./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1100922949 <...> Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts. execve("./syz-executor1100922949", ["./syz-executor1100922949"], 0x7ffd93949ba0 /* 10 vars */) = 0 brk(NULL) = 0x55555653b000 brk(0x55555653bc40) = 0x55555653bc40 arch_prctl(ARCH_SET_FS, 0x55555653b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1100922949", 4096) = 28 brk(0x55555655cc40) = 0x55555655cc40 brk(0x55555655d000) = 0x55555655d000 mprotect(0x7fbcb0682000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 4991 mkdir("./syzkaller.p7Jlqz", 0700) = 0 chmod("./syzkaller.p7Jlqz", 0777) = 0 chdir("./syzkaller.p7Jlqz") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555653b5d0) = 4992 ./strace-static-x86_64: Process 4992 attached [pid 4992] chdir("./0") = 0 [pid 4992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4992] setpgid(0, 0) = 0 [pid 4992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4992] write(3, "1000", 4) = 4 [pid 4992] close(3) = 0 [pid 4992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4992] memfd_create("syzkaller", 0) = 3 [pid 4992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbca81b6000 syzkaller login: [ 70.989337][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor110' [pid 4992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864) = 67108864 [pid 4992] munmap(0x7fbca81b6000, 67108864) = 0 [pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4992] close(3) = 0 [pid 4992] mkdir("./file0", 0777) = 0 [ 71.757236][ T4992] loop0: detected capacity change from 0 to 131072 [ 71.768006][ T4992] ======================================================= [ 71.768006][ T4992] WARNING: The mand mount option has been deprecated and [ 71.768006][ T4992] and is ignored by this kernel. Remove the mand [ 71.768006][ T4992] option from the mount to silence this warning. [ 71.768006][ T4992] ======================================================= [ 71.805436][ T4992] F2FS-fs (loop0): Corrupted extension count (4278190117 + 1 > 64) [ 71.813662][ T4992] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 71.823446][ T4992] F2FS-fs (loop0): invalid crc value [ 71.831354][ T4992] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 4992] mount("/dev/loop0", "./file0", "f2fs", MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_REC|MS_POSIXACL|MS_STRICTATIME, "") = 0 [pid 4992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4992] chdir("./file0") = 0 [pid 4992] ioctl(4, LOOP_CLR_FD) = 0 [pid 4992] close(4) = 0 [pid 4992] mkdir("./bus", 0777) = -1 E2BIG (Argument list too long) [pid 4992] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 4992] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=4992, si_uid=0, si_status=SIGSEGV, si_utime=15 /* 0.15 s */, si_stime=56 /* 0.56 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555653c620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 71.858969][ T4992] F2FS-fs (loop0): Try to recover 2th superblock, ret: -30 [ 71.866301][ T4992] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 71.892581][ T4992] F2FS-fs (loop0): Corrupted max_depth of 3: 2049 [ 71.924118][ T4991] ------------[ cut here ]------------ [ 71.929642][ T4991] kernel BUG at fs/f2fs/inode.c:869! [ 71.935222][ T4991] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 71.941290][ T4991] CPU: 1 PID: 4991 Comm: syz-executor110 Not tainted 6.4.0-rc4-syzkaller-00268-g51f269a6ecc7 #0 [ 71.951675][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 71.961708][ T4991] RIP: 0010:f2fs_evict_inode+0x1576/0x1590 [ 71.967518][ T4991] Code: fd 31 ff 89 de e8 da d1 c9 fd 40 84 ed 75 29 e8 40 cf c9 fd 4c 8b 74 24 08 e9 c9 eb ff ff e8 31 cf c9 fd 0f 0b e8 2a cf c9 fd <0f> 0b e8 23 cf c9 fd 0f 0b e9 f6 fe ff ff e8 17 cf c9 fd e8 22 e5 [ 71.987099][ T4991] RSP: 0018:ffffc90003a0f918 EFLAGS: 00010293 [ 71.993146][ T4991] RAX: ffffffff83c1b006 RBX: 0000000000000002 RCX: ffff88807d8f8000 [ 72.001093][ T4991] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 72.009042][ T4991] RBP: 0000000000000000 R08: ffffffff83c1a8fa R09: ffffed100f05f2cd [ 72.016998][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100f05f23e [ 72.024947][ T4991] R13: ffff8880782f91b0 R14: ffff8880782f9660 R15: dffffc0000000000 [ 72.032896][ T4991] FS: 000055555653b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 72.041806][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.048373][ T4991] CR2: 00007ffd0f138fa8 CR3: 000000007df90000 CR4: 00000000003506e0 [ 72.056335][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.064292][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.072248][ T4991] Call Trace: [ 72.075510][ T4991] [ 72.078425][ T4991] ? __die_body+0x5e/0xa0 [ 72.082757][ T4991] ? die+0x87/0xb0 [ 72.086470][ T4991] ? do_trap+0x11e/0x350 [ 72.090702][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.095897][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.101093][ T4991] ? do_error_trap+0x141/0x1f0 [ 72.105854][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.111055][ T4991] ? do_int3+0x30/0x30 [ 72.115124][ T4991] ? handle_invalid_op+0x2c/0x40 [ 72.120050][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.125312][ T4991] ? exc_invalid_op+0x33/0x50 [ 72.129981][ T4991] ? asm_exc_invalid_op+0x1a/0x20 [ 72.134997][ T4991] ? f2fs_evict_inode+0xe6a/0x1590 [ 72.140103][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.145296][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.150496][ T4991] ? f2fs_evict_inode+0x1576/0x1590 [ 72.155693][ T4991] ? bit_waitqueue+0x30/0x30 [ 72.160276][ T4991] ? do_raw_spin_unlock+0x13b/0x8b0 [ 72.165471][ T4991] ? _raw_spin_unlock+0x28/0x40 [ 72.170313][ T4991] ? f2fs_write_inode+0x480/0x480 [ 72.175332][ T4991] evict+0x2a4/0x620 [ 72.179231][ T4991] evict_inodes+0x5f8/0x690 [ 72.183730][ T4991] ? clear_inode+0x150/0x150 [ 72.188310][ T4991] ? dput+0x403/0x420 [ 72.192280][ T4991] ? sync_filesystem+0x107/0x220 [ 72.197204][ T4991] generic_shutdown_super+0x98/0x340 [ 72.202483][ T4991] kill_block_super+0x84/0xf0 [ 72.207149][ T4991] kill_f2fs_super+0x303/0x3d0 [ 72.211905][ T4991] ? f2fs_mount+0x40/0x40 [ 72.216221][ T4991] ? unregister_shrinker+0x251/0x310 [ 72.221499][ T4991] ? rcu_is_watching+0x15/0xb0 [ 72.226246][ T4991] ? unregister_shrinker+0x251/0x310 [ 72.231521][ T4991] ? kfree+0x31/0x1a0 [ 72.235490][ T4991] ? unregister_shrinker+0x251/0x310 [ 72.240763][ T4991] deactivate_locked_super+0xa4/0x110 [ 72.246123][ T4991] cleanup_mnt+0x426/0x4c0 [ 72.250527][ T4991] ? _raw_spin_unlock_irq+0x23/0x50 [ 72.255720][ T4991] task_work_run+0x24a/0x300 [ 72.260299][ T4991] ? dput+0x3a1/0x420 [ 72.264267][ T4991] ? task_work_cancel+0x2b0/0x2b0 [ 72.269282][ T4991] ? __x64_sys_umount+0x126/0x170 [ 72.274299][ T4991] ptrace_notify+0x2cd/0x380 [ 72.278874][ T4991] ? do_notify_parent+0xf50/0xf50 [ 72.283884][ T4991] ? user_path_at_empty+0x12f/0x180 [ 72.289068][ T4991] ? __x64_sys_umount+0x126/0x170 [ 72.294080][ T4991] ? path_umount+0xea0/0xea0 [ 72.298659][ T4991] ? syscall_enter_from_user_mode+0x32/0x230 [ 72.304630][ T4991] syscall_exit_to_user_mode+0x157/0x280 [ 72.310255][ T4991] do_syscall_64+0x4d/0xc0 [ 72.314661][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 72.320538][ T4991] RIP: 0033:0x7fbcb0604db7 [ 72.324941][ T4991] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.344559][ T4991] RSP: 002b:00007ffd0f139778 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 72.352989][ T4991] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbcb0604db7 [ 72.360953][ T4991] RDX: 00007ffd0f139839 RSI: 000000000000000a RDI: 00007ffd0f139830 [ 72.368913][ T4991] RBP: 00007ffd0f139830 R08: 00000000ffffffff R09: 00007ffd0f139610 [ 72.376880][ T4991] R10: 000055555653c653 R11: 0000000000000206 R12: 00007ffd0f13a8a0 [ 72.384846][ T4991] R13: 000055555653c5f0 R14: 00007ffd0f1397a0 R15: 0000000000000001 [ 72.392812][ T4991] [ 72.395817][ T4991] Modules linked in: [ 72.399963][ T4991] ---[ end trace 0000000000000000 ]--- [ 72.405568][ T4991] RIP: 0010:f2fs_evict_inode+0x1576/0x1590 [ 72.411366][ T4991] Code: fd 31 ff 89 de e8 da d1 c9 fd 40 84 ed 75 29 e8 40 cf c9 fd 4c 8b 74 24 08 e9 c9 eb ff ff e8 31 cf c9 fd 0f 0b e8 2a cf c9 fd <0f> 0b e8 23 cf c9 fd 0f 0b e9 f6 fe ff ff e8 17 cf c9 fd e8 22 e5 [ 72.431113][ T4991] RSP: 0018:ffffc90003a0f918 EFLAGS: 00010293 [ 72.437265][ T4991] RAX: ffffffff83c1b006 RBX: 0000000000000002 RCX: ffff88807d8f8000 [ 72.445379][ T4991] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 72.453387][ T4991] RBP: 0000000000000000 R08: ffffffff83c1a8fa R09: ffffed100f05f2cd [ 72.461365][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100f05f23e [ 72.469368][ T4991] R13: ffff8880782f91b0 R14: ffff8880782f9660 R15: dffffc0000000000 [ 72.477363][ T4991] FS: 000055555653b300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 72.486316][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.492911][ T4991] CR2: 00007f4948b95ed8 CR3: 000000007df90000 CR4: 00000000003506f0 [ 72.500865][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.508850][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.516948][ T4991] Kernel panic - not syncing: Fatal exception [ 72.523162][ T4991] Kernel Offset: disabled [ 72.527474][ T4991] Rebooting in 86400 seconds..