fe19d986e49 [ 32.086990][ T330] RDX: 000000000000003b RSI: 0000200000000080 RDI: 0000000000000004 [ 32.087001][ T330] RBP: 00007fe19da136d0 R08: 00007fe19d921fb7 R09: 0000000000000000 [ 32.087014][ T330] R10: 0000000000000014 R11: 0000000000000246 R12: 00007fe19d9db06b [ 32.087025][ T330] R13: 0000200000000088 R14: 0000200000000080 R15: 00002000000001c0 [ 32.087042][ T330] [ 32.087048][ T330] Modules linked in: [ 32.099232][ T315] Kernel Offset: disabled [ 32.549763][ T315] Rebooting in 86400 seconds..