./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2788454813 <...> Warning: Permanently added '10.128.1.97' (ECDSA) to the list of known hosts. execve("./syz-executor2788454813", ["./syz-executor2788454813"], 0x7ffd9ccf05c0 /* 10 vars */) = 0 brk(NULL) = 0x5555556ed000 brk(0x5555556edc40) = 0x5555556edc40 arch_prctl(ARCH_SET_FS, 0x5555556ed300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555556ed5d0) = 5005 set_robust_list(0x5555556ed5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fedb69884f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fedb6988bc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fedb6988590, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fedb6988bc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2788454813", 4096) = 28 brk(0x55555570ec40) = 0x55555570ec40 brk(0x55555570f000) = 0x55555570f000 mprotect(0x7fedb6a52000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5006 ./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5006] getpid() = 5006 [pid 5005] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5007 ./strace-static-x86_64: Process 5007 attached [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5006] mkdir("./syzkaller.sny4GI", 0700) = 0 ./strace-static-x86_64: Process 5008 attached [pid 5005] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5008 [pid 5007] set_robust_list(0x5555556ed5e0, 24 [pid 5006] chmod("./syzkaller.sny4GI", 0777 [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5008] getpid() = 5008 [pid 5008] mkdir("./syzkaller.Fjfl6Q", 0700 [pid 5005] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5009 [pid 5006] <... chmod resumed>) = 0 [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... set_robust_list resumed>) = 0 [pid 5006] chdir("./syzkaller.sny4GI" [pid 5008] <... mkdir resumed>) = 0 [pid 5008] chmod("./syzkaller.Fjfl6Q", 0777 [pid 5006] <... chdir resumed>) = 0 [pid 5008] <... chmod resumed>) = 0 [pid 5008] chdir("./syzkaller.Fjfl6Q") = 0 [pid 5005] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5010 [pid 5006] mkdir("./0", 0777 [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] mkdir("./0", 0777 [pid 5006] <... mkdir resumed>) = 0 [pid 5008] <... mkdir resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5005] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5011 [pid 5007] getpid( [pid 5006] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5010 attached ./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x5555556ed5e0, 24 [pid 5006] ioctl(3, LOOP_CLR_FD [pid 5007] <... getpid resumed>) = 5007 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5008] close(3 [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 5009] <... set_robust_list resumed>) = 0 [pid 5009] getpid( [pid 5008] <... close resumed>) = 0 [pid 5006] <... close resumed>) = 0 ./strace-static-x86_64: Process 5011 attached [pid 5010] set_robust_list(0x5555556ed5e0, 24 [pid 5009] <... getpid resumed>) = 5009 [pid 5007] mkdir("./syzkaller.soDRBP", 0700 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] <... set_robust_list resumed>) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5009] mkdir("./syzkaller.p6ycRW", 0700 [pid 5010] getpid( [pid 5009] <... mkdir resumed>) = 0 [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5013 [pid 5009] chmod("./syzkaller.p6ycRW", 0777 [pid 5010] <... getpid resumed>) = 5010 [pid 5009] <... chmod resumed>) = 0 [pid 5007] chmod("./syzkaller.soDRBP", 0777 [pid 5009] chdir("./syzkaller.p6ycRW") = 0 [pid 5010] mkdir("./syzkaller.KyF4k0", 0700 [pid 5009] mkdir("./0", 0777 [pid 5007] <... chmod resumed>) = 0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5014 [pid 5010] <... mkdir resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5007] chdir("./syzkaller.soDRBP" [pid 5011] set_robust_list(0x5555556ed5e0, 24 [pid 5010] chmod("./syzkaller.KyF4k0", 0777 [pid 5007] <... chdir resumed>) = 0 [pid 5011] <... set_robust_list resumed>) = 0 [pid 5011] getpid( [pid 5010] <... chmod resumed>) = 0 [pid 5007] mkdir("./0", 0777 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5010] chdir("./syzkaller.KyF4k0" [pid 5009] <... openat resumed>) = 3 [pid 5007] <... mkdir resumed>) = 0 [pid 5010] <... chdir resumed>) = 0 [pid 5011] <... getpid resumed>) = 5011 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5010] mkdir("./0", 0777 [pid 5011] mkdir("./syzkaller.mfPVH5", 0700 [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5011] <... mkdir resumed>) = 0 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] chmod("./syzkaller.mfPVH5", 0777 [pid 5009] close(3 [pid 5007] <... openat resumed>) = 3 [pid 5011] <... chmod resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5011] chdir("./syzkaller.mfPVH5" [pid 5010] <... mkdir resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] ioctl(3, LOOP_CLR_FD [pid 5011] <... chdir resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] mkdir("./0", 0777) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5015 [pid 5007] close(3 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5007] <... close resumed>) = 0 [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5011] <... openat resumed>) = 3 [pid 5010] close(3 [pid 5011] ioctl(3, LOOP_CLR_FD [pid 5010] <... close resumed>) = 0 [pid 5011] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5014 attached [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5016 [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5018 [pid 5014] set_robust_list(0x5555556ed5e0, 24 [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5017 [pid 5014] <... set_robust_list resumed>) = 0 [pid 5014] chdir("./0"./strace-static-x86_64: Process 5018 attached ./strace-static-x86_64: Process 5017 attached ./strace-static-x86_64: Process 5016 attached ./strace-static-x86_64: Process 5015 attached ./strace-static-x86_64: Process 5013 attached ) = 0 [pid 5018] set_robust_list(0x5555556ed5e0, 24 [pid 5017] set_robust_list(0x5555556ed5e0, 24 [pid 5016] set_robust_list(0x5555556ed5e0, 24 [pid 5015] set_robust_list(0x5555556ed5e0, 24 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5013] set_robust_list(0x5555556ed5e0, 24 [pid 5018] <... set_robust_list resumed>) = 0 [pid 5017] <... set_robust_list resumed>) = 0 [pid 5016] <... set_robust_list resumed>) = 0 [pid 5015] <... set_robust_list resumed>) = 0 [pid 5014] <... prctl resumed>) = 0 [pid 5013] <... set_robust_list resumed>) = 0 [pid 5018] chdir("./0" [pid 5016] chdir("./0" [pid 5018] <... chdir resumed>) = 0 [pid 5014] setpgid(0, 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... chdir resumed>) = 0 [pid 5014] <... setpgid resumed>) = 0 [pid 5018] <... prctl resumed>) = 0 [pid 5013] chdir("./0" [pid 5018] setpgid(0, 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5013] <... chdir resumed>) = 0 [pid 5018] <... setpgid resumed>) = 0 [pid 5016] <... prctl resumed>) = 0 [pid 5015] chdir("./0" [pid 5014] <... openat resumed>) = 3 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] chdir("./0" [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] setpgid(0, 0 [pid 5015] <... chdir resumed>) = 0 [pid 5014] write(3, "1000", 4 [pid 5013] <... prctl resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... chdir resumed>) = 0 [pid 5016] <... setpgid resumed>) = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] <... write resumed>) = 4 [pid 5013] setpgid(0, 0 [pid 5018] write(3, "1000", 4 [pid 5015] <... prctl resumed>) = 0 [pid 5018] <... write resumed>) = 4 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] close(3 [pid 5015] setpgid(0, 0 [pid 5018] close(3 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5013] <... setpgid resumed>) = 0 [pid 5015] <... setpgid resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5017] <... prctl resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5014] symlink("/dev/binderfs", "./binderfs" [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] setpgid(0, 0 [pid 5018] symlink("/dev/binderfs", "./binderfs" [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... symlink resumed>) = 0 [pid 5014] <... symlink resumed>) = 0 [pid 5017] <... setpgid resumed>) = 0 [pid 5013] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... openat resumed>) = 3 [pid 5017] <... openat resumed>) = 3 [pid 5016] write(3, "1000", 4 [pid 5018] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] write(3, "1000", 4 [pid 5015] write(3, "1000", 4 [pid 5014] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... write resumed>) = 4 [pid 5018] <... futex resumed>) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5017] write(3, "1000", 4 [pid 5016] close(3 [pid 5015] <... write resumed>) = 4 [pid 5014] <... futex resumed>) = 0 [pid 5013] <... write resumed>) = 4 [pid 5015] close(3 [pid 5018] <... mmap resumed>) = 0x7fedb6957000 [pid 5017] <... write resumed>) = 4 [pid 5016] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5013] close(3 [pid 5018] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5017] close(3 [pid 5016] symlink("/dev/binderfs", "./binderfs" [pid 5015] symlink("/dev/binderfs", "./binderfs" [pid 5014] <... mmap resumed>) = 0x7fedb6957000 [pid 5013] <... close resumed>) = 0 [pid 5018] <... mprotect resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... symlink resumed>) = 0 [pid 5013] symlink("/dev/binderfs", "./binderfs" [pid 5018] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5017] symlink("/dev/binderfs", "./binderfs" [pid 5016] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... symlink resumed>) = 0 [pid 5014] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5013] <... symlink resumed>) = 0 [pid 5017] <... symlink resumed>) = 0 [pid 5014] <... mprotect resumed>) = 0 [pid 5018] <... clone resumed>, parent_tid=[5020], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5020 [pid 5017] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5015] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] <... futex resumed>) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] <... futex resumed>) = 0 [pid 5014] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5013] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5020 attached [pid 5018] <... futex resumed>) = 0 [pid 5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5016] <... mmap resumed>) = 0x7fedb6957000 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5020] set_robust_list(0x7fedb69779e0, 24 [pid 5018] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5017] <... mmap resumed>) = 0x7fedb6957000 [pid 5016] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5015] <... mmap resumed>) = 0x7fedb6957000 [pid 5014] <... clone resumed>, parent_tid=[5021], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5021 [pid 5013] <... mmap resumed>) = 0x7fedb6957000 ./strace-static-x86_64: Process 5021 attached [pid 5020] <... set_robust_list resumed>) = 0 [pid 5017] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5016] <... mprotect resumed>) = 0 [pid 5015] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5014] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5021] set_robust_list(0x7fedb69779e0, 24 [pid 5020] memfd_create("syzkaller", 0 [pid 5017] <... mprotect resumed>) = 0 [pid 5016] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5015] <... mprotect resumed>) = 0 [pid 5014] <... futex resumed>) = 0 [pid 5013] <... mprotect resumed>) = 0 [pid 5021] <... set_robust_list resumed>) = 0 [pid 5017] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5015] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5014] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5013] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5016] <... clone resumed>, parent_tid=[5022], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5022 [pid 5021] memfd_create("syzkaller", 0 [pid 5017] <... clone resumed>, parent_tid=[5023], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5023 [pid 5016] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... clone resumed>, parent_tid=[5024], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5024 [pid 5013] <... clone resumed>, parent_tid=[5025], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5025 [pid 5021] <... memfd_create resumed>) = 3 [pid 5017] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5015] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... futex resumed>) = 0 [pid 5016] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5021] <... mmap resumed>) = 0x7fedae557000 [pid 5017] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5013] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5025] memfd_create("syzkaller", 0) = 3 [pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5020] <... memfd_create resumed>) = 3 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 ./strace-static-x86_64: Process 5024 attached ./strace-static-x86_64: Process 5023 attached ./strace-static-x86_64: Process 5022 attached [pid 5024] set_robust_list(0x7fedb69779e0, 24 [pid 5023] set_robust_list(0x7fedb69779e0, 24 [pid 5022] set_robust_list(0x7fedb69779e0, 24 [pid 5024] <... set_robust_list resumed>) = 0 [pid 5023] <... set_robust_list resumed>) = 0 [pid 5022] <... set_robust_list resumed>) = 0 [pid 5023] memfd_create("syzkaller", 0 [pid 5024] memfd_create("syzkaller", 0) = 3 [pid 5023] <... memfd_create resumed>) = 3 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5024] <... mmap resumed>) = 0x7fedae557000 [pid 5022] memfd_create("syzkaller", 0 [pid 5023] <... mmap resumed>) = 0x7fedae557000 [pid 5022] <... memfd_create resumed>) = 3 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 55.398960][ T5020] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5020 'syz-executor278' [pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5022] <... write resumed>) = 32394836 [pid 5021] <... write resumed>) = 32394836 [pid 5022] munmap(0x7fedae557000, 32394836 [pid 5021] munmap(0x7fedae557000, 32394836 [pid 5020] <... write resumed>) = 32394836 [pid 5022] <... munmap resumed>) = 0 [pid 5021] <... munmap resumed>) = 0 [pid 5020] munmap(0x7fedae557000, 32394836) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5022] <... openat resumed>) = 4 [pid 5021] <... openat resumed>) = 4 [pid 5020] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5022] ioctl(4, LOOP_SET_FD, 3 [pid 5021] ioctl(4, LOOP_SET_FD, 3 [pid 5020] <... openat resumed>) = 4 [pid 5025] <... write resumed>) = 32394836 [pid 5021] <... ioctl resumed>) = 0 [pid 5020] ioctl(4, LOOP_SET_FD, 3 [pid 5025] munmap(0x7fedae557000, 32394836 [pid 5021] close(3) = 0 [pid 5021] mkdir("./bus", 0777 [pid 5020] <... ioctl resumed>) = 0 [pid 5020] close(3 [pid 5021] <... mkdir resumed>) = 0 [pid 5020] <... close resumed>) = 0 [pid 5020] mkdir("./bus", 0777) = 0 [pid 5025] <... munmap resumed>) = 0 [pid 5024] <... write resumed>) = 32394836 [pid 5021] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5022] <... ioctl resumed>) = 0 [pid 5020] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 56.571129][ T5022] loop1: detected capacity change from 0 to 63271 [ 56.578581][ T5021] loop0: detected capacity change from 0 to 63271 [ 56.585981][ T5020] loop4: detected capacity change from 0 to 63271 [ 56.609520][ T5021] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5022] close(3 [pid 5025] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5024] munmap(0x7fedae557000, 32394836 [pid 5023] <... write resumed>) = 32394836 [pid 5022] <... close resumed>) = 0 [pid 5025] <... openat resumed>) = 4 [pid 5024] <... munmap resumed>) = 0 [pid 5023] munmap(0x7fedae557000, 32394836 [pid 5022] mkdir("./bus", 0777 [pid 5025] ioctl(4, LOOP_SET_FD, 3 [pid 5024] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5023] <... munmap resumed>) = 0 [pid 5022] <... mkdir resumed>) = 0 [pid 5024] <... openat resumed>) = 4 [pid 5023] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5023] ioctl(4, LOOP_SET_FD, 3 [pid 5022] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5024] ioctl(4, LOOP_SET_FD, 3 [pid 5025] <... ioctl resumed>) = 0 [pid 5025] close(3) = 0 [pid 5025] mkdir("./bus", 0777) = 0 [ 56.609852][ T5020] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 56.626984][ T5021] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 56.627641][ T5020] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 56.646969][ T5021] F2FS-fs (loop0): invalid crc value [ 56.653664][ T5025] loop2: detected capacity change from 0 to 63271 [ 56.660468][ T5023] loop5: detected capacity change from 0 to 63271 [pid 5025] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5024] <... ioctl resumed>) = 0 [pid 5024] close(3) = 0 [pid 5024] mkdir("./bus", 0777) = 0 [ 56.660946][ T5024] loop3: detected capacity change from 0 to 63271 [ 56.668905][ T5021] F2FS-fs (loop0): Found nat_bits in checkpoint [ 56.673796][ T5022] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 56.673814][ T5022] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 56.674282][ T5025] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 56.689067][ T5024] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 56.697889][ T5025] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5024] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5023] <... ioctl resumed>) = 0 [pid 5023] close(3) = 0 [pid 5023] mkdir("./bus", 0777) = 0 [ 56.714355][ T5024] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 56.732977][ T5020] F2FS-fs (loop4): invalid crc value [ 56.735297][ T5024] F2FS-fs (loop3): invalid crc value [ 56.738922][ T5023] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 56.752433][ T5022] F2FS-fs (loop1): invalid crc value [ 56.754209][ T5023] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 56.767851][ T5025] F2FS-fs (loop2): invalid crc value [ 56.771470][ T5021] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 56.775078][ T5022] F2FS-fs (loop1): Found nat_bits in checkpoint [ 56.781871][ T5024] F2FS-fs (loop3): Found nat_bits in checkpoint [ 56.787590][ T5025] F2FS-fs (loop2): Found nat_bits in checkpoint [ 56.800333][ T5020] F2FS-fs (loop4): Found nat_bits in checkpoint [ 56.807964][ T5021] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5023] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5021] <... mount resumed>) = 0 [pid 5021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5021] chdir("./bus") = 0 [pid 5021] ioctl(4, LOOP_CLR_FD) = 0 [pid 5021] close(4) = 0 [pid 5021] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.838173][ T5023] F2FS-fs (loop5): invalid crc value [ 56.846060][ T5022] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 56.853196][ T5022] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 56.864778][ T5025] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 56.872346][ T5025] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5021] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5025] <... mount resumed>) = 0 [pid 5022] <... mount resumed>) = 0 [pid 5021] <... open resumed>) = 4 [pid 5025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5022] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5021] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... openat resumed>) = 3 [pid 5022] <... openat resumed>) = 3 [pid 5021] <... futex resumed>) = 1 [pid 5025] chdir("./bus" [pid 5022] chdir("./bus" [pid 5021] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... chdir resumed>) = 0 [pid 5022] <... chdir resumed>) = 0 [pid 5025] ioctl(4, LOOP_CLR_FD [pid 5022] ioctl(4, LOOP_CLR_FD [pid 5025] <... ioctl resumed>) = 0 [pid 5022] <... ioctl resumed>) = 0 [pid 5025] close(4 [pid 5022] close(4 [pid 5025] <... close resumed>) = 0 [pid 5022] <... close resumed>) = 0 [pid 5025] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 1 [pid 5022] <... futex resumed>) = 1 [pid 5025] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] <... futex resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5016] <... futex resumed>) = 0 [pid 5014] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5021] <... futex resumed>) = 0 [pid 5014] <... futex resumed>) = 1 [pid 5013] <... futex resumed>) = 1 [pid 5025] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5022] <... futex resumed>) = 0 [pid 5021] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5016] <... futex resumed>) = 1 [pid 5013] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... open resumed>) = 4 [pid 5025] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... open resumed>) = 4 [pid 5025] <... futex resumed>) = 1 [pid 5022] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... futex resumed>) = 1 [pid 5022] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] <... futex resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5016] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5022] <... futex resumed>) = 0 [pid 5016] <... futex resumed>) = 1 [pid 5013] <... futex resumed>) = 1 [pid 5025] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 56.898926][ T26] audit: type=1800 audit(1686875915.336:2): pid=5021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 56.923432][ T5023] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5022] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5016] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5014] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5050], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5050 [ 56.955512][ T5020] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 56.962592][ T5020] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 56.975255][ T5024] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 56.989633][ T5024] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5014] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] <... mount resumed>) = 0 [pid 5020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5020] chdir("./bus") = 0 [pid 5020] ioctl(4, LOOP_CLR_FD) = 0 [pid 5020] close(4) = 0 [pid 5020] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5013] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5016] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... open resumed>) = 4 [pid 5020] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] <... futex resumed>) = 0 [pid 5016] <... futex resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5018] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5020] <... futex resumed>) = 0 [pid 5018] <... futex resumed>) = 1 [pid 5016] <... mmap resumed>) = 0x7fedb041b000 [pid 5013] <... mmap resumed>) = 0x7fedb041b000 [pid 5018] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5013] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5020] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5016] <... mprotect resumed>) = 0 [pid 5016] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5013] <... mprotect resumed>) = 0 [pid 5013] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5016] <... clone resumed>, parent_tid=[5051], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5051 [pid 5016] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] <... clone resumed>, parent_tid=[5052], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5052 [pid 5016] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 56.990384][ T26] audit: type=1800 audit(1686875915.376:3): pid=5025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5013] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached ./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5051] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus"./strace-static-x86_64: Process 5052 attached ) = -1 ESRCH (No such process) [pid 5052] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5051] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5051] <... futex resumed>) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5051] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] <... mount resumed>) = 0 [pid 5024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5024] chdir("./bus") = 0 [pid 5024] ioctl(4, LOOP_CLR_FD) = 0 [pid 5024] close(4) = 0 [pid 5024] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] set_robust_list(0x7fedb043b9e0, 24 [pid 5018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5015] <... futex resumed>) = 0 [pid 5014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5050] <... set_robust_list resumed>) = 0 [pid 5018] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5050] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5024] <... futex resumed>) = 0 [pid 5015] <... futex resumed>) = 1 [pid 5050] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5024] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... mmap resumed>) = 0x7fedb041b000 [pid 5050] <... futex resumed>) = 0 [pid 5018] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5050] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] <... mprotect resumed>) = 0 [pid 5024] <... open resumed>) = 4 [pid 5018] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5024] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5015] <... futex resumed>) = 0 [pid 5024] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... clone resumed>, parent_tid=[5054], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5054 [pid 5024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5015] <... futex resumed>) = 0 [pid 5024] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5015] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5052] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5054 attached [pid 5023] <... mount resumed>) = 0 [pid 5054] set_robust_list(0x7fedb043b9e0, 24 [pid 5023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5054] <... set_robust_list resumed>) = 0 [ 57.064794][ T5023] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 57.101365][ T5023] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5023] <... openat resumed>) = 3 [pid 5054] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5023] chdir("./bus") = 0 [pid 5015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 57.111396][ T26] audit: type=1800 audit(1686875915.376:4): pid=5022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 57.133104][ T26] audit: type=1800 audit(1686875915.456:5): pid=5020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5023] ioctl(4, LOOP_CLR_FD [pid 5015] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5054] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5054] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... ioctl resumed>) = 0 [pid 5015] <... futex resumed>) = 0 [pid 5023] close(4 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5023] <... close resumed>) = 0 [pid 5015] <... mmap resumed>) = 0x7fedb041b000 [pid 5015] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5055], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5055 [pid 5015] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.155960][ T26] audit: type=1800 audit(1686875915.516:6): pid=5024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 57.193567][ T5022] syz-executor278: attempt to access beyond end of device [ 57.193567][ T5022] loop1: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 5015] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5023] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5017] <... futex resumed>) = 0 [ 57.212554][ T5025] syz-executor278: attempt to access beyond end of device [ 57.212554][ T5025] loop2: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 57.216345][ T5020] syz-executor278: attempt to access beyond end of device [ 57.216345][ T5020] loop4: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 57.230021][ T5021] syz-executor278: attempt to access beyond end of device [ 57.230021][ T5021] loop0: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 5023] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5055 attached [pid 5023] <... open resumed>) = 4 [pid 5015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5055] set_robust_list(0x7fedb043b9e0, 24 [pid 5023] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5023] <... futex resumed>) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5055] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5023] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5017] <... futex resumed>) = 0 [pid 5055] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5017] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5022] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5025] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [ 57.247086][ T26] audit: type=1800 audit(1686875915.686:7): pid=5023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 57.274298][ T5024] syz-executor278: attempt to access beyond end of device [ 57.274298][ T5024] loop3: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 5022] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5025] <... futex resumed>) = ? [pid 5022] <... futex resumed>) = 0 [pid 5016] exit_group(0 [pid 5013] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5051] <... futex resumed>) = ? [pid 5025] +++ exited with 0 +++ [pid 5016] <... exit_group resumed>) = ? [pid 5013] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5008] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5021] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] getdents64(3, [pid 5007] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5021] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] exit_group(0 [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5050] <... futex resumed>) = ? [pid 5021] <... futex resumed>) = ? [pid 5014] <... exit_group resumed>) = ? [pid 5008] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5050] +++ exited with 0 +++ [pid 5024] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5021] +++ exited with 0 +++ [pid 5017] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5014] +++ exited with 0 +++ [pid 5007] <... openat resumed>) = 3 [pid 5024] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] exit_group(0 [pid 5007] fstat(3, [pid 5055] <... futex resumed>) = ? [pid 5024] <... futex resumed>) = ? [pid 5017] <... futex resumed>) = 0 [pid 5015] <... exit_group resumed>) = ? [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5055] +++ exited with 0 +++ [pid 5024] +++ exited with 0 +++ [pid 5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] +++ exited with 0 +++ [pid 5007] getdents64(3, [pid 5006] restart_syscall(<... resuming interrupted clone ...> [pid 5017] <... mmap resumed>) = 0x7fedb041b000 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] <... restart_syscall resumed>) = 0 [pid 5017] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=44 /* 0.44 s */} --- [pid 5007] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... mprotect resumed>) = 0 [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 5017] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] <... restart_syscall resumed>) = 0 [pid 5006] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] <... clone resumed>, parent_tid=[5056], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5056 [pid 5006] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... openat resumed>) = 3 [pid 5017] <... futex resumed>) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] fstat(3, [pid 5017] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5006] getdents64(3, [pid 5009] fstat(3, [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5020] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5020] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] exit_group(0 [pid 5054] <... futex resumed>) = ? [pid 5020] <... futex resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5056] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5056] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5056] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5010] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 57.380628][ T5023] syz-executor278: attempt to access beyond end of device [ 57.380628][ T5023] loop5: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 57.465393][ T5023] syz-executor278: attempt to access beyond end of device [ 57.465393][ T5023] loop5: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5010] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5023] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] exit_group(0 [pid 5056] <... futex resumed>) = ? [pid 5017] <... exit_group resumed>) = ? [pid 5056] +++ exited with 0 +++ [pid 5023] <... futex resumed>) = ? [pid 5023] +++ exited with 0 +++ [pid 5017] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=45 /* 0.45 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./0/bus") = 0 [pid 5008] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./0/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./0") = 0 [pid 5008] mkdir("./1", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5057] chdir("./1") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5057] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5058], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5058 [pid 5057] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5058] memfd_create("syzkaller", 0) = 3 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./0/bus") = 0 [pid 5006] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./0/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./0") = 0 [pid 5006] mkdir("./1", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5059] chdir("./1") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5059] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5060], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5060 [pid 5059] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./0/bus") = 0 [pid 5009] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./0/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./0") = 0 [pid 5009] mkdir("./1", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5061 ./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5061] chdir("./1") = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5061] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5062], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5062 [pid 5061] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./0/bus") = 0 [pid 5007] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./0/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./0") = 0 [pid 5007] mkdir("./1", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5063] chdir("./1") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5063] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5063] <... clone resumed>, parent_tid=[5064], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5064 [pid 5063] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./0/bus") = 0 [pid 5010] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./0/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./0") = 0 [pid 5010] mkdir("./1", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5065] chdir("./1") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5065] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5066], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5066 [pid 5065] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./0/bus") = 0 [pid 5011] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./0/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./0") = 0 [pid 5011] mkdir("./1", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5067] chdir("./1") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5067] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5068], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5068 [pid 5067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5058] <... write resumed>) = 32394836 [pid 5058] munmap(0x7fedae557000, 32394836) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] <... write resumed>) = 32394836 [pid 5058] close(3) = 0 [pid 5058] mkdir("./bus", 0777) = 0 [ 59.076145][ T5058] loop2: detected capacity change from 0 to 63271 [pid 5058] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5060] munmap(0x7fedae557000, 32394836) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.117839][ T5058] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 59.143561][ T5058] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./bus", 0777) = 0 [ 59.169080][ T5060] loop0: detected capacity change from 0 to 63271 [ 59.183281][ T5058] F2FS-fs (loop2): invalid crc value [ 59.197826][ T5060] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 59.237558][ T5060] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5060] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 59.278256][ T5058] F2FS-fs (loop2): Found nat_bits in checkpoint [ 59.289753][ T5060] F2FS-fs (loop0): invalid crc value [ 59.324927][ T5060] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5062] <... write resumed>) = 32394836 [pid 5062] munmap(0x7fedae557000, 32394836 [pid 5058] <... mount resumed>) = 0 [pid 5058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5058] chdir("./bus") = 0 [pid 5058] ioctl(4, LOOP_CLR_FD) = 0 [ 59.391097][ T5058] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 59.402753][ T5058] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5058] close(4 [pid 5062] <... munmap resumed>) = 0 [pid 5058] <... close resumed>) = 0 [pid 5058] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5058] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] <... futex resumed>) = 0 [pid 5058] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5057] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 4 [pid 5058] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5058] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5057] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... ioctl resumed>) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./bus", 0777) = 0 [ 59.470151][ T26] audit: type=1800 audit(1686875917.906:8): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 59.470223][ T5060] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 59.495804][ T5062] loop3: detected capacity change from 0 to 63271 [pid 5062] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5064] <... write resumed>) = 32394836 [pid 5057] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] munmap(0x7fedae557000, 32394836 [pid 5057] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [ 59.522266][ T5062] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 59.548065][ T5062] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5057] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5077], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5077 [pid 5057] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5077] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5077] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5077] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 59.570508][ T5060] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 59.584256][ T5062] F2FS-fs (loop3): invalid crc value [ 59.609153][ T5064] loop1: detected capacity change from 0 to 63271 [ 59.612056][ T5058] syz-executor278: attempt to access beyond end of device [ 59.612056][ T5058] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 59.647021][ T26] audit: type=1800 audit(1686875918.086:9): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5064] ioctl(4, LOOP_SET_FD, 3 [pid 5060] <... mount resumed>) = 0 [pid 5060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./bus") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5059] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... ioctl resumed>) = 0 [pid 5060] <... open resumed>) = 4 [pid 5064] close(3 [pid 5060] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... close resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5064] mkdir("./bus", 0777 [pid 5060] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... mkdir resumed>) = 0 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5064] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5060] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5059] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5059] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5059] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5081 [pid 5059] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5066] <... write resumed>) = 32394836 [ 59.676349][ T5064] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 59.681672][ T5062] F2FS-fs (loop3): Found nat_bits in checkpoint [ 59.684792][ T5064] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 59.707687][ T5058] syz-executor278: attempt to access beyond end of device [ 59.707687][ T5058] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5081] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5066] munmap(0x7fedae557000, 32394836 [pid 5081] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5081] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5081] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... munmap resumed>) = 0 [ 59.758035][ T5064] F2FS-fs (loop1): invalid crc value [ 59.794801][ T5060] syz-executor278: attempt to access beyond end of device [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./bus", 0777) = 0 [pid 5066] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5058] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5058] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] exit_group(0) = ? [pid 5077] <... futex resumed>) = ? [pid 5058] <... futex resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [pid 5008] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 59.794801][ T5060] loop0: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 59.810699][ T5066] loop4: detected capacity change from 0 to 63271 [ 59.823116][ T5066] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 59.837779][ T5064] F2FS-fs (loop1): Found nat_bits in checkpoint [ 59.848603][ T5062] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 5008] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5060] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5060] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] exit_group(0 [pid 5060] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5006] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5062] <... mount resumed>) = 0 [ 59.864294][ T5066] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 59.877963][ T5062] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 59.887109][ T5066] F2FS-fs (loop4): invalid crc value [ 59.907812][ T5066] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./bus") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [pid 5062] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = 1 [pid 5062] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5062] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = 1 [ 59.923010][ T5064] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 59.935800][ T26] audit: type=1800 audit(1686875918.376:10): pid=5062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 59.947651][ T5064] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5062] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5064] <... mount resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./bus") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] close(4 [pid 5061] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5061] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5091 [pid 5061] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... close resumed>) = 0 [pid 5064] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5063] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5091] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5064] <... open resumed>) = 4 [pid 5064] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [ 60.023582][ T5066] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 60.051444][ T5066] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5064] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... write resumed>) = 32394836 [pid 5066] <... mount resumed>) = 0 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] munmap(0x7fedae557000, 32394836 [pid 5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5064] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5063] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... openat resumed>) = 3 [pid 5091] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5091] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] chdir("./bus") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5065] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... open resumed>) = 4 [pid 5066] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5065] <... futex resumed>) = 0 [ 60.052131][ T26] audit: type=1800 audit(1686875918.486:11): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5065] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] <... munmap resumed>) = 0 [pid 5063] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5063] <... futex resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5068] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... mmap resumed>) = 0x7fedb041b000 [pid 5063] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5092], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5092 [pid 5063] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... ioctl resumed>) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5068] close(3 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5068] <... close resumed>) = 0 [pid 5065] <... mmap resumed>) = 0x7fedb041b000 ./strace-static-x86_64: Process 5092 attached [pid 5065] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5068] mkdir("./bus", 0777 [pid 5065] <... mprotect resumed>) = 0 [pid 5092] set_robust_list(0x7fedb043b9e0, 24 [pid 5068] <... mkdir resumed>) = 0 [pid 5065] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5092] <... set_robust_list resumed>) = 0 [pid 5068] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5092] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5065] <... clone resumed>, parent_tid=[5093], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5093 [pid 5065] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 60.154350][ T5068] loop5: detected capacity change from 0 to 63271 [ 60.189612][ T5068] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5093] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5092] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5092] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5093] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5093] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5062] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5062] <... futex resumed>) = ? [pid 5061] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5066] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=44 /* 0.44 s */} --- [pid 5066] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] exit_group(0 [pid 5066] ???( [pid 5093] <... futex resumed>) = ? [pid 5066] <... ??? resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ [pid 5009] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] +++ exited with 0 +++ [pid 5009] <... openat resumed>) = 3 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=41 /* 0.41 s */} --- [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, [pid 5010] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [ 60.209605][ T5068] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5064] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5064] <... futex resumed>) = ? [pid 5063] <... exit_group resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5007] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 60.437820][ T5068] F2FS-fs (loop5): invalid crc value [ 60.481839][ T5068] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5007] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./1/bus") = 0 [pid 5008] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./1/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./1") = 0 [pid 5008] mkdir("./2", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5098] chdir("./2") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5098] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5099 [pid 5098] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5068] <... mount resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5068] chdir("./bus") = 0 [pid 5068] ioctl(4, LOOP_CLR_FD) = 0 [pid 5068] close(4./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5068] <... close resumed>) = 0 [pid 5068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5068] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... open resumed>) = 4 [pid 5068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5068] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.594215][ T5068] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 60.604531][ T5068] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5067] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5067] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5100], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5100 [pid 5067] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5100] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5100] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5100] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./1/bus") = 0 [pid 5006] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./1/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./1") = 0 [pid 5006] mkdir("./2", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x5555556ed5e0, 24 [pid 5068] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5101] <... set_robust_list resumed>) = 0 [pid 5068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] chdir("./2" [pid 5068] <... futex resumed>) = 0 [pid 5067] exit_group(0 [pid 5101] <... chdir resumed>) = 0 [pid 5068] ???( [pid 5100] <... futex resumed>) = ? [pid 5067] <... exit_group resumed>) = ? [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... ??? resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5101] <... prctl resumed>) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5101] <... openat resumed>) = 3 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=46 /* 0.46 s */} --- [pid 5101] write(3, "1000", 4 [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5101] <... write resumed>) = 4 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs" [pid 5011] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5101] <... symlink resumed>) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5101] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5101] <... futex resumed>) = 0 [pid 5011] <... openat resumed>) = 3 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5011] fstat(3, [pid 5101] <... mmap resumed>) = 0x7fedb6957000 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5101] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5011] getdents64(3, [pid 5101] <... mprotect resumed>) = 0 [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5101] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5101] <... clone resumed>, parent_tid=[5102], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5102 [pid 5101] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./1/bus") = 0 [pid 5010] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] <... umount2 resumed>) = 0 [pid 5010] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] unlink("./1/binderfs" [pid 5007] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] <... unlink resumed>) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] getdents64(3, [pid 5007] close(4 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] <... close resumed>) = 0 [pid 5010] close(3 [pid 5007] rmdir("./1/bus" [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./1" [pid 5007] <... rmdir resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5007] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] mkdir("./2", 0777 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./1/binderfs", [pid 5010] <... mkdir resumed>) = 0 [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5007] unlink("./1/binderfs" [pid 5010] <... openat resumed>) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5007] <... unlink resumed>) = 0 [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5007] getdents64(3, [pid 5010] close(3 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3 [pid 5010] <... close resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5103 [pid 5007] rmdir("./1"./strace-static-x86_64: Process 5103 attached ) = 0 [pid 5103] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5103] chdir("./2") = 0 [pid 5007] mkdir("./2", 0777 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5103] setpgid(0, 0 [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5104 [pid 5103] <... setpgid resumed>) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] <... umount2 resumed>) = 0 [pid 5103] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 5104 attached [pid 5103] close(3 [pid 5104] set_robust_list(0x5555556ed5e0, 24 [pid 5103] <... close resumed>) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs" [pid 5104] <... set_robust_list resumed>) = 0 [pid 5103] <... symlink resumed>) = 0 [pid 5104] chdir("./2" [pid 5103] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... chdir resumed>) = 0 [pid 5103] <... futex resumed>) = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5104] <... prctl resumed>) = 0 [pid 5103] <... mmap resumed>) = 0x7fedb6957000 [pid 5104] setpgid(0, 0 [pid 5103] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5104] <... setpgid resumed>) = 0 [pid 5103] <... mprotect resumed>) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5103] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5104] <... openat resumed>) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5103] <... clone resumed>, parent_tid=[5105], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5105 [pid 5104] close(3 [pid 5103] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5104] <... close resumed>) = 0 [pid 5103] <... futex resumed>) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs" [pid 5103] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5104] <... symlink resumed>) = 0 [pid 5009] lstat("./1/bus", [pid 5104] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5009] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5105 attached [pid 5104] <... mmap resumed>) = 0x7fedb6957000 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5105] set_robust_list(0x7fedb69779e0, 24 [pid 5104] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5009] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5105] <... set_robust_list resumed>) = 0 [pid 5104] <... mprotect resumed>) = 0 [pid 5009] <... openat resumed>) = 4 [pid 5105] memfd_create("syzkaller", 0 [pid 5104] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] fstat(4, [pid 5105] <... memfd_create resumed>) = 3 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5104] <... clone resumed>, parent_tid=[5106], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5106 [pid 5009] getdents64(4, [pid 5105] <... mmap resumed>) = 0x7fedae557000 [pid 5104] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5104] <... futex resumed>) = 0 [pid 5009] getdents64(4, [pid 5104] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5106] set_robust_list(0x7fedb69779e0, 24 [pid 5009] close(4 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5009] rmdir("./1/bus") = 0 [pid 5009] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5106] memfd_create("syzkaller", 0 [pid 5009] lstat("./1/binderfs", [pid 5106] <... memfd_create resumed>) = 3 [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5009] unlink("./1/binderfs" [pid 5106] <... mmap resumed>) = 0x7fedae557000 [pid 5009] <... unlink resumed>) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./1") = 0 [pid 5009] mkdir("./2", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5107] chdir("./2") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5107] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5108], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5108 [pid 5107] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./1/bus") = 0 [pid 5011] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./1/binderfs" [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... unlink resumed>) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./1") = 0 [pid 5011] mkdir("./2", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5109 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5109] chdir("./2") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5109] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5110], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5110 [pid 5109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5099] <... write resumed>) = 32394836 [pid 5099] munmap(0x7fedae557000, 32394836) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./bus", 0777) = 0 [ 61.960868][ T5099] loop2: detected capacity change from 0 to 63271 [pid 5099] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5102] <... write resumed>) = 32394836 [ 62.007277][ T5099] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 62.026872][ T5099] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 62.040413][ T5099] F2FS-fs (loop2): invalid crc value [pid 5102] munmap(0x7fedae557000, 32394836) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./bus", 0777) = 0 [ 62.087426][ T5099] F2FS-fs (loop2): Found nat_bits in checkpoint [ 62.097800][ T5102] loop0: detected capacity change from 0 to 63271 [ 62.129324][ T5102] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 62.153330][ T5102] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 62.188502][ T5102] F2FS-fs (loop0): invalid crc value [pid 5102] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5105] <... write resumed>) = 32394836 [pid 5105] munmap(0x7fedae557000, 32394836 [pid 5099] <... mount resumed>) = 0 [pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./bus") = 0 [pid 5105] <... munmap resumed>) = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [ 62.209940][ T5099] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 62.223874][ T5102] F2FS-fs (loop0): Found nat_bits in checkpoint [ 62.235833][ T5099] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5105] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5099] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... openat resumed>) = 4 [pid 5099] <... futex resumed>) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5105] ioctl(4, LOOP_SET_FD, 3 [pid 5099] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5098] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... write resumed>) = 32394836 [pid 5106] <... write resumed>) = 32394836 [pid 5105] <... ioctl resumed>) = 0 [pid 5099] <... open resumed>) = 4 [pid 5108] munmap(0x7fedae557000, 32394836 [pid 5106] munmap(0x7fedae557000, 32394836 [pid 5105] close(3 [pid 5099] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... munmap resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5105] <... close resumed>) = 0 [pid 5098] <... futex resumed>) = 0 [pid 5106] <... munmap resumed>) = 0 [pid 5098] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] mkdir("./bus", 0777 [pid 5099] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5098] <... futex resumed>) = 0 [pid 5105] <... mkdir resumed>) = 0 [pid 5098] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 62.302869][ T5105] loop4: detected capacity change from 0 to 63271 [ 62.317623][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 62.317635][ T26] audit: type=1800 audit(1686875920.756:14): pid=5099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5108] ioctl(4, LOOP_SET_FD, 3 [pid 5106] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5105] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5106] <... openat resumed>) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3 [pid 5108] <... ioctl resumed>) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./bus", 0777) = 0 [pid 5106] <... ioctl resumed>) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./bus", 0777 [pid 5108] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5106] <... mkdir resumed>) = 0 [pid 5106] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5098] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5119], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5119 [pid 5098] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.372982][ T5108] loop3: detected capacity change from 0 to 63271 [ 62.380907][ T5105] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 62.389674][ T5106] loop1: detected capacity change from 0 to 63271 [ 62.399791][ T5102] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 62.402546][ T5108] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 62.415533][ T5102] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5098] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5119 attached [pid 5102] <... mount resumed>) = 0 [pid 5119] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5119] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5102] <... openat resumed>) = 3 [pid 5119] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5102] chdir("./bus" [pid 5119] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... chdir resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5102] ioctl(4, LOOP_CLR_FD [pid 5098] <... futex resumed>) = 0 [pid 5119] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... ioctl resumed>) = 0 [ 62.423219][ T5106] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 62.424491][ T5105] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 62.440291][ T5106] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 62.453442][ T5106] F2FS-fs (loop1): invalid crc value [ 62.455754][ T5108] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 62.463576][ T5099] bio_check_eod: 7 callbacks suppressed [pid 5102] close(4) = 0 [pid 5102] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5101] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... open resumed>) = 4 [ 62.463590][ T5099] syz-executor278: attempt to access beyond end of device [ 62.463590][ T5099] loop2: rw=2049, sector=77824, nr_sectors = 3720 limit=63271 [ 62.490639][ T5108] F2FS-fs (loop3): invalid crc value [ 62.500014][ T26] audit: type=1800 audit(1686875920.936:15): pid=5102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5102] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5102] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 5102] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 62.503099][ T5099] syz-executor278: attempt to access beyond end of device [ 62.503099][ T5099] loop2: rw=2049, sector=81544, nr_sectors = 376 limit=63271 [ 62.524281][ T5105] F2FS-fs (loop4): invalid crc value [pid 5101] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5099] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] exit_group(0 [pid 5119] <... futex resumed>) = ? [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5119] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5101] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5101] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5126 [pid 5101] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5126] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [ 62.566037][ T5106] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5126] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [ 62.626760][ T5108] F2FS-fs (loop3): Found nat_bits in checkpoint [ 62.641991][ T5105] F2FS-fs (loop4): Found nat_bits in checkpoint [ 62.660961][ T5106] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [pid 5106] <... mount resumed>) = 0 [pid 5106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./bus") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [ 62.673978][ T5102] syz-executor278: attempt to access beyond end of device [ 62.673978][ T5102] loop0: rw=2049, sector=77824, nr_sectors = 3912 limit=63271 [ 62.688719][ T5106] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5106] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... mount resumed>) = 0 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5108] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] <... open resumed>) = 4 [ 62.725280][ T5108] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 62.734331][ T5102] syz-executor278: attempt to access beyond end of device [ 62.734331][ T5102] loop0: rw=2049, sector=81736, nr_sectors = 184 limit=63271 [ 62.749114][ T5108] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5108] chdir("./bus") = 0 [pid 5106] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] ioctl(4, LOOP_CLR_FD [pid 5106] <... futex resumed>) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5108] <... ioctl resumed>) = 0 [pid 5106] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] close(4 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5108] <... close resumed>) = 0 [pid 5104] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5102] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5108] <... futex resumed>) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5108] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 62.760426][ T26] audit: type=1800 audit(1686875921.196:16): pid=5106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5107] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] exit_group(0 [pid 5126] <... futex resumed>) = ? [pid 5108] <... open resumed>) = 4 [pid 5107] <... futex resumed>) = 0 [pid 5101] <... exit_group resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5107] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5104] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5132 [pid 5104] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = ? ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7fedb043b9e0, 24 [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ [pid 5108] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=36 /* 0.36 s */} --- [pid 5108] <... futex resumed>) = 1 [pid 5107] <... futex resumed>) = 0 [pid 5006] restart_syscall(<... resuming interrupted clone ...> [pid 5108] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... restart_syscall resumed>) = 0 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5107] <... futex resumed>) = 0 [pid 5108] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5107] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5132] <... set_robust_list resumed>) = 0 [ 62.826981][ T26] audit: type=1800 audit(1686875921.266:17): pid=5108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5132] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5132] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5132] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5107] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5107] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5134], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5134 [pid 5107] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... mount resumed>) = 0 [pid 5105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./bus") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [ 62.877985][ T5105] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 62.890419][ T5105] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5103] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5134] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5105] <... open resumed>) = 4 [pid 5105] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5105] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5103] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5134] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5134] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5103] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5135], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5135 [ 62.926614][ T26] audit: type=1800 audit(1686875921.366:18): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5103] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5135] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5110] <... write resumed>) = 32394836 [pid 5110] munmap(0x7fedae557000, 32394836 [pid 5103] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5110] <... munmap resumed>) = 0 [pid 5135] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5135] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 63.007969][ T5106] syz-executor278: attempt to access beyond end of device [ 63.007969][ T5106] loop1: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 63.040601][ T5108] syz-executor278: attempt to access beyond end of device [ 63.040601][ T5108] loop3: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./bus", 0777) = 0 [pid 5110] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5104] exit_group(0 [pid 5132] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5106] <... pwritev2 resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [pid 5108] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5108] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] exit_group(0 [pid 5134] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5107] <... exit_group resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5007] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.079421][ T5110] loop5: detected capacity change from 0 to 63271 [ 63.091875][ T5110] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 63.116853][ T5110] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5107] +++ exited with 0 +++ [pid 5007] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5007] <... openat resumed>) = 3 [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 5007] fstat(3, [pid 5009] <... restart_syscall resumed>) = 0 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 63.131691][ T5110] F2FS-fs (loop5): invalid crc value [ 63.150488][ T5105] syz-executor278: attempt to access beyond end of device [ 63.150488][ T5105] loop4: rw=2049, sector=77824, nr_sectors = 3664 limit=63271 [pid 5009] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5103] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5103] <... exit_group resumed>) = ? [pid 5135] +++ exited with 0 +++ [ 63.187558][ T5110] F2FS-fs (loop5): Found nat_bits in checkpoint [ 63.210157][ T5105] syz-executor278: attempt to access beyond end of device [ 63.210157][ T5105] loop4: rw=2049, sector=81488, nr_sectors = 432 limit=63271 [pid 5105] <... pwritev2 resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=50 /* 0.50 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5110] <... mount resumed>) = 0 [pid 5110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./bus") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [ 63.299122][ T5110] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 63.318835][ T5110] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5110] close(4) = 0 [pid 5110] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... open resumed>) = 4 [pid 5110] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.391642][ T26] audit: type=1800 audit(1686875921.826:19): pid=5110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... umount2 resumed>) = 0 [pid 5109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5008] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5109] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5109] <... futex resumed>) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5008] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5109] <... mmap resumed>) = 0x7fedb041b000 [pid 5008] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5109] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5109] <... mprotect resumed>) = 0 [pid 5008] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5109] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5008] <... openat resumed>) = 4 [pid 5008] fstat(4, [pid 5109] <... clone resumed>, parent_tid=[5140], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5140 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5109] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5109] <... futex resumed>) = 0 [pid 5008] getdents64(4, [pid 5109] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./2/bus") = 0 [pid 5008] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./2/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./2") = 0 [pid 5008] mkdir("./3", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5140] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5140] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5141] chdir("./3") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5141] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5143], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5143 [pid 5141] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 63.544610][ T5110] syz-executor278: attempt to access beyond end of device [ 63.544610][ T5110] loop5: rw=2049, sector=77824, nr_sectors = 2064 limit=63271 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./2/bus") = 0 [pid 5006] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./2/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./2") = 0 [pid 5006] mkdir("./3", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5144] chdir("./3") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5144] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5145 [pid 5144] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.640532][ T5110] syz-executor278: attempt to access beyond end of device [ 63.640532][ T5110] loop5: rw=2049, sector=79888, nr_sectors = 2032 limit=63271 [pid 5144] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5109] exit_group(0) = ? [pid 5140] <... futex resumed>) = ? [pid 5140] +++ exited with 0 +++ [pid 5110] <... pwritev2 resumed>) = ? [pid 5110] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./2/bus") = 0 [pid 5007] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./2/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./2") = 0 [pid 5007] mkdir("./3", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5146] chdir("./3") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5146] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5147 [pid 5146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./2/bus") = 0 [pid 5009] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./2/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./2") = 0 [pid 5009] mkdir("./3", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5148] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5148] chdir("./3") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5148] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5149], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5149 [pid 5148] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./2/bus") = 0 [pid 5010] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./2/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./2") = 0 [pid 5010] mkdir("./3", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5150] chdir("./3") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5150] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5151], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5151 [pid 5150] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./2/bus") = 0 [pid 5011] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./2/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./2") = 0 [pid 5011] mkdir("./3", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5152] chdir("./3") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5152] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5153 [pid 5152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5143] <... write resumed>) = 32394836 [pid 5143] munmap(0x7fedae557000, 32394836 [pid 5145] <... write resumed>) = 32394836 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5145] munmap(0x7fedae557000, 32394836 [pid 5143] <... munmap resumed>) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./bus", 0777) = 0 [pid 5143] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5145] <... munmap resumed>) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.867216][ T5143] loop2: detected capacity change from 0 to 63271 [ 64.881321][ T5143] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 64.885559][ T5145] loop0: detected capacity change from 0 to 63271 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./bus", 0777) = 0 [ 64.915498][ T5143] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 64.936708][ T5143] F2FS-fs (loop2): invalid crc value [ 64.939491][ T5145] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 64.979244][ T5143] F2FS-fs (loop2): Found nat_bits in checkpoint [ 64.984614][ T5145] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 65.008100][ T5145] F2FS-fs (loop0): invalid crc value [ 65.052350][ T5145] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5145] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5143] <... mount resumed>) = 0 [pid 5143] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./bus") = 0 [ 65.102790][ T5143] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 65.123377][ T5143] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5143] ioctl(4, LOOP_CLR_FD [pid 5147] <... write resumed>) = 32394836 [pid 5143] <... ioctl resumed>) = 0 [pid 5143] close(4 [pid 5147] munmap(0x7fedae557000, 32394836 [pid 5143] <... close resumed>) = 0 [pid 5143] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5143] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5141] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.166678][ T5145] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [pid 5141] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5147] <... munmap resumed>) = 0 [pid 5143] <... open resumed>) = 4 [pid 5147] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5143] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... openat resumed>) = 4 [pid 5143] <... futex resumed>) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5147] ioctl(4, LOOP_SET_FD, 3 [pid 5143] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] <... futex resumed>) = 0 [pid 5143] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5141] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... ioctl resumed>) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./bus", 0777) = 0 [pid 5147] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5145] <... mount resumed>) = 0 [pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./bus") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [ 65.198796][ T26] audit: type=1800 audit(1686875923.636:20): pid=5143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 65.225072][ T5145] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 65.235364][ T5147] loop1: detected capacity change from 0 to 63271 [ 65.254504][ T5147] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5145] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5144] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... open resumed>) = 4 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5144] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5141] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5141] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5162], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5162 [pid 5141] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5162] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5149] <... write resumed>) = 32394836 [pid 5149] munmap(0x7fedae557000, 32394836 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5144] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5163 [pid 5144] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5162] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [ 65.291435][ T5147] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 65.300325][ T26] audit: type=1800 audit(1686875923.726:21): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5162] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5163] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5149] <... munmap resumed>) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5163] <... quotactl resumed>) = -1 ESRCH (No such process) [ 65.358673][ T5147] F2FS-fs (loop1): invalid crc value [pid 5149] ioctl(4, LOOP_SET_FD, 3 [pid 5163] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5163] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... ioctl resumed>) = 0 [pid 5149] close(3) = 0 [pid 5149] mkdir("./bus", 0777) = 0 [pid 5149] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5151] <... write resumed>) = 32394836 [ 65.379785][ T5149] loop3: detected capacity change from 0 to 63271 [ 65.400962][ T5147] F2FS-fs (loop1): Found nat_bits in checkpoint [ 65.414815][ T5149] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5151] munmap(0x7fedae557000, 32394836 [pid 5143] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5143] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... munmap resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5141] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5141] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5151] <... openat resumed>) = 4 [pid 5143] +++ exited with 0 +++ [pid 5151] ioctl(4, LOOP_SET_FD, 3 [pid 5141] +++ exited with 0 +++ [ 65.446909][ T5149] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 65.484344][ T5149] F2FS-fs (loop3): invalid crc value [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=37 /* 0.37 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5145] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5145] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5145] <... futex resumed>) = ? [pid 5144] <... exit_group resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5151] <... ioctl resumed>) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./bus", 0777) = 0 [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5151] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 65.497364][ T5151] loop4: detected capacity change from 0 to 63271 [ 65.521215][ T5151] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 65.535703][ T5151] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 65.537249][ T5149] F2FS-fs (loop3): Found nat_bits in checkpoint [ 65.544563][ T5147] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 65.566649][ T5151] F2FS-fs (loop4): invalid crc value [ 65.581721][ T5147] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5006] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5147] <... mount resumed>) = 0 [pid 5147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./bus") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5146] <... futex resumed>) = 0 [ 65.597793][ T5151] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 4 [pid 5147] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 65.650413][ T26] audit: type=1800 audit(1686875924.086:22): pid=5147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5146] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5146] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5175], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5175 [pid 5146] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5175] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5151] <... mount resumed>) = 0 [pid 5151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./bus") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [ 65.695935][ T5151] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 65.718334][ T5151] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5151] close(4 [pid 5175] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5151] <... close resumed>) = 0 [pid 5175] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5150] <... futex resumed>) = 0 [pid 5151] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5150] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... open resumed>) = 4 [pid 5151] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5151] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5150] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... write resumed>) = 32394836 [ 65.788580][ T5149] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 65.800531][ T26] audit: type=1800 audit(1686875924.236:23): pid=5151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 65.821382][ T5149] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5153] munmap(0x7fedae557000, 32394836) = 0 [pid 5149] <... mount resumed>) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5153] <... openat resumed>) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3 [pid 5149] <... openat resumed>) = 3 [pid 5149] chdir("./bus" [pid 5150] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5149] <... chdir resumed>) = 0 [pid 5150] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] ioctl(4, LOOP_CLR_FD [pid 5150] <... futex resumed>) = 0 [pid 5149] <... ioctl resumed>) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5149] close(4 [pid 5150] <... mmap resumed>) = 0x7fedb041b000 [pid 5149] <... close resumed>) = 0 [pid 5150] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5149] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... mprotect resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5150] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5148] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5148] <... futex resumed>) = 0 [pid 5150] <... clone resumed>, parent_tid=[5177], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5177 [pid 5148] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... open resumed>) = 4 [pid 5149] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5149] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5148] <... futex resumed>) = 0 [pid 5149] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5148] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5153] <... ioctl resumed>) = 0 [pid 5147] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] close(3) = 0 [pid 5147] <... futex resumed>) = 0 [pid 5153] mkdir("./bus", 0777 [pid 5147] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5175] <... futex resumed>) = ? [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5175] +++ exited with 0 +++ [pid 5153] <... mkdir resumed>) = 0 [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ [pid 5153] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 5007] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5177] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5177] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5177] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5148] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.883301][ T5153] loop5: detected capacity change from 0 to 63271 [ 65.917699][ T5153] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5148] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5148] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5178 [pid 5148] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5178] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5178] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [ 65.961057][ T5153] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 66.015643][ T5153] F2FS-fs (loop5): invalid crc value [pid 5178] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5151] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] exit_group(0 [pid 5177] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 66.053807][ T5153] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5010] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] exit_group(0 [pid 5178] <... futex resumed>) = ? [pid 5148] <... exit_group resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5149] <... pwritev2 resumed>) = ? [pid 5149] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=43 /* 0.43 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5153] <... mount resumed>) = 0 [pid 5153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 66.195961][ T5153] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 66.203108][ T5153] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5153] chdir("./bus") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5153] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... open resumed>) = 4 [pid 5153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./3/bus") = 0 [pid 5008] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./3/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./3") = 0 [pid 5008] mkdir("./4", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5152] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5152] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5184], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5184 [pid 5152] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5183] chdir("./4") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x7fedb043b9e0, 24 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5184] <... set_robust_list resumed>) = 0 [pid 5183] <... openat resumed>) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5183] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5185], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5185 [pid 5183] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus"./strace-static-x86_64: Process 5185 attached [pid 5185] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5185] memfd_create("syzkaller", 0) = 3 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5184] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5184] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5184] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./3/bus") = 0 [pid 5006] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./3/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./3") = 0 [pid 5006] mkdir("./4", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5186] chdir("./4") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5186] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5187 [pid 5186] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5153] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] exit_group(0 [pid 5184] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=37 /* 0.37 s */} --- [pid 5011] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./3/bus") = 0 [pid 5007] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./3/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./3") = 0 [pid 5007] mkdir("./4", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5188 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5188] chdir("./4") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5188] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5189 [pid 5188] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./3/bus") = 0 [pid 5010] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./3/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./3") = 0 [pid 5010] mkdir("./4", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5190 ./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5190] chdir("./4") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5190] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5190] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5191], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5191 [pid 5190] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./3/bus") = 0 [pid 5009] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./3/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./3") = 0 [pid 5009] mkdir("./4", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5192 ./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5192] chdir("./4") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5192] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5193], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5193 [pid 5192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./3/bus") = 0 [pid 5011] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./3/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./3") = 0 [pid 5011] mkdir("./4", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5194 ./strace-static-x86_64: Process 5194 attached [pid 5194] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5194] chdir("./4") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5194] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5195], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5195 [pid 5194] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5185] <... write resumed>) = 32394836 [pid 5185] munmap(0x7fedae557000, 32394836) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5185] ioctl(4, LOOP_SET_FD, 3 [pid 5187] <... write resumed>) = 32394836 [pid 5187] munmap(0x7fedae557000, 32394836) = 0 [pid 5185] <... ioctl resumed>) = 0 [pid 5185] close(3) = 0 [pid 5185] mkdir("./bus", 0777) = 0 [pid 5185] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.600220][ T5185] loop2: detected capacity change from 0 to 63271 [ 67.639485][ T5185] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./bus", 0777) = 0 [ 67.646975][ T5187] loop0: detected capacity change from 0 to 63271 [ 67.664721][ T5187] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 67.675928][ T5185] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 67.701725][ T5187] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 67.705972][ T5185] F2FS-fs (loop2): invalid crc value [ 67.745669][ T5185] F2FS-fs (loop2): Found nat_bits in checkpoint [ 67.747087][ T5187] F2FS-fs (loop0): invalid crc value [pid 5187] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 67.813884][ T5187] F2FS-fs (loop0): Found nat_bits in checkpoint [ 67.845939][ T5185] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5185] <... mount resumed>) = 0 [pid 5185] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5185] chdir("./bus") = 0 [pid 5185] ioctl(4, LOOP_CLR_FD) = 0 [ 67.858997][ T5185] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5185] close(4) = 0 [pid 5185] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5185] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5185] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 67.912136][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 67.912149][ T26] audit: type=1800 audit(1686875926.346:26): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5185] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5183] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5183] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5204], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5204 [pid 5183] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5204] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5204] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5204] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... write resumed>) = 32394836 [ 67.985821][ T5187] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 68.011701][ T5187] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5189] munmap(0x7fedae557000, 32394836 [pid 5191] <... write resumed>) = 32394836 [pid 5187] <... mount resumed>) = 0 [pid 5187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./bus") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5186] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... munmap resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 4 [pid 5187] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 1 [pid 5187] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5189] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3 [pid 5191] munmap(0x7fedae557000, 32394836 [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5189] <... ioctl resumed>) = 0 [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5191] <... munmap resumed>) = 0 [pid 5189] close(3 [pid 5186] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5189] <... close resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5189] mkdir("./bus", 0777 [ 68.042387][ T5185] bio_check_eod: 11 callbacks suppressed [ 68.042402][ T5185] syz-executor278: attempt to access beyond end of device [ 68.042402][ T5185] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 68.062122][ T5189] loop1: detected capacity change from 0 to 63271 [ 68.069392][ T26] audit: type=1800 audit(1686875926.496:27): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5191] <... openat resumed>) = 4 [pid 5189] <... mkdir resumed>) = 0 [pid 5186] <... mmap resumed>) = 0x7fedb041b000 [pid 5191] ioctl(4, LOOP_SET_FD, 3 [pid 5189] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5186] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5191] <... ioctl resumed>) = 0 [pid 5186] <... mprotect resumed>) = 0 [pid 5186] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5191] close(3 [pid 5186] <... clone resumed>, parent_tid=[5205], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5205 [pid 5186] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... close resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] mkdir("./bus", 0777./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5191] <... mkdir resumed>) = 0 [pid 5191] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 68.127168][ T5191] loop4: detected capacity change from 0 to 63271 [ 68.127714][ T5189] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 68.150601][ T5191] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5205] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5205] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [ 68.173686][ T5185] syz-executor278: attempt to access beyond end of device [ 68.173686][ T5185] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 68.178190][ T5189] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 68.188831][ T5191] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5205] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5183] exit_group(0 [pid 5204] <... futex resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5183] <... exit_group resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=44 /* 0.44 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 68.225644][ T5191] F2FS-fs (loop4): invalid crc value [ 68.246713][ T5191] F2FS-fs (loop4): Found nat_bits in checkpoint [ 68.250665][ T5187] syz-executor278: attempt to access beyond end of device [ 68.250665][ T5187] loop0: rw=2049, sector=77824, nr_sectors = 3272 limit=63271 [pid 5008] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5195] <... write resumed>) = 32394836 [pid 5191] <... mount resumed>) = 0 [ 68.298095][ T5189] F2FS-fs (loop1): invalid crc value [ 68.311908][ T5191] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 68.323285][ T5191] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5195] munmap(0x7fedae557000, 32394836 [pid 5191] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./bus") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... munmap resumed>) = 0 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5191] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5190] <... futex resumed>) = 0 [pid 5195] <... openat resumed>) = 4 [pid 5190] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 68.346729][ T5187] syz-executor278: attempt to access beyond end of device [ 68.346729][ T5187] loop0: rw=2049, sector=81096, nr_sectors = 824 limit=63271 [ 68.353103][ T5189] F2FS-fs (loop1): Found nat_bits in checkpoint [ 68.385685][ T5195] loop5: detected capacity change from 0 to 63271 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] <... open resumed>) = 4 [pid 5191] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] close(3 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... close resumed>) = 0 [pid 5191] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5190] <... futex resumed>) = 0 [pid 5195] mkdir("./bus", 0777 [pid 5190] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... mkdir resumed>) = 0 [pid 5195] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5193] <... write resumed>) = 32394836 [ 68.393806][ T26] audit: type=1800 audit(1686875926.826:28): pid=5191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 68.429077][ T5195] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5193] munmap(0x7fedae557000, 32394836 [pid 5187] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5187] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] exit_group(0 [pid 5205] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5187] <... futex resumed>) = ? [pid 5205] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=46 /* 0.46 s */} --- [pid 5006] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5190] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5190] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... munmap resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5193] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5190] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5193] <... openat resumed>) = 4 [pid 5190] <... mprotect resumed>) = 0 [ 68.458025][ T5195] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 68.487079][ T5195] F2FS-fs (loop5): invalid crc value [ 68.497530][ T5193] loop3: detected capacity change from 0 to 63271 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5215], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x7fedb043b9e0, 24 [pid 5190] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... set_robust_list resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5215] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5190] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5215] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5215] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] close(3) = 0 [pid 5193] mkdir("./bus", 0777) = 0 [ 68.500020][ T5191] syz-executor278: attempt to access beyond end of device [ 68.500020][ T5191] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 68.526008][ T5195] F2FS-fs (loop5): Found nat_bits in checkpoint [ 68.538448][ T5193] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5193] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5189] <... mount resumed>) = 0 [pid 5189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./bus") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5189] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 68.556841][ T5191] syz-executor278: attempt to access beyond end of device [ 68.556841][ T5191] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 68.576341][ T5189] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 68.583381][ T5189] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 68.591878][ T5193] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 68.600645][ T5195] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 5188] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... open resumed>) = 4 [pid 5189] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5189] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5188] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5191] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... mount resumed>) = 0 [pid 5195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./bus") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 1 [ 68.636884][ T26] audit: type=1800 audit(1686875927.076:29): pid=5189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 68.639785][ T5195] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 68.675981][ T5193] F2FS-fs (loop3): invalid crc value [pid 5195] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5188] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5221], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5221 [pid 5188] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] exit_group(0 [pid 5195] <... open resumed>) = 4 [pid 5215] <... futex resumed>) = ? [pid 5195] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = ? [pid 5190] <... exit_group resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5195] <... futex resumed>) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5191] +++ exited with 0 +++ [pid 5195] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5194] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5221] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5190] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5010] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 68.730527][ T5193] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5221] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5221] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 0 [pid 5221] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5194] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5223], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5223 [pid 5194] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 68.776897][ T26] audit: type=1800 audit(1686875927.166:30): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5223] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5223] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5223] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mount resumed>) = 0 [pid 5193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./bus") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 68.856997][ T5189] syz-executor278: attempt to access beyond end of device [ 68.856997][ T5189] loop1: rw=2049, sector=77824, nr_sectors = 2960 limit=63271 [ 68.878031][ T5193] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 68.885293][ T5193] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... open resumed>) = 4 [pid 5192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5193] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 0 [pid 5193] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 68.929329][ T26] audit: type=1800 audit(1686875927.366:31): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 68.940874][ T5189] syz-executor278: attempt to access beyond end of device [ 68.940874][ T5189] loop1: rw=2049, sector=80784, nr_sectors = 1136 limit=63271 [ 68.962265][ T5195] syz-executor278: attempt to access beyond end of device [ 68.962265][ T5195] loop5: rw=2049, sector=77824, nr_sectors = 3592 limit=63271 [pid 5192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] exit_group(0 [pid 5221] <... futex resumed>) = ? [pid 5188] <... exit_group resumed>) = ? [pid 5221] +++ exited with 0 +++ [pid 5192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5192] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5225], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5225 [pid 5192] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5225] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5225] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... pwritev2 resumed>) = ? [pid 5225] <... futex resumed>) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5225] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- [pid 5194] exit_group(0 [pid 5007] restart_syscall(<... resuming interrupted clone ...> [pid 5223] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5007] <... restart_syscall resumed>) = 0 [pid 5223] +++ exited with 0 +++ [pid 5007] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] <... openat resumed>) = 3 [pid 5008] lstat("./4/bus", [pid 5007] fstat(3, [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] getdents64(3, [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 69.055024][ T5193] syz-executor278: attempt to access beyond end of device [ 69.055024][ T5193] loop3: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5008] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5193] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5193] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... openat resumed>) = 4 [pid 5193] <... futex resumed>) = 0 [pid 5192] exit_group(0 [pid 5008] fstat(4, [pid 5225] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5225] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5008] getdents64(4, [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=34 /* 0.34 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] <... restart_syscall resumed>) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4 [pid 5009] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... close resumed>) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] rmdir("./4/bus" [pid 5009] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] <... rmdir resumed>) = 0 [pid 5009] fstat(3, [pid 5008] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] getdents64(3, [pid 5008] lstat("./4/binderfs", [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./4/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5195] <... pwritev2 resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] close(3) = 0 [pid 5008] rmdir("./4") = 0 [pid 5008] mkdir("./5", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5226] chdir("./5") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5226] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5227], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5227 [pid 5226] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./4/bus") = 0 [pid 5006] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./4/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./4") = 0 [pid 5006] mkdir("./5", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5228 ./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5228] chdir("./5") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5228] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5229], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5229 [pid 5228] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./4/bus") = 0 [pid 5010] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./4/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./4") = 0 [pid 5010] mkdir("./5", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5230] chdir("./5") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5230] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5231], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5231 [pid 5230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./4/bus") = 0 [pid 5009] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./4/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./4") = 0 [pid 5009] mkdir("./5", 0777) = 0 [pid 5007] <... umount2 resumed>) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5007] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5009] close(3 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... close resumed>) = 0 [pid 5007] lstat("./4/bus", [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5232 [pid 5007] <... openat resumed>) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./4/bus") = 0 ./strace-static-x86_64: Process 5232 attached [pid 5007] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5232] set_robust_list(0x5555556ed5e0, 24 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5232] <... set_robust_list resumed>) = 0 [pid 5007] lstat("./4/binderfs", [pid 5232] chdir("./5" [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5232] <... chdir resumed>) = 0 [pid 5007] unlink("./4/binderfs" [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5007] <... unlink resumed>) = 0 [pid 5232] <... prctl resumed>) = 0 [pid 5007] getdents64(3, [pid 5232] setpgid(0, 0 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5232] <... setpgid resumed>) = 0 [pid 5007] close(3 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5007] <... close resumed>) = 0 [pid 5232] <... openat resumed>) = 3 [pid 5007] rmdir("./4" [pid 5232] write(3, "1000", 4 [pid 5007] <... rmdir resumed>) = 0 [pid 5232] <... write resumed>) = 4 [pid 5007] mkdir("./5", 0777 [pid 5232] close(3 [pid 5007] <... mkdir resumed>) = 0 [pid 5232] <... close resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5232] symlink("/dev/binderfs", "./binderfs" [pid 5007] <... openat resumed>) = 3 [pid 5232] <... symlink resumed>) = 0 [pid 5007] ioctl(3, LOOP_CLR_FD [pid 5232] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5232] <... futex resumed>) = 0 [pid 5007] close(3 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5007] <... close resumed>) = 0 [pid 5232] <... mmap resumed>) = 0x7fedb6957000 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5232] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5233 [pid 5232] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5234], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5234 [pid 5232] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5233] chdir("./5") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5234 attached ) = 0 [pid 5234] set_robust_list(0x7fedb69779e0, 24 [pid 5233] setpgid(0, 0 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] <... setpgid resumed>) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5234] memfd_create("syzkaller", 0 [pid 5233] <... openat resumed>) = 3 [pid 5233] write(3, "1000", 4 [pid 5234] <... memfd_create resumed>) = 3 [pid 5233] <... write resumed>) = 4 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5233] close(3) = 0 [pid 5234] <... mmap resumed>) = 0x7fedae557000 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5233] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5235], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5235 [pid 5233] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./4/bus") = 0 [pid 5011] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./4/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./4") = 0 [pid 5011] mkdir("./5", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5236 ./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5236] chdir("./5") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5236] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5237], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5237 [pid 5236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5227] <... write resumed>) = 32394836 [pid 5227] munmap(0x7fedae557000, 32394836) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./bus", 0777) = 0 [ 70.339031][ T5227] loop2: detected capacity change from 0 to 63271 [ 70.367133][ T5227] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5227] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 70.417315][ T5227] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 70.451466][ T5227] F2FS-fs (loop2): invalid crc value [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5229] <... write resumed>) = 32394836 [ 70.489013][ T27] cfg80211: failed to load regulatory.db [ 70.496869][ T5227] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5229] munmap(0x7fedae557000, 32394836) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./bus", 0777) = 0 [ 70.591821][ T5229] loop0: detected capacity change from 0 to 63271 [ 70.620260][ T5227] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 70.633831][ T5229] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5229] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5227] <... mount resumed>) = 0 [pid 5227] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./bus") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 70.656181][ T5227] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 70.675607][ T5229] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5226] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5227] <... open resumed>) = 4 [pid 5227] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5227] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5227] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 70.707073][ T5229] F2FS-fs (loop0): invalid crc value [ 70.722939][ T26] audit: type=1800 audit(1686875929.156:32): pid=5227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5226] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5226] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5226] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5245], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5245 [pid 5226] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5245] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5245] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [ 70.797349][ T5229] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5245] <... futex resumed>) = 1 [pid 5245] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... write resumed>) = 32394836 [pid 5227] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5227] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] munmap(0x7fedae557000, 32394836 [pid 5226] exit_group(0) = ? [pid 5245] <... futex resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5227] <... futex resumed>) = ? [pid 5231] <... munmap resumed>) = 0 [pid 5227] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [pid 5229] <... mount resumed>) = 0 [pid 5229] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5008] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5229] <... openat resumed>) = 3 [pid 5229] chdir("./bus") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5228] <... futex resumed>) = 0 [ 70.943996][ T5229] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 70.968328][ T5229] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5229] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5228] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5229] <... open resumed>) = 4 [pid 5229] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5229] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5228] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./bus", 0777) = 0 [ 71.038055][ T26] audit: type=1800 audit(1686875929.476:33): pid=5229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 71.060812][ T5231] loop4: detected capacity change from 0 to 63271 [pid 5231] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5228] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5228] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5247], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5247 [pid 5228] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5247] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5247] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [ 71.090266][ T5231] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 71.128533][ T5231] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5247] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... write resumed>) = 32394836 [pid 5234] munmap(0x7fedae557000, 32394836 [pid 5235] <... write resumed>) = 32394836 [pid 5234] <... munmap resumed>) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 71.177695][ T5231] F2FS-fs (loop4): invalid crc value [ 71.214277][ T5231] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5234] ioctl(4, LOOP_SET_FD, 3 [pid 5235] munmap(0x7fedae557000, 32394836 [pid 5234] <... ioctl resumed>) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./bus", 0777 [pid 5235] <... munmap resumed>) = 0 [pid 5234] <... mkdir resumed>) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5234] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5235] <... openat resumed>) = 4 [ 71.240316][ T5234] loop3: detected capacity change from 0 to 63271 [pid 5235] ioctl(4, LOOP_SET_FD, 3 [pid 5229] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5229] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5228] exit_group(0) = ? [pid 5229] <... futex resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5247] <... futex resumed>) = ? [pid 5247] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5235] <... ioctl resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5235] close(3) = 0 [pid 5235] mkdir("./bus", 0777) = 0 [ 71.288283][ T5234] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 71.297742][ T5235] loop1: detected capacity change from 0 to 63271 [ 71.310459][ T5234] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5235] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5237] <... write resumed>) = 32394836 [pid 5237] munmap(0x7fedae557000, 32394836 [pid 5231] <... mount resumed>) = 0 [pid 5231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./bus") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.335752][ T5235] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 71.355535][ T5235] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 71.365759][ T5231] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 71.374816][ T5231] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... munmap resumed>) = 0 [pid 5231] <... open resumed>) = 4 [pid 5237] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... openat resumed>) = 4 [pid 5231] <... futex resumed>) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5237] ioctl(4, LOOP_SET_FD, 3 [pid 5231] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... ioctl resumed>) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./bus", 0777) = 0 [ 71.412870][ T26] audit: type=1800 audit(1686875929.846:34): pid=5231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 71.434963][ T5237] loop5: detected capacity change from 0 to 63271 [ 71.446957][ T5234] F2FS-fs (loop3): invalid crc value [ 71.452525][ T5235] F2FS-fs (loop1): invalid crc value [pid 5237] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5230] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5258 [pid 5230] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5258] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [ 71.495064][ T5237] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 71.510315][ T5234] F2FS-fs (loop3): Found nat_bits in checkpoint [ 71.519036][ T5235] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5258] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [ 71.578032][ T5237] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 71.611973][ T5237] F2FS-fs (loop5): invalid crc value [ 71.651749][ T5237] F2FS-fs (loop5): Found nat_bits in checkpoint [ 71.687669][ T5235] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 71.694731][ T5235] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5237] <... mount resumed>) = 0 [pid 5237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./bus") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5235] <... mount resumed>) = 0 [pid 5235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 71.706607][ T5234] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 71.717493][ T5237] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 71.723034][ T5234] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 71.732483][ T5237] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5235] chdir("./bus" [pid 5237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... chdir resumed>) = 0 [pid 5237] <... open resumed>) = 4 [pid 5236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [pid 5235] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] <... mount resumed>) = 0 [pid 5234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./bus") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5237] <... futex resumed>) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5232] <... futex resumed>) = 1 [pid 5237] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 0 [pid 5234] <... futex resumed>) = 0 [pid 5231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] <... open resumed>) = 4 [pid 5230] exit_group(0 [pid 5258] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5235] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... open resumed>) = 4 [pid 5231] <... futex resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5234] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=50 /* 0.50 s */} --- [pid 5235] <... futex resumed>) = 1 [pid 5234] <... futex resumed>) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5010] restart_syscall(<... resuming interrupted clone ...> [pid 5235] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5234] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5010] <... restart_syscall resumed>) = 0 [pid 5235] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 71.763188][ T26] audit: type=1800 audit(1686875930.196:35): pid=5237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5234] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5233] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5010] <... openat resumed>) = 3 [pid 5006] <... umount2 resumed>) = 0 [pid 5236] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] fstat(3, [pid 5006] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5236] <... futex resumed>) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5010] getdents64(3, [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5236] <... mmap resumed>) = 0x7fedb041b000 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5236] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5010] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5236] <... mprotect resumed>) = 0 [pid 5006] lstat("./5/bus", [pid 5236] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5236] <... clone resumed>, parent_tid=[5265], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5265 [pid 5236] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./5/bus") = 0 [pid 5006] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./5/binderfs"./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x7fedb043b9e0, 24 [pid 5006] <... unlink resumed>) = 0 [pid 5233] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5232] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5006] getdents64(3, [pid 5233] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5233] <... mmap resumed>) = 0x7fedb041b000 [pid 5232] <... mmap resumed>) = 0x7fedb041b000 [pid 5006] close(3 [pid 5233] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5232] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5233] <... mprotect resumed>) = 0 [pid 5232] <... mprotect resumed>) = 0 [pid 5233] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5232] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] <... close resumed>) = 0 [pid 5265] <... set_robust_list resumed>) = 0 [pid 5233] <... clone resumed>, parent_tid=[5266], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5266 [pid 5232] <... clone resumed>, parent_tid=[5267], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5267 [pid 5233] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] rmdir("./5" [pid 5233] <... futex resumed>) = 0 [pid 5265] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... rmdir resumed>) = 0 [pid 5006] mkdir("./6", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5266 attached ) = 3 [pid 5266] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5006] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5267 attached [pid 5267] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5267] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5266] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5267] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5267] <... futex resumed>) = 1 [pid 5267] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5006] close(3) = 0 [pid 5266] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5266] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5266] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5268] chdir("./6") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5008] <... umount2 resumed>) = 0 [pid 5268] <... mmap resumed>) = 0x7fedb6957000 [pid 5268] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5008] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5268] <... mprotect resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5268] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5008] lstat("./5/bus", [pid 5268] <... clone resumed>, parent_tid=[5269], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5269 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5268] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5268] <... futex resumed>) = 0 [pid 5265] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5268] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5265] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x7fedb69779e0, 24 [pid 5265] <... futex resumed>) = 0 [pid 5008] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5269] <... set_robust_list resumed>) = 0 [pid 5265] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] memfd_create("syzkaller", 0 [pid 5008] <... openat resumed>) = 4 [pid 5269] <... memfd_create resumed>) = 3 [pid 5008] fstat(4, [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./5/bus") = 0 [pid 5008] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./5/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./5") = 0 [pid 5008] mkdir("./6", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5270 ./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5270] chdir("./6") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5270] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5271], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5271 [pid 5270] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5234] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0) = ? [pid 5267] <... futex resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5234] <... futex resumed>) = ? ./strace-static-x86_64: Process 5271 attached [pid 5237] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5271] set_robust_list(0x7fedb69779e0, 24 [pid 5237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5235] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... set_robust_list resumed>) = 0 [pid 5237] <... futex resumed>) = 0 [pid 5234] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=39 /* 0.39 s */} --- [pid 5236] exit_group(0 [pid 5237] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] exit_group(0 [pid 5009] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5266] <... futex resumed>) = ? [pid 5265] <... futex resumed>) = ? [pid 5237] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5235] <... futex resumed>) = ? [pid 5233] <... exit_group resumed>) = ? [pid 5009] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5266] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ [pid 5009] <... openat resumed>) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5233] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=39 /* 0.39 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5271] memfd_create("syzkaller", 0) = 3 [pid 5271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./5/bus") = 0 [pid 5010] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./5/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./5") = 0 [pid 5010] mkdir("./6", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5272] chdir("./6") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5272] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5273], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5273 [pid 5272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./5/bus") = 0 [pid 5009] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./5/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./5") = 0 [pid 5009] mkdir("./6", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5274 ./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5274] chdir("./6") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5274] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5275], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5275 [pid 5274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./5/bus") = 0 [pid 5011] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./5/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./5") = 0 [pid 5011] mkdir("./6", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5276 attached , child_tidptr=0x5555556ed5d0) = 5276 [pid 5276] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5276] chdir("./6") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5276] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5276] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5276] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5277], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5277 [pid 5276] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5277] memfd_create("syzkaller", 0) = 3 [pid 5277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./5/bus") = 0 [pid 5007] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./5/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./5") = 0 [pid 5007] mkdir("./6", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5278] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5278] chdir("./6") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5278] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5279], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5279 [pid 5278] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5269] <... write resumed>) = 32394836 [pid 5269] munmap(0x7fedae557000, 32394836 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5271] <... write resumed>) = 32394836 [pid 5269] <... munmap resumed>) = 0 [pid 5271] munmap(0x7fedae557000, 32394836 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5271] <... munmap resumed>) = 0 [pid 5269] <... openat resumed>) = 4 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5271] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5271] <... openat resumed>) = 4 [pid 5271] ioctl(4, LOOP_SET_FD, 3 [pid 5269] close(3) = 0 [pid 5269] mkdir("./bus", 0777) = 0 [pid 5269] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5271] <... ioctl resumed>) = 0 [pid 5271] close(3) = 0 [pid 5271] mkdir("./bus", 0777) = 0 [ 73.287136][ T5269] loop0: detected capacity change from 0 to 63271 [ 73.294898][ T5271] loop2: detected capacity change from 0 to 63271 [ 73.299861][ T5269] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 73.315162][ T5271] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5271] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 73.336197][ T5269] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 73.345109][ T5271] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 73.354375][ T5269] F2FS-fs (loop0): invalid crc value [ 73.371609][ T5271] F2FS-fs (loop2): invalid crc value [ 73.389636][ T5269] F2FS-fs (loop0): Found nat_bits in checkpoint [ 73.425102][ T5271] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5269] <... mount resumed>) = 0 [pid 5269] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./bus") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [ 73.517474][ T5269] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 73.524635][ T5269] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 73.556465][ T5271] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 5269] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5269] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [ 73.570345][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 73.570358][ T26] audit: type=1800 audit(1686875932.006:38): pid=5269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 73.577122][ T5271] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5269] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5268] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5268] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5288 [pid 5268] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5288] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5288] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5288] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... mount resumed>) = 0 [pid 5271] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5271] chdir("./bus") = 0 [pid 5271] ioctl(4, LOOP_CLR_FD) = 0 [pid 5271] close(4) = 0 [pid 5271] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5271] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 73.694705][ T5269] bio_check_eod: 14 callbacks suppressed [ 73.694720][ T5269] syz-executor278: attempt to access beyond end of device [ 73.694720][ T5269] loop0: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5270] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] <... open resumed>) = 4 [pid 5271] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] <... futex resumed>) = 0 [pid 5271] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] <... futex resumed>) = 0 [pid 5271] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 73.731882][ T26] audit: type=1800 audit(1686875932.166:39): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5270] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5270] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5270] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5289], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5289 [pid 5270] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5289] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5270] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5289] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5289] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5273] <... write resumed>) = 32394836 [ 73.838609][ T5269] syz-executor278: attempt to access beyond end of device [ 73.838609][ T5269] loop0: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [pid 5273] munmap(0x7fedae557000, 32394836) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3 [pid 5275] <... write resumed>) = 32394836 [pid 5273] <... ioctl resumed>) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./bus", 0777 [pid 5269] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5269] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5269] <... futex resumed>) = ? [pid 5268] <... exit_group resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ [pid 5273] <... mkdir resumed>) = 0 [pid 5273] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=49 /* 0.49 s */} --- [pid 5275] munmap(0x7fedae557000, 32394836 [pid 5006] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 73.925264][ T5273] loop4: detected capacity change from 0 to 63271 [ 73.937638][ T5271] syz-executor278: attempt to access beyond end of device [ 73.937638][ T5271] loop2: rw=2049, sector=77824, nr_sectors = 2800 limit=63271 [ 73.952578][ T5273] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5006] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5275] <... munmap resumed>) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./bus", 0777) = 0 [ 73.970088][ T5273] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 73.991819][ T5275] loop3: detected capacity change from 0 to 63271 [ 74.013690][ T5273] F2FS-fs (loop4): invalid crc value [pid 5275] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5270] exit_group(0 [pid 5289] <... futex resumed>) = ? [pid 5270] <... exit_group resumed>) = ? [pid 5289] +++ exited with 0 +++ [ 74.036100][ T5275] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 74.038290][ T5271] syz-executor278: attempt to access beyond end of device [ 74.038290][ T5271] loop2: rw=2049, sector=80624, nr_sectors = 1296 limit=63271 [ 74.044726][ T5275] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 74.072999][ T5273] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5277] <... write resumed>) = 32394836 [pid 5277] munmap(0x7fedae557000, 32394836) = 0 [pid 5277] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5277] ioctl(4, LOOP_SET_FD, 3 [pid 5279] <... write resumed>) = 32394836 [pid 5279] munmap(0x7fedae557000, 32394836 [pid 5271] <... pwritev2 resumed>) = ? [pid 5271] +++ exited with 0 +++ [pid 5270] +++ exited with 0 +++ [ 74.127170][ T5275] F2FS-fs (loop3): invalid crc value [ 74.164193][ T5277] loop5: detected capacity change from 0 to 63271 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5008] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5279] <... munmap resumed>) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3 [pid 5273] <... mount resumed>) = 0 [pid 5273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./bus") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4 [pid 5277] <... ioctl resumed>) = 0 [pid 5277] close(3) = 0 [pid 5277] mkdir("./bus", 0777) = 0 [ 74.175902][ T5275] F2FS-fs (loop3): Found nat_bits in checkpoint [ 74.183323][ T5273] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 74.193345][ T5273] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 74.204260][ T5279] loop1: detected capacity change from 0 to 63271 [pid 5277] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5273] <... close resumed>) = 0 [pid 5273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... ioctl resumed>) = 0 [pid 5273] <... futex resumed>) = 1 [pid 5279] close(3 [pid 5273] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... close resumed>) = 0 [pid 5279] mkdir("./bus", 0777 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 0 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] <... mkdir resumed>) = 0 [pid 5279] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 0 [ 74.237951][ T5277] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 74.251041][ T26] audit: type=1800 audit(1686875932.686:40): pid=5273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 74.262011][ T5277] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 74.276803][ T5279] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5273] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5272] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5272] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5298], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5298 [pid 5272] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.305510][ T5279] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 74.321729][ T5279] F2FS-fs (loop1): invalid crc value [ 74.342936][ T5275] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 5272] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5298 attached [pid 5298] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5298] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5298] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5298] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... mount resumed>) = 0 [pid 5275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./bus") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 74.355728][ T5275] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 74.368980][ T5277] F2FS-fs (loop5): invalid crc value [ 74.379545][ T5279] F2FS-fs (loop1): Found nat_bits in checkpoint [ 74.386985][ T5277] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... open resumed>) = 4 [pid 5275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5275] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5274] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [ 74.405174][ T26] audit: type=1800 audit(1686875932.836:41): pid=5275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 74.432095][ T5273] syz-executor278: attempt to access beyond end of device [ 74.432095][ T5273] loop4: rw=2049, sector=77824, nr_sectors = 4016 limit=63271 [pid 5274] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5305], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5305 [pid 5274] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5305] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5305] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [ 74.524216][ T5273] syz-executor278: attempt to access beyond end of device [ 74.524216][ T5273] loop4: rw=2049, sector=81840, nr_sectors = 80 limit=63271 [ 74.551017][ T5277] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 74.554119][ T5275] syz-executor278: attempt to access beyond end of device [ 74.554119][ T5275] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5305] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... mount resumed>) = 0 [pid 5277] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5277] chdir("./bus") = 0 [pid 5277] ioctl(4, LOOP_CLR_FD) = 0 [pid 5277] close(4) = 0 [pid 5277] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... futex resumed>) = 1 [pid 5277] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5279] <... mount resumed>) = 0 [ 74.575400][ T5277] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 74.583501][ T5279] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 74.591820][ T5279] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5277] <... open resumed>) = 4 [pid 5277] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5277] <... futex resumed>) = 1 [pid 5279] <... openat resumed>) = 3 [pid 5277] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5279] chdir("./bus") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5278] <... futex resumed>) = 0 [pid 5279] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5278] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... open resumed>) = 4 [pid 5279] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] exit_group(0 [pid 5298] <... futex resumed>) = ? [pid 5272] <... exit_group resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5279] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5279] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 74.621532][ T26] audit: type=1800 audit(1686875933.056:42): pid=5277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5278] <... futex resumed>) = 0 [pid 5279] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5278] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...> [pid 5276] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5010] <... restart_syscall resumed>) = 0 [pid 5276] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5010] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5276] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5276] <... mprotect resumed>) = 0 [pid 5276] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5308], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5308 [pid 5276] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5308] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5308] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5308] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5278] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5278] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5309], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5309 [pid 5278] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5309] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./6/bus") = 0 [pid 5006] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./6/binderfs", [pid 5309] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5309] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5006] unlink("./6/binderfs" [pid 5309] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... unlink resumed>) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./6") = 0 [pid 5006] mkdir("./7", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 74.712902][ T26] audit: type=1800 audit(1686875933.116:43): pid=5279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 74.736286][ T5275] syz-executor278: attempt to access beyond end of device [ 74.736286][ T5275] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 5275] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5006] <... close resumed>) = 0 [pid 5275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] exit_group(0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5310 [pid 5305] <... futex resumed>) = ? [pid 5275] <... futex resumed>) = ? [pid 5274] <... exit_group resumed>) = ? [pid 5305] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 5009] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5310 attached ) = 3 [pid 5009] fstat(3, [pid 5310] set_robust_list(0x5555556ed5e0, 24 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5310] <... set_robust_list resumed>) = 0 [pid 5009] getdents64(3, [pid 5310] chdir("./7") = 0 [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5310] <... prctl resumed>) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5310] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5310] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5311], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5311 [pid 5310] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5311] memfd_create("syzkaller", 0) = 3 [pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 74.854818][ T5279] syz-executor278: attempt to access beyond end of device [ 74.854818][ T5279] loop1: rw=2049, sector=77824, nr_sectors = 2272 limit=63271 [ 74.874977][ T5277] syz-executor278: attempt to access beyond end of device [ 74.874977][ T5277] loop5: rw=2049, sector=77824, nr_sectors = 3624 limit=63271 [pid 5008] <... umount2 resumed>) = 0 [pid 5276] exit_group(0 [pid 5008] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5308] <... futex resumed>) = ? [pid 5276] <... exit_group resumed>) = ? [pid 5308] +++ exited with 0 +++ [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./6/bus") = 0 [pid 5008] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./6/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./6") = 0 [pid 5008] mkdir("./7", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5277] <... pwritev2 resumed>) = ? [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5312 [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=37 /* 0.37 s */} --- [pid 5011] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5312] chdir("./7") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5279] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5312] <... mmap resumed>) = 0x7fedb6957000 [pid 5279] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5278] exit_group(0 [pid 5309] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5309] +++ exited with 0 +++ [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5312] <... mprotect resumed>) = 0 [pid 5312] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, [pid 5312] <... clone resumed>, parent_tid=[5313], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5313 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5312] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] getdents64(3, [pid 5312] <... futex resumed>) = 0 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5312] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5313 attached [pid 5313] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./6/bus") = 0 [pid 5010] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./6/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./6") = 0 [pid 5010] mkdir("./7", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5314 ./strace-static-x86_64: Process 5314 attached [pid 5314] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5314] chdir("./7") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5314] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5315], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5315 [pid 5314] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5009] <... umount2 resumed>) = 0 [pid 5011] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] close(4) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] rmdir("./6/bus" [pid 5009] lstat("./6/bus", [pid 5011] <... rmdir resumed>) = 0 [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] unlink("./6/binderfs" [pid 5009] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... unlink resumed>) = 0 [pid 5009] <... openat resumed>) = 4 [pid 5011] getdents64(3, [pid 5009] fstat(4, [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] close(3 [pid 5009] getdents64(4, [pid 5011] <... close resumed>) = 0 [pid 5011] rmdir("./6" [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] <... rmdir resumed>) = 0 [pid 5009] getdents64(4, [pid 5011] mkdir("./7", 0777 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4 [pid 5011] <... mkdir resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5009] rmdir("./6/bus" [pid 5011] <... openat resumed>) = 3 [pid 5009] <... rmdir resumed>) = 0 [pid 5011] ioctl(3, LOOP_CLR_FD [pid 5009] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] close(3 [pid 5009] lstat("./6/binderfs", [pid 5011] <... close resumed>) = 0 [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./6/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./6" [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5009] <... rmdir resumed>) = 0 [pid 5009] mkdir("./7", 0777./strace-static-x86_64: Process 5316 attached [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5316 [pid 5009] <... mkdir resumed>) = 0 [pid 5316] set_robust_list(0x5555556ed5e0, 24 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5316] <... set_robust_list resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5316] chdir("./7" [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5316] <... chdir resumed>) = 0 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5316] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] close(3 [pid 5316] <... prctl resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5316] setpgid(0, 0) = 0 [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5317 [pid 5316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5316] write(3, "1000", 4) = 4 [pid 5316] close(3) = 0 [pid 5316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5316] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 ./strace-static-x86_64: Process 5317 attached [pid 5316] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5317] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5316] <... clone resumed>, parent_tid=[5318], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5318 [pid 5317] chdir("./7" [pid 5316] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... chdir resumed>) = 0 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5318 attached [pid 5317] setpgid(0, 0 [pid 5318] set_robust_list(0x7fedb69779e0, 24 [pid 5317] <... setpgid resumed>) = 0 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] memfd_create("syzkaller", 0 [pid 5317] write(3, "1000", 4 [pid 5318] <... memfd_create resumed>) = 3 [pid 5317] <... write resumed>) = 4 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5317] close(3 [pid 5318] <... mmap resumed>) = 0x7fedae557000 [pid 5317] <... close resumed>) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5317] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5319], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5319 [pid 5317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5319 attached [pid 5319] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5319] memfd_create("syzkaller", 0) = 3 [pid 5319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./6/bus") = 0 [pid 5007] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./6/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./6") = 0 [pid 5007] mkdir("./7", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3 [pid 5311] <... write resumed>) = 32394836 [pid 5007] <... close resumed>) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5311] munmap(0x7fedae557000, 32394836 [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5320] chdir("./7") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5311] <... munmap resumed>) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5311] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5320] <... openat resumed>) = 3 [pid 5311] <... openat resumed>) = 4 [pid 5320] write(3, "1000", 4 [pid 5311] ioctl(4, LOOP_SET_FD, 3 [pid 5320] <... write resumed>) = 4 [pid 5311] <... ioctl resumed>) = 0 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5311] close(3 [pid 5320] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5311] <... close resumed>) = 0 [pid 5320] <... mprotect resumed>) = 0 [pid 5311] mkdir("./bus", 0777 [pid 5320] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5321], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5321 [pid 5320] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] <... mkdir resumed>) = 0 [pid 5320] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5311] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5321 attached [pid 5321] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 75.946900][ T5311] loop0: detected capacity change from 0 to 63271 [ 75.959404][ T5311] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 75.982849][ T5311] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 76.016868][ T5311] F2FS-fs (loop0): invalid crc value [pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 76.065887][ T5311] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5311] <... mount resumed>) = 0 [pid 5311] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5311] chdir("./bus") = 0 [pid 5311] ioctl(4, LOOP_CLR_FD) = 0 [ 76.162100][ T5311] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 76.188388][ T5311] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5311] close(4 [pid 5313] <... write resumed>) = 32394836 [pid 5311] <... close resumed>) = 0 [pid 5313] munmap(0x7fedae557000, 32394836 [pid 5311] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5311] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5310] <... futex resumed>) = 0 [pid 5311] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5310] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... munmap resumed>) = 0 [pid 5311] <... open resumed>) = 4 [pid 5313] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5311] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [pid 5313] <... openat resumed>) = 4 [pid 5311] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5310] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./bus", 0777) = 0 [ 76.258434][ T26] audit: type=1800 audit(1686875934.696:44): pid=5311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 76.286339][ T5313] loop2: detected capacity change from 0 to 63271 [pid 5313] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5310] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5310] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5310] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5326], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5326 [pid 5310] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.307377][ T5313] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 76.345610][ T5313] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5310] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 76.360095][ T5313] F2FS-fs (loop2): invalid crc value [pid 5326] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5326] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] <... futex resumed>) = 0 [ 76.393003][ T5313] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5326] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5311] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5310] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5310] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5311] <... futex resumed>) = ? [pid 5311] +++ exited with 0 +++ [pid 5310] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=43 /* 0.43 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5313] <... mount resumed>) = 0 [pid 5313] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5313] chdir("./bus" [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5313] <... chdir resumed>) = 0 [pid 5006] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5313] ioctl(4, LOOP_CLR_FD [pid 5006] <... openat resumed>) = 3 [pid 5313] <... ioctl resumed>) = 0 [pid 5006] fstat(3, [pid 5313] close(4) = 0 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5313] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] getdents64(3, [pid 5313] <... futex resumed>) = 1 [ 76.505937][ T5313] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 76.518101][ T5313] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5313] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5312] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5313] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5313] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5312] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... write resumed>) = 32394836 [pid 5313] <... open resumed>) = 4 [pid 5318] munmap(0x7fedae557000, 32394836 [pid 5313] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5313] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5312] <... futex resumed>) = 0 [pid 5313] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5312] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... munmap resumed>) = 0 [pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5318] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 76.576425][ T26] audit: type=1800 audit(1686875935.016:45): pid=5313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5318] ioctl(4, LOOP_SET_FD, 3 [pid 5315] <... write resumed>) = 32394836 [pid 5312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5318] <... ioctl resumed>) = 0 [pid 5318] close(3 [pid 5315] munmap(0x7fedae557000, 32394836 [pid 5312] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... close resumed>) = 0 [pid 5312] <... futex resumed>) = 0 [pid 5318] mkdir("./bus", 0777 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5318] <... mkdir resumed>) = 0 [pid 5312] <... mmap resumed>) = 0x7fedb041b000 [pid 5318] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5312] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5315] <... munmap resumed>) = 0 [pid 5312] <... mprotect resumed>) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5312] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5315] <... openat resumed>) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3 [pid 5312] <... clone resumed>, parent_tid=[5331], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5331 [pid 5312] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.632824][ T5318] loop5: detected capacity change from 0 to 63271 [pid 5312] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5331 attached [pid 5315] close(3 [pid 5331] set_robust_list(0x7fedb043b9e0, 24 [pid 5315] <... close resumed>) = 0 [pid 5331] <... set_robust_list resumed>) = 0 [pid 5315] mkdir("./bus", 0777 [pid 5331] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5315] <... mkdir resumed>) = 0 [pid 5331] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5315] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5331] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [ 76.679830][ T5315] loop4: detected capacity change from 0 to 63271 [ 76.686344][ T5318] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 76.694773][ T5318] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 76.719104][ T5315] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5331] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5313] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] exit_group(0 [pid 5331] <... futex resumed>) = ? [pid 5313] <... futex resumed>) = ? [pid 5312] <... exit_group resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ [ 76.735610][ T5315] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 76.747536][ T5318] F2FS-fs (loop5): invalid crc value [ 76.759869][ T5315] F2FS-fs (loop4): invalid crc value [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=39 /* 0.39 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 76.782107][ T5315] F2FS-fs (loop4): Found nat_bits in checkpoint [ 76.797599][ T5318] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5008] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5315] <... mount resumed>) = 0 [pid 5315] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./bus") = 0 [pid 5315] ioctl(4, LOOP_CLR_FD) = 0 [ 76.905598][ T5315] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 76.912710][ T5315] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 76.920751][ T5318] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 5315] close(4) = 0 [pid 5315] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5314] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5314] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... open resumed>) = 4 [pid 5315] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5315] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5314] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mount resumed>) = 0 [pid 5318] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./bus") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [ 76.950560][ T5318] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 76.963038][ T26] audit: type=1800 audit(1686875935.406:46): pid=5315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5318] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5318] <... futex resumed>) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5314] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] <... futex resumed>) = 0 [pid 5318] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5316] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5318] <... open resumed>) = 4 [pid 5314] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5318] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... mprotect resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5314] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5318] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] <... futex resumed>) = 0 [pid 5318] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5316] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... clone resumed>, parent_tid=[5340], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5340 [pid 5314] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5340 attached [pid 5340] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5340] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5340] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5319] <... write resumed>) = 32394836 [pid 5319] munmap(0x7fedae557000, 32394836 [pid 5340] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5316] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... munmap resumed>) = 0 [pid 5316] <... futex resumed>) = 0 [pid 5316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5319] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5316] <... mmap resumed>) = 0x7fedb041b000 [pid 5316] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5316] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5341], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5341 [pid 5316] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... openat resumed>) = 4 [ 77.091231][ T26] audit: type=1800 audit(1686875935.486:47): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5319] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5341] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5341] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] <... futex resumed>) = 0 [pid 5341] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... ioctl resumed>) = 0 [pid 5319] close(3) = 0 [pid 5319] mkdir("./bus", 0777) = 0 [ 77.150242][ T5319] loop3: detected capacity change from 0 to 63271 [pid 5319] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5315] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5315] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] exit_group(0 [pid 5340] <... futex resumed>) = ? [pid 5315] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5010] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 77.210777][ T5319] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5010] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5318] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5006] lstat("./7/bus", [pid 5318] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5318] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5316] exit_group(0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5341] <... futex resumed>) = ? [pid 5318] <... futex resumed>) = ? [pid 5316] <... exit_group resumed>) = ? [pid 5006] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5341] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ [pid 5316] +++ exited with 0 +++ [pid 5006] <... openat resumed>) = 4 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5316, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [ 77.260892][ T5319] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 77.300869][ T5319] F2FS-fs (loop3): invalid crc value [pid 5006] fstat(4, [pid 5011] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./7/bus") = 0 [pid 5006] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./7/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./7") = 0 [pid 5006] mkdir("./8", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5345 ./strace-static-x86_64: Process 5345 attached [pid 5345] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5345] chdir("./8") = 0 [pid 5345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5345] setpgid(0, 0) = 0 [pid 5345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5345] write(3, "1000", 4) = 4 [pid 5345] close(3) = 0 [ 77.342154][ T5319] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5345] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5345] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5346], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5346 [pid 5345] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] <... write resumed>) = 32394836 ./strace-static-x86_64: Process 5346 attached [pid 5346] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5321] munmap(0x7fedae557000, 32394836) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5319] <... mount resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./7/bus", [pid 5319] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5319] <... openat resumed>) = 3 [pid 5008] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5319] chdir("./bus" [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5319] <... chdir resumed>) = 0 [pid 5319] ioctl(4, LOOP_CLR_FD [pid 5008] <... openat resumed>) = 4 [pid 5319] <... ioctl resumed>) = 0 [pid 5008] fstat(4, [pid 5319] close(4) = 0 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] getdents64(4, [pid 5319] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] getdents64(4, [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5319] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] close(4) = 0 [pid 5319] <... open resumed>) = 4 [pid 5008] rmdir("./7/bus" [pid 5319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 5319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5319] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] lstat("./7/binderfs", [pid 5321] <... ioctl resumed>) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./bus", 0777) = 0 [pid 5321] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 77.445912][ T5319] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 77.463911][ T5321] loop1: detected capacity change from 0 to 63271 [ 77.470770][ T5319] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5008] unlink("./7/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./7") = 0 [pid 5008] mkdir("./8", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5348 ./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5348] chdir("./8") = 0 [pid 5348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5348] setpgid(0, 0) = 0 [pid 5348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5348] write(3, "1000", 4) = 4 [ 77.526056][ T5321] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5348] close(3) = 0 [pid 5317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5317] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] <... futex resumed>) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5348] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] <... mmap resumed>) = 0x7fedb041b000 [pid 5317] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5317] <... mprotect resumed>) = 0 [pid 5348] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5317] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5348] <... mprotect resumed>) = 0 [pid 5317] <... clone resumed>, parent_tid=[5349], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5349 [pid 5348] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5317] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... clone resumed>, parent_tid=[5350], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5350 [pid 5317] <... futex resumed>) = 0 [pid 5348] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5349 attached [pid 5348] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5349] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5349] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5349] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5349] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 77.567163][ T5321] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5319] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0 [pid 5349] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5319] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=41 /* 0.41 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 77.744569][ T5321] F2FS-fs (loop1): invalid crc value [pid 5009] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 77.772168][ T5321] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5321] <... mount resumed>) = 0 [pid 5321] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./bus") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.924863][ T5321] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 77.942561][ T5321] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5320] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5321] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5320] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5320] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5355], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5355 [pid 5320] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5355 attached [pid 5355] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5355] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5355] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4 [pid 5355] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./7/bus" [pid 5355] <... futex resumed>) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5010] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5355] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./7/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./7") = 0 [pid 5010] mkdir("./8", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5356] chdir("./8") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5356] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5357], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5357 [pid 5356] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5357 attached [pid 5357] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./7/bus") = 0 [pid 5011] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./7/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./7") = 0 [pid 5011] mkdir("./8", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5358 ./strace-static-x86_64: Process 5358 attached [pid 5358] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5358] chdir("./8") = 0 [pid 5358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5358] setpgid(0, 0) = 0 [pid 5358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5358] write(3, "1000", 4) = 4 [pid 5358] close(3) = 0 [pid 5358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5358] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5358] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5359], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5359 [pid 5358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5359] memfd_create("syzkaller", 0) = 3 [pid 5359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5321] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5321] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] exit_group(0 [pid 5321] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] <... futex resumed>) = ? [pid 5321] <... futex resumed>) = ? [pid 5320] <... exit_group resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=36 /* 0.36 s */} --- [pid 5007] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./7/bus") = 0 [pid 5009] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./7/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./7") = 0 [pid 5009] mkdir("./8", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5360 ./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5360] chdir("./8") = 0 [pid 5360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5360] setpgid(0, 0) = 0 [pid 5360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5360] write(3, "1000", 4) = 4 [pid 5360] close(3) = 0 [pid 5360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5360] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5360] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5361], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5361 [pid 5360] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5361 attached [pid 5361] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5361] memfd_create("syzkaller", 0) = 3 [pid 5361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5346] <... write resumed>) = 32394836 [pid 5346] munmap(0x7fedae557000, 32394836) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] mkdir("./bus", 0777) = 0 [ 78.536150][ T5346] loop0: detected capacity change from 0 to 63271 [ 78.591509][ T5346] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 78.614500][ T5346] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 78.646235][ T5346] F2FS-fs (loop0): invalid crc value [pid 5346] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 78.696970][ T5346] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5350] <... write resumed>) = 32394836 [pid 5350] munmap(0x7fedae557000, 32394836) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 78.831023][ T5346] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 78.861363][ T5346] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 78.874993][ T5350] loop2: detected capacity change from 0 to 63271 [pid 5350] ioctl(4, LOOP_SET_FD, 3 [pid 5346] <... mount resumed>) = 0 [pid 5361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5346] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./bus" [pid 5350] <... ioctl resumed>) = 0 [pid 5346] <... chdir resumed>) = 0 [pid 5350] close(3) = 0 [pid 5350] mkdir("./bus", 0777 [pid 5346] ioctl(4, LOOP_CLR_FD [pid 5350] <... mkdir resumed>) = 0 [pid 5350] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5346] <... ioctl resumed>) = 0 [pid 5346] close(4) = 0 [pid 5346] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5346] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5346] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 78.895027][ T5350] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 78.925502][ T5350] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5345] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... open resumed>) = 4 [pid 5346] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5346] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5346] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 78.943724][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 78.943738][ T26] audit: type=1800 audit(1686875937.376:50): pid=5346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 78.972260][ T5350] F2FS-fs (loop2): invalid crc value [pid 5345] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5345] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5345] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5345] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5369 attached [pid 5345] <... clone resumed>, parent_tid=[5369], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5369 [pid 5369] set_robust_list(0x7fedb043b9e0, 24 [ 78.999827][ T5350] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5345] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... set_robust_list resumed>) = 0 [pid 5345] <... futex resumed>) = 0 [pid 5369] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5345] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./7/bus") = 0 [pid 5007] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5369] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5369] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5369] <... futex resumed>) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5369] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./7/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./7") = 0 [pid 5007] mkdir("./8", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5370 ./strace-static-x86_64: Process 5370 attached [pid 5370] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5370] chdir("./8") = 0 [pid 5370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] setpgid(0, 0) = 0 [pid 5370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5370] write(3, "1000", 4) = 4 [pid 5370] close(3) = 0 [pid 5370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5370] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [ 79.118248][ T5350] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 79.125402][ T5350] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 79.150161][ T5346] bio_check_eod: 14 callbacks suppressed [ 79.150175][ T5346] syz-executor278: attempt to access beyond end of device [pid 5370] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5370] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5372], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5372 [pid 5370] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5350] <... mount resumed>) = 0 [pid 5350] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./bus") = 0 [pid 5350] ioctl(4, LOOP_CLR_FD) = 0 [pid 5350] close(4) = 0 [pid 5350] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5350] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [ 79.150175][ T5346] loop0: rw=2049, sector=77824, nr_sectors = 2344 limit=63271 [pid 5350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5348] <... futex resumed>) = 0 [pid 5350] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5348] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... open resumed>) = 4 [pid 5350] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5350] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5348] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5348] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 79.218855][ T26] audit: type=1800 audit(1686875937.656:51): pid=5350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5348] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5348] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5373], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5373 [pid 5348] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... write resumed>) = 32394836 [pid 5348] <... futex resumed>) = 0 [pid 5359] munmap(0x7fedae557000, 32394836 [pid 5348] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5373 attached [pid 5373] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5373] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5373] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5373] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... munmap resumed>) = 0 [pid 5359] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 79.282120][ T5346] syz-executor278: attempt to access beyond end of device [ 79.282120][ T5346] loop0: rw=2049, sector=80168, nr_sectors = 1752 limit=63271 [pid 5359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5359] close(3) = 0 [pid 5359] mkdir("./bus", 0777) = 0 [ 79.336799][ T5359] loop5: detected capacity change from 0 to 63271 [ 79.346623][ T5350] syz-executor278: attempt to access beyond end of device [ 79.346623][ T5350] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5359] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5346] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5346] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] exit_group(0 [pid 5369] <... futex resumed>) = ? [pid 5345] <... exit_group resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5346] +++ exited with 0 +++ [pid 5345] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5345, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5006] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 79.378826][ T5359] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 79.401989][ T5359] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5006] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5361] <... write resumed>) = 32394836 [pid 5357] <... write resumed>) = 32394836 [pid 5357] munmap(0x7fedae557000, 32394836 [pid 5361] munmap(0x7fedae557000, 32394836 [pid 5357] <... munmap resumed>) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 79.442239][ T5350] syz-executor278: attempt to access beyond end of device [ 79.442239][ T5350] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 79.472379][ T5359] F2FS-fs (loop5): invalid crc value [pid 5357] ioctl(4, LOOP_SET_FD, 3 [pid 5361] <... munmap resumed>) = 0 [pid 5361] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5361] ioctl(4, LOOP_SET_FD, 3 [pid 5357] <... ioctl resumed>) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./bus", 0777) = 0 [pid 5361] <... ioctl resumed>) = 0 [pid 5361] close(3) = 0 [pid 5361] mkdir("./bus", 0777 [pid 5357] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5361] <... mkdir resumed>) = 0 [ 79.502520][ T5357] loop4: detected capacity change from 0 to 63271 [ 79.512327][ T5361] loop3: detected capacity change from 0 to 63271 [ 79.524195][ T5359] F2FS-fs (loop5): Found nat_bits in checkpoint [ 79.540137][ T5357] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5361] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5350] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5350] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] exit_group(0 [pid 5350] <... futex resumed>) = ? [pid 5348] <... exit_group resumed>) = ? [pid 5350] +++ exited with 0 +++ [pid 5373] <... futex resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5348, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=45 /* 0.45 s */} --- [pid 5008] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 79.557271][ T5361] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 79.564094][ T5357] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 79.574080][ T5361] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 79.596396][ T5357] F2FS-fs (loop4): invalid crc value [pid 5008] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5359] <... mount resumed>) = 0 [pid 5359] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5359] chdir("./bus") = 0 [pid 5359] ioctl(4, LOOP_CLR_FD) = 0 [pid 5359] close(4) = 0 [pid 5359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.613809][ T5359] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 79.621770][ T5359] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 79.630414][ T5357] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5359] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5359] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] <... futex resumed>) = 0 [pid 5359] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 79.656049][ T26] audit: type=1800 audit(1686875938.096:52): pid=5359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5358] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5358] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5358] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5382], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5382 [pid 5358] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5382] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [ 79.743301][ T5357] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 79.757736][ T5361] F2FS-fs (loop3): invalid crc value [ 79.780922][ T5357] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5382] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5382] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5382] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... mount resumed>) = 0 [pid 5357] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./bus") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5356] <... futex resumed>) = 0 [ 79.793518][ T5361] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5356] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 4 [pid 5357] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.846811][ T26] audit: type=1800 audit(1686875938.286:53): pid=5357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5357] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5356] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5356] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5386], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5386 [pid 5356] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 79.910655][ T5359] syz-executor278: attempt to access beyond end of device [ 79.910655][ T5359] loop5: rw=2049, sector=77824, nr_sectors = 3848 limit=63271 [ 79.930741][ T5361] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 79.953506][ T5361] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5386] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5356] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5386] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5386] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] <... mount resumed>) = 0 [pid 5361] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5361] chdir("./bus") = 0 [pid 5361] ioctl(4, LOOP_CLR_FD) = 0 [pid 5361] close(4) = 0 [pid 5361] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5361] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5360] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... open resumed>) = 4 [pid 5361] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5361] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5360] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5361] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 80.009846][ T26] audit: type=1800 audit(1686875938.446:54): pid=5361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 80.016122][ T5359] syz-executor278: attempt to access beyond end of device [ 80.016122][ T5359] loop5: rw=2049, sector=81672, nr_sectors = 248 limit=63271 [pid 5360] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5360] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5360] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5360] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5388], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5388 [pid 5360] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5388 attached [pid 5388] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 80.076336][ T5357] syz-executor278: attempt to access beyond end of device [ 80.076336][ T5357] loop4: rw=2049, sector=77824, nr_sectors = 3848 limit=63271 [ 80.110720][ T5357] syz-executor278: attempt to access beyond end of device [ 80.110720][ T5357] loop4: rw=2049, sector=81672, nr_sectors = 248 limit=63271 [pid 5388] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5359] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] exit_group(0 [pid 5382] <... futex resumed>) = ? [pid 5359] <... futex resumed>) = ? [pid 5358] <... exit_group resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ [pid 5388] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5358] +++ exited with 0 +++ [pid 5388] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5358, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=44 /* 0.44 s */} --- [pid 5388] <... futex resumed>) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5357] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5011] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5388] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5357] <... futex resumed>) = 0 [pid 5011] <... openat resumed>) = 3 [pid 5011] fstat(3, [pid 5357] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5356] exit_group(0 [pid 5011] getdents64(3, [pid 5386] <... futex resumed>) = ? [pid 5356] <... exit_group resumed>) = ? [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5386] +++ exited with 0 +++ [pid 5357] <... futex resumed>) = ? [pid 5011] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5357] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- [pid 5010] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./8/bus") = 0 [pid 5006] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./8/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./8") = 0 [pid 5006] mkdir("./9", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5008] <... umount2 resumed>) = 0 [pid 5389] set_robust_list(0x5555556ed5e0, 24 [pid 5008] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5389] <... set_robust_list resumed>) = 0 [pid 5389] chdir("./9" [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5389] <... chdir resumed>) = 0 [ 80.238196][ T5361] syz-executor278: attempt to access beyond end of device [ 80.238196][ T5361] loop3: rw=2049, sector=77824, nr_sectors = 2456 limit=63271 [pid 5008] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5389] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5390], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5390 [pid 5389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5008] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5390] set_robust_list(0x7fedb69779e0, 24 [pid 5008] <... openat resumed>) = 4 [pid 5390] <... set_robust_list resumed>) = 0 [pid 5008] fstat(4, [pid 5390] memfd_create("syzkaller", 0 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5390] <... memfd_create resumed>) = 3 [pid 5008] getdents64(4, [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5390] <... mmap resumed>) = 0x7fedae557000 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./8/bus") = 0 [pid 5361] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5361] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./8/binderfs", [pid 5361] <... futex resumed>) = 0 [pid 5361] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5360] exit_group(0 [pid 5008] unlink("./8/binderfs" [pid 5360] <... exit_group resumed>) = ? [pid 5008] <... unlink resumed>) = 0 [pid 5388] <... futex resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5361] <... futex resumed>) = ? [pid 5008] getdents64(3, [pid 5361] +++ exited with 0 +++ [pid 5360] +++ exited with 0 +++ [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5360, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] close(3) = 0 [pid 5009] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] rmdir("./8" [pid 5009] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... rmdir resumed>) = 0 [ 80.291820][ T5361] syz-executor278: attempt to access beyond end of device [ 80.291820][ T5361] loop3: rw=2049, sector=80280, nr_sectors = 1640 limit=63271 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] mkdir("./9", 0777 [pid 5009] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... mkdir resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5391 ./strace-static-x86_64: Process 5391 attached [pid 5391] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5391] chdir("./9") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5391] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5392], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5392 [pid 5391] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5372] <... write resumed>) = 32394836 [pid 5372] munmap(0x7fedae557000, 32394836) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./bus", 0777) = 0 [ 80.593834][ T5372] loop1: detected capacity change from 0 to 63271 [ 80.616732][ T5372] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 80.639091][ T5372] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5372] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 80.780916][ T5372] F2FS-fs (loop1): invalid crc value [ 80.811590][ T5372] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./8/bus") = 0 [pid 5011] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./8/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./8") = 0 [pid 5011] mkdir("./9", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5397 ./strace-static-x86_64: Process 5397 attached [pid 5397] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5397] chdir("./9") = 0 [pid 5397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5010] <... umount2 resumed>) = 0 [pid 5397] setpgid(0, 0 [pid 5010] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5397] <... setpgid resumed>) = 0 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] lstat("./8/bus", [pid 5397] <... openat resumed>) = 3 [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5397] write(3, "1000", 4 [pid 5010] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5397] <... write resumed>) = 4 [pid 5397] close(3 [pid 5010] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5397] <... close resumed>) = 0 [pid 5010] <... openat resumed>) = 4 [pid 5397] symlink("/dev/binderfs", "./binderfs" [pid 5010] fstat(4, [pid 5397] <... symlink resumed>) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5397] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] getdents64(4, [pid 5397] <... futex resumed>) = 0 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5010] getdents64(4, [pid 5397] <... mmap resumed>) = 0x7fedb6957000 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5397] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5010] close(4 [pid 5397] <... mprotect resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5397] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] rmdir("./8/bus") = 0 [pid 5010] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5397] <... clone resumed>, parent_tid=[5398], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5398 ./strace-static-x86_64: Process 5398 attached [pid 5397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5398] set_robust_list(0x7fedb69779e0, 24 [ 80.956186][ T5372] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 80.963364][ T5372] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5397] <... futex resumed>) = 0 [pid 5010] lstat("./8/binderfs", [pid 5398] <... set_robust_list resumed>) = 0 [pid 5397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5398] memfd_create("syzkaller", 0 [pid 5010] unlink("./8/binderfs" [pid 5398] <... memfd_create resumed>) = 3 [pid 5398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] <... unlink resumed>) = 0 [pid 5398] <... mmap resumed>) = 0x7fedae557000 [pid 5010] getdents64(3, [pid 5372] <... mount resumed>) = 0 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5372] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./bus") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5372] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5370] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5370] <... futex resumed>) = 0 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5370] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... open resumed>) = 4 [pid 5010] close(3 [pid 5372] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5370] <... futex resumed>) = 0 [pid 5372] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5370] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5370] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./8") = 0 [pid 5010] mkdir("./9", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5399 ./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5399] chdir("./9") = 0 [pid 5399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5399] setpgid(0, 0 [pid 5370] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5399] <... setpgid resumed>) = 0 [pid 5370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5370] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... openat resumed>) = 3 [pid 5370] <... futex resumed>) = 0 [pid 5399] write(3, "1000", 4 [ 81.039581][ T26] audit: type=1800 audit(1686875939.476:55): pid=5372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5399] <... write resumed>) = 4 [pid 5370] <... mmap resumed>) = 0x7fedb041b000 [pid 5399] close(3 [pid 5370] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5399] <... close resumed>) = 0 [pid 5370] <... mprotect resumed>) = 0 [pid 5399] symlink("/dev/binderfs", "./binderfs" [pid 5370] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5399] <... symlink resumed>) = 0 [pid 5399] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... clone resumed>, parent_tid=[5400], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5400 [pid 5399] <... futex resumed>) = 0 [pid 5370] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5400 attached [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5370] <... futex resumed>) = 0 [pid 5400] set_robust_list(0x7fedb043b9e0, 24 [pid 5399] <... mmap resumed>) = 0x7fedb6957000 [pid 5370] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5400] <... set_robust_list resumed>) = 0 [pid 5399] <... mprotect resumed>) = 0 [pid 5400] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5399] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5401], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5401 [pid 5399] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5401 attached [pid 5401] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5401] memfd_create("syzkaller", 0) = 3 [pid 5401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5400] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5400] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5400] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./8/bus") = 0 [pid 5009] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./8/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./8") = 0 [pid 5009] mkdir("./9", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5402 ./strace-static-x86_64: Process 5402 attached [pid 5402] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5402] chdir("./9") = 0 [pid 5402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5402] setpgid(0, 0) = 0 [pid 5402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5402] write(3, "1000", 4) = 4 [pid 5402] close(3) = 0 [pid 5402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5402] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5372] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5402] <... mmap resumed>) = 0x7fedb6957000 [pid 5372] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5372] <... futex resumed>) = 0 [pid 5402] <... mprotect resumed>) = 0 [pid 5372] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5370] exit_group(0 [pid 5400] <... futex resumed>) = ? [pid 5372] <... futex resumed>) = ? [pid 5370] <... exit_group resumed>) = ? [pid 5402] <... clone resumed>, parent_tid=[5403], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5403 [pid 5400] +++ exited with 0 +++ [pid 5402] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] +++ exited with 0 +++ [pid 5370] +++ exited with 0 +++ [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5370, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 5007] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5403 attached [pid 5403] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5403] memfd_create("syzkaller", 0) = 3 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5390] <... write resumed>) = 32394836 [pid 5390] munmap(0x7fedae557000, 32394836) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./bus", 0777) = 0 [ 81.389002][ T5390] loop0: detected capacity change from 0 to 63271 [ 81.426578][ T5390] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 81.435011][ T5390] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5390] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 81.500850][ T5390] F2FS-fs (loop0): invalid crc value [pid 5398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5392] <... write resumed>) = 32394836 [ 81.546127][ T5390] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5392] munmap(0x7fedae557000, 32394836) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./bus", 0777) = 0 [ 81.660731][ T5392] loop2: detected capacity change from 0 to 63271 [ 81.674716][ T5390] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 81.692475][ T5392] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 81.699003][ T5390] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5392] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5390] <... mount resumed>) = 0 [pid 5390] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./bus") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [ 81.714082][ T5392] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5390] close(4) = 0 [pid 5390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 81.756344][ T5392] F2FS-fs (loop2): invalid crc value [ 81.769771][ T26] audit: type=1800 audit(1686875940.206:56): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5389] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5389] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5411], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5411 [pid 5389] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [ 81.814645][ T5392] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5411] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5411] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5411] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5411] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, [pid 5392] <... mount resumed>) = 0 [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5007] close(4 [pid 5392] <... openat resumed>) = 3 [pid 5392] chdir("./bus" [pid 5007] <... close resumed>) = 0 [pid 5392] <... chdir resumed>) = 0 [pid 5007] rmdir("./8/bus" [pid 5392] ioctl(4, LOOP_CLR_FD [pid 5007] <... rmdir resumed>) = 0 [pid 5392] <... ioctl resumed>) = 0 [pid 5392] close(4 [pid 5007] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] <... close resumed>) = 0 [ 81.918179][ T5392] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 81.930357][ T5392] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5392] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5392] <... futex resumed>) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5007] lstat("./8/binderfs", [pid 5392] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5392] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5391] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] unlink("./8/binderfs") = 0 [pid 5392] <... open resumed>) = 4 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5392] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] close(3 [pid 5392] <... futex resumed>) = 1 [pid 5007] <... close resumed>) = 0 [pid 5392] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] rmdir("./8" [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... rmdir resumed>) = 0 [pid 5392] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = 1 [pid 5007] mkdir("./9", 0777 [pid 5392] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5391] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... mkdir resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5413 [pid 5398] <... write resumed>) = 32394836 [ 81.987415][ T26] audit: type=1800 audit(1686875940.426:57): pid=5392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 ./strace-static-x86_64: Process 5413 attached [pid 5398] munmap(0x7fedae557000, 32394836 [pid 5413] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5413] chdir("./9") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5413] <... openat resumed>) = 3 [pid 5391] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] write(3, "1000", 4 [pid 5391] <... futex resumed>) = 0 [pid 5413] <... write resumed>) = 4 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5390] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5413] close(3 [pid 5391] <... mmap resumed>) = 0x7fedb041b000 [pid 5390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... close resumed>) = 0 [pid 5391] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5390] <... futex resumed>) = 0 [pid 5389] exit_group(0 [pid 5413] symlink("/dev/binderfs", "./binderfs" [pid 5411] <... futex resumed>) = ? [pid 5398] <... munmap resumed>) = 0 [pid 5391] <... mprotect resumed>) = 0 [pid 5389] <... exit_group resumed>) = ? [pid 5413] <... symlink resumed>) = 0 [pid 5411] +++ exited with 0 +++ [pid 5398] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5391] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ [pid 5413] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... openat resumed>) = 4 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [pid 5413] <... futex resumed>) = 0 [pid 5398] ioctl(4, LOOP_SET_FD, 3 [pid 5391] <... clone resumed>, parent_tid=[5414], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5414 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5391] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... mmap resumed>) = 0x7fedb6957000 [pid 5391] <... futex resumed>) = 0 [pid 5413] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5391] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5413] <... mprotect resumed>) = 0 [pid 5413] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5415], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5415 [pid 5413] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5415 attached [pid 5415] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5006] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5414 attached [pid 5398] <... ioctl resumed>) = 0 [pid 5006] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5414] set_robust_list(0x7fedb043b9e0, 24 [pid 5398] close(3 [pid 5414] <... set_robust_list resumed>) = 0 [pid 5398] <... close resumed>) = 0 [pid 5006] <... openat resumed>) = 3 [pid 5414] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5398] mkdir("./bus", 0777 [pid 5006] fstat(3, [pid 5415] memfd_create("syzkaller", 0 [pid 5414] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5398] <... mkdir resumed>) = 0 [pid 5415] <... memfd_create resumed>) = 3 [pid 5414] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5414] <... futex resumed>) = 1 [pid 5415] <... mmap resumed>) = 0x7fedae557000 [pid 5391] <... futex resumed>) = 0 [pid 5006] getdents64(3, [pid 5414] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [ 82.084416][ T5398] loop5: detected capacity change from 0 to 63271 [ 82.108485][ T5398] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5006] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5392] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5392] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0) = ? [pid 5414] <... futex resumed>) = ? [pid 5392] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- [pid 5008] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 82.133297][ T5398] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 82.143154][ T5398] F2FS-fs (loop5): invalid crc value [ 82.185039][ T5398] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5008] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5398] <... mount resumed>) = 0 [pid 5398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5398] chdir("./bus") = 0 [pid 5398] ioctl(4, LOOP_CLR_FD) = 0 [pid 5398] close(4) = 0 [pid 5398] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 82.295913][ T5398] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 82.304061][ T5398] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] <... futex resumed>) = 0 [pid 5398] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5398] <... open resumed>) = 4 [pid 5398] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] <... futex resumed>) = 0 [pid 5398] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5397] <... futex resumed>) = 0 [pid 5397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.368949][ T26] audit: type=1800 audit(1686875940.806:58): pid=5398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5398] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5397] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5397] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5397] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5421], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5421 [pid 5397] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5397] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5421 attached [pid 5421] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5421] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5421] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5397] <... futex resumed>) = 0 [pid 5421] <... futex resumed>) = 1 [pid 5421] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... write resumed>) = 32394836 [pid 5401] munmap(0x7fedae557000, 32394836) = 0 [pid 5401] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5401] ioctl(4, LOOP_SET_FD, 3 [pid 5398] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5398] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5397] exit_group(0 [pid 5421] <... futex resumed>) = ? [pid 5398] <... futex resumed>) = ? [pid 5397] <... exit_group resumed>) = ? [pid 5421] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ [pid 5397] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5397, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=42 /* 0.42 s */} --- [pid 5401] <... ioctl resumed>) = 0 [pid 5401] close(3) = 0 [pid 5401] mkdir("./bus", 0777 [pid 5011] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5401] <... mkdir resumed>) = 0 [ 82.611712][ T5401] loop4: detected capacity change from 0 to 63271 [ 82.655969][ T5401] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 82.684248][ T5401] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5401] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 82.727028][ T5401] F2FS-fs (loop4): invalid crc value [pid 5415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5403] <... write resumed>) = 32394836 [pid 5403] munmap(0x7fedae557000, 32394836 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5403] <... munmap resumed>) = 0 [pid 5008] <... umount2 resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5403] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5006] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5403] ioctl(4, LOOP_SET_FD, 3 [pid 5006] <... openat resumed>) = 4 [ 82.776694][ T5401] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5006] fstat(4, [pid 5008] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] getdents64(4, [pid 5008] lstat("./9/bus", [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] close(4 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] <... close resumed>) = 0 [pid 5008] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5006] rmdir("./9/bus") = 0 [pid 5008] <... openat resumed>) = 4 [pid 5006] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] fstat(4, [pid 5006] lstat("./9/binderfs", [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] unlink("./9/binderfs") = 0 [pid 5006] getdents64(3, [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(4 [pid 5006] close(3 [pid 5008] <... close resumed>) = 0 [pid 5006] <... close resumed>) = 0 [pid 5008] rmdir("./9/bus" [pid 5006] rmdir("./9" [pid 5403] <... ioctl resumed>) = 0 [pid 5006] <... rmdir resumed>) = 0 [pid 5006] mkdir("./10", 0777 [pid 5403] close(3 [pid 5006] <... mkdir resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5008] <... rmdir resumed>) = 0 [pid 5403] <... close resumed>) = 0 [pid 5008] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] ioctl(3, LOOP_CLR_FD [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5008] lstat("./9/binderfs", [pid 5006] close(3 [pid 5403] mkdir("./bus", 0777 [pid 5008] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] <... close resumed>) = 0 [pid 5403] <... mkdir resumed>) = 0 [pid 5403] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] unlink("./9/binderfs" [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] <... unlink resumed>) = 0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5425 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3./strace-static-x86_64: Process 5425 attached [ 82.829280][ T5403] loop3: detected capacity change from 0 to 63271 [ 82.859628][ T5403] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) ) = 0 [pid 5425] set_robust_list(0x5555556ed5e0, 24 [pid 5008] rmdir("./9") = 0 [pid 5425] <... set_robust_list resumed>) = 0 [pid 5008] mkdir("./10", 0777 [pid 5425] chdir("./10" [pid 5008] <... mkdir resumed>) = 0 [pid 5425] <... chdir resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5425] setpgid(0, 0 [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5425] <... setpgid resumed>) = 0 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5008] close(3 [pid 5425] <... openat resumed>) = 3 [pid 5425] write(3, "1000", 4 [pid 5008] <... close resumed>) = 0 [pid 5425] <... write resumed>) = 4 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs" [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5426 [pid 5425] <... symlink resumed>) = 0 [pid 5425] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5425] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5427], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5427 [pid 5425] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5426 attached [pid 5426] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5426] chdir("./10") = 0 ./strace-static-x86_64: Process 5427 attached [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL [ 82.875144][ T5403] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5427] set_robust_list(0x7fedb69779e0, 24 [pid 5426] <... prctl resumed>) = 0 [pid 5427] <... set_robust_list resumed>) = 0 [pid 5426] setpgid(0, 0 [pid 5427] memfd_create("syzkaller", 0 [pid 5426] <... setpgid resumed>) = 0 [pid 5427] <... memfd_create resumed>) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5427] <... mmap resumed>) = 0x7fedae557000 [pid 5426] <... openat resumed>) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5426] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5430], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5430 [pid 5426] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5430 attached [pid 5430] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5430] memfd_create("syzkaller", 0) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 82.927324][ T5401] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 82.934421][ T5401] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 82.944594][ T5403] F2FS-fs (loop3): invalid crc value [pid 5401] <... mount resumed>) = 0 [pid 5401] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5401] chdir("./bus") = 0 [pid 5401] ioctl(4, LOOP_CLR_FD) = 0 [pid 5401] close(4) = 0 [pid 5401] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [ 82.978420][ T5403] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5401] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5399] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] <... futex resumed>) = 0 [pid 5401] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5399] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... open resumed>) = 4 [pid 5401] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5401] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [ 83.049283][ T26] audit: type=1800 audit(1686875941.486:59): pid=5401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./9/bus") = 0 [pid 5011] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./9/binderfs") = 0 [pid 5011] getdents64(3, [pid 5399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5399] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] close(3 [pid 5399] <... futex resumed>) = 0 [pid 5399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5011] <... close resumed>) = 0 [pid 5399] <... mmap resumed>) = 0x7fedb041b000 [pid 5399] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5011] rmdir("./9" [pid 5399] <... mprotect resumed>) = 0 [pid 5011] <... rmdir resumed>) = 0 [pid 5399] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] mkdir("./10", 0777 [pid 5399] <... clone resumed>, parent_tid=[5433], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5433 [pid 5011] <... mkdir resumed>) = 0 [pid 5399] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... openat resumed>) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5433 attached ) = -1 ENXIO (No such device or address) [pid 5433] set_robust_list(0x7fedb043b9e0, 24 [pid 5011] close(3 [pid 5433] <... set_robust_list resumed>) = 0 [pid 5011] <... close resumed>) = 0 [pid 5433] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5433] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5433] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5434 [pid 5433] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5434 attached [pid 5434] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5434] chdir("./10") = 0 [pid 5434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5434] setpgid(0, 0) = 0 [pid 5434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5434] write(3, "1000", 4) = 4 [pid 5434] close(3) = 0 [pid 5434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5434] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5434] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5434] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5436], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5436 [pid 5434] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5436 attached [pid 5436] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5436] memfd_create("syzkaller", 0) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5403] <... mount resumed>) = 0 [pid 5403] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5403] chdir("./bus") = 0 [pid 5403] ioctl(4, LOOP_CLR_FD) = 0 [ 83.180081][ T5403] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 83.206625][ T5403] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5403] close(4) = 0 [pid 5403] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5403] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5402] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... open resumed>) = 4 [pid 5403] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5403] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] <... futex resumed>) = 0 [pid 5403] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5402] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5402] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5401] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5402] <... mmap resumed>) = 0x7fedb041b000 [pid 5402] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5401] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] exit_group(0 [pid 5402] <... mprotect resumed>) = 0 [pid 5399] <... exit_group resumed>) = ? [pid 5433] <... futex resumed>) = ? [pid 5402] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5401] <... futex resumed>) = ? [pid 5433] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ [pid 5399] +++ exited with 0 +++ ./strace-static-x86_64: Process 5438 attached [pid 5402] <... clone resumed>, parent_tid=[5438], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5438 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5399, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 5438] set_robust_list(0x7fedb043b9e0, 24 [pid 5402] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... set_robust_list resumed>) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5438] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5402] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5438] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5438] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5438] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5403] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5403] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5402] <... exit_group resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5402, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=43 /* 0.43 s */} --- [pid 5009] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5415] <... write resumed>) = 32394836 [pid 5415] munmap(0x7fedae557000, 32394836) = 0 [pid 5415] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5415] close(3) = 0 [pid 5415] mkdir("./bus", 0777) = 0 [pid 5415] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 83.648672][ T5415] loop1: detected capacity change from 0 to 63271 [ 83.668867][ T5415] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 83.685725][ T5415] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 83.756100][ T5415] F2FS-fs (loop1): invalid crc value [ 83.802656][ T5415] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5427] <... write resumed>) = 32394836 [pid 5427] munmap(0x7fedae557000, 32394836) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5415] <... mount resumed>) = 0 [pid 5427] mkdir("./bus", 0777 [pid 5415] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5427] <... mkdir resumed>) = 0 [pid 5415] <... openat resumed>) = 3 [pid 5415] chdir("./bus" [pid 5427] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5415] <... chdir resumed>) = 0 [ 83.926332][ T5415] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 83.933394][ T5415] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 83.946894][ T5427] loop0: detected capacity change from 0 to 63271 [pid 5415] ioctl(4, LOOP_CLR_FD) = 0 [pid 5415] close(4) = 0 [pid 5415] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5415] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5413] <... futex resumed>) = 0 [pid 5415] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 83.982515][ T5427] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 84.002066][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 84.002078][ T26] audit: type=1800 audit(1686875942.436:61): pid=5415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5413] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] <... open resumed>) = 4 [pid 5415] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5413] <... futex resumed>) = 0 [ 84.027007][ T5427] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5413] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5413] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... openat resumed>) = 4 [pid 5413] <... futex resumed>) = 0 [pid 5010] fstat(4, [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 84.068783][ T5427] F2FS-fs (loop0): invalid crc value [pid 5413] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5413] <... clone resumed>, parent_tid=[5447], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5447 [pid 5413] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] getdents64(4, [pid 5430] <... write resumed>) = 32394836 [pid 5413] <... futex resumed>) = 0 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5413] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] close(4 [pid 5430] munmap(0x7fedae557000, 32394836 [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./9/bus") = 0 ./strace-static-x86_64: Process 5447 attached [pid 5447] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5010] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5447] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5447] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5010] lstat("./9/binderfs", [pid 5447] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./9/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./9") = 0 [pid 5010] mkdir("./10", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5430] <... munmap resumed>) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5448 [ 84.107214][ T5427] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5430] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5448 attached [pid 5448] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5448] chdir("./10") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5448] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5449], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5449 [pid 5430] <... ioctl resumed>) = 0 [pid 5430] close(3) = 0 [pid 5448] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] mkdir("./bus", 0777 [pid 5448] <... futex resumed>) = 0 [pid 5430] <... mkdir resumed>) = 0 [pid 5430] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5449 attached [pid 5449] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5449] memfd_create("syzkaller", 0) = 3 [ 84.153758][ T5430] loop2: detected capacity change from 0 to 63271 [ 84.180745][ T5415] bio_check_eod: 12 callbacks suppressed [ 84.180759][ T5415] syz-executor278: attempt to access beyond end of device [ 84.180759][ T5415] loop1: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5448] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [ 84.189916][ T5430] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5009] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./9/bus") = 0 [pid 5427] <... mount resumed>) = 0 [pid 5009] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5427] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5427] <... openat resumed>) = 3 [pid 5009] lstat("./9/binderfs", [pid 5427] chdir("./bus" [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5427] <... chdir resumed>) = 0 [pid 5009] unlink("./9/binderfs" [pid 5427] ioctl(4, LOOP_CLR_FD [pid 5009] <... unlink resumed>) = 0 [pid 5427] <... ioctl resumed>) = 0 [pid 5009] getdents64(3, [pid 5427] close(4 [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5427] <... close resumed>) = 0 [pid 5009] close(3) = 0 [pid 5427] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] rmdir("./9" [pid 5427] <... futex resumed>) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5009] <... rmdir resumed>) = 0 [pid 5425] <... futex resumed>) = 0 [ 84.246537][ T5427] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 84.255226][ T5427] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 84.274941][ T5415] syz-executor278: attempt to access beyond end of device [ 84.274941][ T5415] loop1: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [pid 5425] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] mkdir("./10", 0777 [pid 5427] <... open resumed>) = 4 [pid 5427] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... mkdir resumed>) = 0 [pid 5427] <... futex resumed>) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5427] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5427] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5425] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5451 ./strace-static-x86_64: Process 5451 attached [pid 5415] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5451] set_robust_list(0x5555556ed5e0, 24 [pid 5415] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5415] <... futex resumed>) = 0 [pid 5413] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5413] <... exit_group resumed>) = ? [pid 5451] chdir("./10" [pid 5447] +++ exited with 0 +++ [pid 5425] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5451] <... chdir resumed>) = 0 [pid 5425] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5425] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5451] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5425] <... mprotect resumed>) = 0 [pid 5415] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ [pid 5451] <... prctl resumed>) = 0 [pid 5425] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [ 84.309522][ T26] audit: type=1800 audit(1686875942.746:62): pid=5427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 84.346947][ T5430] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5451] setpgid(0, 0 [pid 5007] restart_syscall(<... resuming interrupted clone ...> [pid 5451] <... setpgid resumed>) = 0 [pid 5425] <... clone resumed>, parent_tid=[5453], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5453 [pid 5007] <... restart_syscall resumed>) = 0 [pid 5425] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5451] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 5453 attached [pid 5451] close(3 [pid 5453] set_robust_list(0x7fedb043b9e0, 24 [pid 5451] <... close resumed>) = 0 [pid 5453] <... set_robust_list resumed>) = 0 [pid 5451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5451] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5451] <... futex resumed>) = 0 [pid 5453] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5453] <... futex resumed>) = 1 [pid 5453] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] <... mmap resumed>) = 0x7fedb6957000 [pid 5425] <... futex resumed>) = 0 [pid 5451] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5436] <... write resumed>) = 32394836 [pid 5451] <... clone resumed>, parent_tid=[5454], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5454 [pid 5451] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 84.390782][ T5427] syz-executor278: attempt to access beyond end of device [ 84.390782][ T5427] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 84.414170][ T5430] F2FS-fs (loop2): invalid crc value [pid 5436] munmap(0x7fedae557000, 32394836) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5454 attached [pid 5454] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5427] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5427] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0) = ? [pid 5453] <... futex resumed>) = ? [pid 5427] <... futex resumed>) = ? [pid 5453] +++ exited with 0 +++ [pid 5427] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 84.448160][ T5427] syz-executor278: attempt to access beyond end of device [ 84.448160][ T5427] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 84.457324][ T5436] loop5: detected capacity change from 0 to 63271 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5436] <... ioctl resumed>) = 0 [pid 5436] close(3) = 0 [pid 5436] mkdir("./bus", 0777) = 0 [ 84.504206][ T5430] F2FS-fs (loop2): Found nat_bits in checkpoint [ 84.547956][ T5436] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 84.581511][ T5436] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 84.618599][ T5436] F2FS-fs (loop5): invalid crc value [ 84.637842][ T5430] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 84.659711][ T5430] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5436] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5430] <... mount resumed>) = 0 [pid 5430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./bus") = 0 [pid 5430] ioctl(4, LOOP_CLR_FD) = 0 [pid 5430] close(4) = 0 [pid 5430] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [ 84.666469][ T5436] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5430] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5430] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5430] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5426] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5426] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5463], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5463 [pid 5426] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.709169][ T26] audit: type=1800 audit(1686875943.146:63): pid=5430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5426] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5463 attached [pid 5463] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5463] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5436] <... mount resumed>) = 0 [pid 5426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5436] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5436] chdir("./bus") = 0 [pid 5436] ioctl(4, LOOP_CLR_FD) = 0 [pid 5436] close(4) = 0 [pid 5436] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [ 84.774810][ T5436] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 84.794504][ T5436] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5436] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5434] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... open resumed>) = 4 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5463] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5463] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5436] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.864855][ T26] audit: type=1800 audit(1686875943.296:64): pid=5436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5436] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5434] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5434] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5434] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5434] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5465], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5465 [pid 5434] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5465 attached [pid 5465] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5465] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5465] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5434] <... futex resumed>) = 0 [ 84.913730][ T5430] syz-executor278: attempt to access beyond end of device [ 84.913730][ T5430] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5465] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] exit_group(0) = ? [pid 5463] <... futex resumed>) = ? [pid 5463] +++ exited with 0 +++ [ 85.015542][ T5436] syz-executor278: attempt to access beyond end of device [ 85.015542][ T5436] loop5: rw=2049, sector=77824, nr_sectors = 3032 limit=63271 [ 85.042231][ T5430] syz-executor278: attempt to access beyond end of device [ 85.042231][ T5430] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5434] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5434] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5430] <... pwritev2 resumed>) = ? [pid 5430] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5426, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5008] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 85.106741][ T5436] syz-executor278: attempt to access beyond end of device [ 85.106741][ T5436] loop5: rw=2049, sector=80856, nr_sectors = 1064 limit=63271 [pid 5008] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5436] <... pwritev2 resumed>) = ? [pid 5436] +++ exited with 0 +++ [pid 5434] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5434, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./9/bus") = 0 [pid 5007] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./9/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./9") = 0 [pid 5007] mkdir("./10", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5467] chdir("./10") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4 [pid 5006] <... umount2 resumed>) = 0 [pid 5467] <... write resumed>) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs" [pid 5006] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5467] <... symlink resumed>) = 0 [pid 5467] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5467] <... futex resumed>) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5006] lstat("./10/bus", [pid 5467] <... mmap resumed>) = 0x7fedb6957000 [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5467] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5006] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5467] <... mprotect resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5467] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5467] <... clone resumed>, parent_tid=[5468], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5468 [pid 5006] <... openat resumed>) = 4 [pid 5467] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] fstat(4, [pid 5467] <... futex resumed>) = 0 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5467] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./10/bus") = 0 [pid 5006] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./10/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./10"./strace-static-x86_64: Process 5468 attached ) = 0 [pid 5006] mkdir("./11", 0777 [pid 5468] set_robust_list(0x7fedb69779e0, 24 [pid 5006] <... mkdir resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5468] <... set_robust_list resumed>) = 0 [pid 5006] <... openat resumed>) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD [pid 5468] memfd_create("syzkaller", 0 [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5468] <... memfd_create resumed>) = 3 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5469 [pid 5468] <... mmap resumed>) = 0x7fedae557000 ./strace-static-x86_64: Process 5469 attached [pid 5469] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5469] chdir("./11") = 0 [pid 5469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5469] setpgid(0, 0) = 0 [pid 5469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5469] write(3, "1000", 4) = 4 [pid 5469] close(3) = 0 [pid 5469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5469] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5469] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5470], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5470 [pid 5469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5470 attached [pid 5470] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5470] memfd_create("syzkaller", 0) = 3 [pid 5470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5449] <... write resumed>) = 32394836 [pid 5449] munmap(0x7fedae557000, 32394836) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./bus", 0777) = 0 [ 85.570918][ T5449] loop4: detected capacity change from 0 to 63271 [pid 5449] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5454] <... write resumed>) = 32394836 [pid 5454] munmap(0x7fedae557000, 32394836) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./bus", 0777) = 0 [ 85.612135][ T5449] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 85.630331][ T5449] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 85.655981][ T5454] loop3: detected capacity change from 0 to 63271 [ 85.683211][ T5454] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 85.695596][ T5449] F2FS-fs (loop4): invalid crc value [ 85.702682][ T5454] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 85.731851][ T5454] F2FS-fs (loop3): invalid crc value [ 85.743768][ T5449] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5454] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./10/bus") = 0 [pid 5008] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.786625][ T5454] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5008] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./10/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3 [pid 5468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... close resumed>) = 0 [pid 5008] rmdir("./10") = 0 [pid 5008] mkdir("./11", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5479 attached , child_tidptr=0x5555556ed5d0) = 5479 [pid 5479] set_robust_list(0x5555556ed5e0, 24 [pid 5454] <... mount resumed>) = 0 [pid 5479] <... set_robust_list resumed>) = 0 [pid 5454] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5479] chdir("./11" [pid 5454] <... openat resumed>) = 3 [pid 5479] <... chdir resumed>) = 0 [pid 5454] chdir("./bus" [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5454] <... chdir resumed>) = 0 [pid 5479] <... prctl resumed>) = 0 [pid 5479] setpgid(0, 0 [pid 5454] ioctl(4, LOOP_CLR_FD [pid 5479] <... setpgid resumed>) = 0 [pid 5454] <... ioctl resumed>) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5454] close(4 [pid 5479] <... openat resumed>) = 3 [pid 5454] <... close resumed>) = 0 [ 85.863911][ T5454] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 85.871868][ T5454] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 85.896487][ T5449] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 5479] write(3, "1000", 4 [pid 5454] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... write resumed>) = 4 [pid 5454] <... futex resumed>) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5479] close(3 [pid 5454] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... close resumed>) = 0 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs" [pid 5454] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5451] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... symlink resumed>) = 0 [pid 5479] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5454] <... open resumed>) = 4 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5454] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... mmap resumed>) = 0x7fedb6957000 [pid 5454] <... futex resumed>) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5479] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5454] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5451] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... mprotect resumed>) = 0 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5451] <... futex resumed>) = 0 [pid 5479] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5454] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5451] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] <... clone resumed>, parent_tid=[5480], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5480 [pid 5479] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] <... mount resumed>) = 0 [pid 5449] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5480 attached [pid 5480] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5480] memfd_create("syzkaller", 0 [pid 5449] <... openat resumed>) = 3 [pid 5449] chdir("./bus" [pid 5480] <... memfd_create resumed>) = 3 [pid 5480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5449] <... chdir resumed>) = 0 [pid 5449] ioctl(4, LOOP_CLR_FD) = 0 [pid 5449] close(4) = 0 [pid 5449] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [pid 5449] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5449] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... futex resumed>) = 1 [ 85.913547][ T5449] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 85.930339][ T26] audit: type=1800 audit(1686875944.366:65): pid=5454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5449] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5451] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5451] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5451] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5451] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5481], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5481 [pid 5451] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5451] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5481] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5448] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5448] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5482], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5482 [pid 5448] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5482 attached [pid 5482] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 86.009046][ T26] audit: type=1800 audit(1686875944.426:66): pid=5449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5482] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5481] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5481] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5451] <... futex resumed>) = 0 [pid 5481] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5482] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5482] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.109659][ T5454] syz-executor278: attempt to access beyond end of device [ 86.109659][ T5454] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 86.143613][ T5449] syz-executor278: attempt to access beyond end of device [ 86.143613][ T5449] loop4: rw=2049, sector=77824, nr_sectors = 2104 limit=63271 [pid 5482] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./10/bus") = 0 [pid 5011] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./10/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./10") = 0 [pid 5011] mkdir("./11", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5483 ./strace-static-x86_64: Process 5483 attached [pid 5483] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5483] chdir("./11") = 0 [pid 5483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5483] setpgid(0, 0) = 0 [pid 5483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5483] write(3, "1000", 4) = 4 [pid 5483] close(3) = 0 [pid 5483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5454] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5483] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5454] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5451] exit_group(0 [pid 5483] <... mprotect resumed>) = 0 [pid 5481] <... futex resumed>) = ? [pid 5454] <... futex resumed>) = ? [pid 5451] <... exit_group resumed>) = ? [pid 5483] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5481] +++ exited with 0 +++ [pid 5454] +++ exited with 0 +++ [pid 5451] +++ exited with 0 +++ [pid 5483] <... clone resumed>, parent_tid=[5484], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5484 [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5451, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 5483] <... futex resumed>) = 0 [pid 5009] <... restart_syscall resumed>) = 0 [pid 5483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5009] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5484 attached [pid 5484] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5484] memfd_create("syzkaller", 0) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5449] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5449] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] exit_group(0 [pid 5482] <... futex resumed>) = ? [pid 5448] <... exit_group resumed>) = ? [pid 5482] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=34 /* 0.34 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5468] <... write resumed>) = 32394836 [pid 5010] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5468] munmap(0x7fedae557000, 32394836) = 0 [pid 5468] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5468] close(3) = 0 [pid 5468] mkdir("./bus", 0777) = 0 [ 86.410485][ T5468] loop1: detected capacity change from 0 to 63271 [ 86.441059][ T5468] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5468] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 86.478805][ T5468] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 86.582398][ T5468] F2FS-fs (loop1): invalid crc value [ 86.624372][ T5468] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5470] <... write resumed>) = 32394836 [pid 5470] munmap(0x7fedae557000, 32394836) = 0 [pid 5470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5470] close(3) = 0 [pid 5470] mkdir("./bus", 0777) = 0 [ 86.729310][ T5470] loop0: detected capacity change from 0 to 63271 [ 86.756236][ T5470] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 86.764879][ T5470] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5470] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 86.795919][ T5468] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 86.797264][ T5470] F2FS-fs (loop0): invalid crc value [ 86.802968][ T5468] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5468] <... mount resumed>) = 0 [pid 5468] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5468] chdir("./bus") = 0 [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [pid 5468] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5468] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 1 [ 86.858583][ T5470] F2FS-fs (loop0): Found nat_bits in checkpoint [ 86.879777][ T26] audit: type=1800 audit(1686875945.316:67): pid=5468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5468] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5009] <... umount2 resumed>) = 0 [pid 5467] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5467] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5467] <... futex resumed>) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5467] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5467] <... mprotect resumed>) = 0 [pid 5467] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] lstat("./10/bus", [pid 5467] <... clone resumed>, parent_tid=[5493], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5493 [pid 5467] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5493 attached [pid 5493] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5493] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./10/bus") = 0 [pid 5470] <... mount resumed>) = 0 [pid 5470] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5009] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5470] <... openat resumed>) = 3 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5470] chdir("./bus" [pid 5009] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5470] <... chdir resumed>) = 0 [pid 5493] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5470] ioctl(4, LOOP_CLR_FD [pid 5010] <... umount2 resumed>) = 0 [pid 5009] unlink("./10/binderfs" [pid 5493] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5470] <... ioctl resumed>) = 0 [pid 5467] <... futex resumed>) = 0 [pid 5010] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... unlink resumed>) = 0 [pid 5493] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5470] close(4 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 86.965977][ T5470] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 86.973045][ T5470] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5009] getdents64(3, [pid 5010] lstat("./10/bus", [pid 5470] <... close resumed>) = 0 [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5470] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5470] <... futex resumed>) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5010] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] close(3 [pid 5470] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] <... close resumed>) = 0 [pid 5469] <... futex resumed>) = 0 [pid 5469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] rmdir("./10" [pid 5010] <... openat resumed>) = 4 [pid 5010] fstat(4, [pid 5009] <... rmdir resumed>) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] mkdir("./11", 0777 [pid 5470] <... open resumed>) = 4 [pid 5010] getdents64(4, [pid 5009] <... mkdir resumed>) = 0 [pid 5470] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./10/bus") = 0 [pid 5470] <... futex resumed>) = 1 [pid 5469] <... futex resumed>) = 0 [pid 5470] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5010] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] <... openat resumed>) = 3 [pid 5010] lstat("./10/binderfs", [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5010] unlink("./10/binderfs" [pid 5009] close(3 [pid 5010] <... unlink resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5010] getdents64(3, [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5494 [pid 5010] rmdir("./10") = 0 [pid 5010] mkdir("./11", 0777./strace-static-x86_64: Process 5494 attached ) = 0 [pid 5494] set_robust_list(0x5555556ed5e0, 24 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5494] <... set_robust_list resumed>) = 0 [ 87.031510][ T26] audit: type=1800 audit(1686875945.466:68): pid=5470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5010] <... openat resumed>) = 3 [pid 5494] chdir("./11") = 0 [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5494] <... prctl resumed>) = 0 [pid 5010] close(3 [pid 5494] setpgid(0, 0 [pid 5010] <... close resumed>) = 0 [pid 5494] <... setpgid resumed>) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5495 [pid 5494] write(3, "1000", 4) = 4 [pid 5494] close(3) = 0 [pid 5494] symlink("/dev/binderfs", "./binderfs" [pid 5469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5495 attached [pid 5494] <... symlink resumed>) = 0 [pid 5469] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5495] set_robust_list(0x5555556ed5e0, 24 [pid 5494] <... futex resumed>) = 0 [pid 5469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5495] <... set_robust_list resumed>) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5469] <... mmap resumed>) = 0x7fedb041b000 [pid 5468] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5495] chdir("./11" [pid 5494] <... mmap resumed>) = 0x7fedb6957000 [pid 5469] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5495] <... chdir resumed>) = 0 [pid 5494] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5469] <... mprotect resumed>) = 0 [pid 5468] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5494] <... mprotect resumed>) = 0 [pid 5469] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5468] <... futex resumed>) = 0 [pid 5467] exit_group(0 [pid 5495] <... prctl resumed>) = 0 [pid 5494] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5493] <... futex resumed>) = ? [pid 5467] <... exit_group resumed>) = ? [pid 5495] setpgid(0, 0 [pid 5493] +++ exited with 0 +++ [pid 5469] <... clone resumed>, parent_tid=[5496], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5496 [pid 5468] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ ./strace-static-x86_64: Process 5497 attached ./strace-static-x86_64: Process 5496 attached [pid 5495] <... setpgid resumed>) = 0 [pid 5494] <... clone resumed>, parent_tid=[5497], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5497 [pid 5469] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=40 /* 0.40 s */} --- [pid 5497] set_robust_list(0x7fedb69779e0, 24 [pid 5496] set_robust_list(0x7fedb043b9e0, 24 [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5494] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = 0 [pid 5497] <... set_robust_list resumed>) = 0 [pid 5496] <... set_robust_list resumed>) = 0 [pid 5495] <... openat resumed>) = 3 [pid 5494] <... futex resumed>) = 0 [pid 5469] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] memfd_create("syzkaller", 0 [pid 5496] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5495] write(3, "1000", 4 [pid 5494] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5007] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5497] <... memfd_create resumed>) = 3 [pid 5496] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5495] <... write resumed>) = 4 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5496] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] close(3 [pid 5007] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5497] <... mmap resumed>) = 0x7fedae557000 [pid 5496] <... futex resumed>) = 1 [pid 5495] <... close resumed>) = 0 [pid 5469] <... futex resumed>) = 0 [pid 5496] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5495] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5495] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5498], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5498 [pid 5495] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5498 attached [pid 5498] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5498] memfd_create("syzkaller", 0) = 3 [pid 5498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5470] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5470] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5469] exit_group(0) = ? [pid 5496] <... futex resumed>) = ? [pid 5470] <... futex resumed>) = ? [pid 5496] +++ exited with 0 +++ [pid 5470] +++ exited with 0 +++ [pid 5469] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5469, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=40 /* 0.40 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5480] <... write resumed>) = 32394836 [pid 5480] munmap(0x7fedae557000, 32394836) = 0 [pid 5480] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5480] close(3) = 0 [pid 5480] mkdir("./bus", 0777) = 0 [ 87.283970][ T5480] loop2: detected capacity change from 0 to 63271 [ 87.324913][ T5480] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 87.350270][ T5480] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 87.462294][ T5480] F2FS-fs (loop2): invalid crc value [ 87.499090][ T5480] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5480] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5484] <... write resumed>) = 32394836 [pid 5484] munmap(0x7fedae557000, 32394836) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./bus", 0777) = 0 [pid 5484] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 87.615594][ T5484] loop5: detected capacity change from 0 to 63271 [ 87.647539][ T5484] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 87.656828][ T5480] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 5498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5480] <... mount resumed>) = 0 [pid 5480] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5480] chdir("./bus") = 0 [pid 5480] ioctl(4, LOOP_CLR_FD) = 0 [pid 5480] close(4) = 0 [pid 5480] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5479] <... futex resumed>) = 1 [pid 5480] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 87.663880][ T5480] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 87.677473][ T5484] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5479] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... open resumed>) = 4 [pid 5480] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5480] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5479] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5007] lstat("./10/bus", [pid 5479] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5479] <... mmap resumed>) = 0x7fedb041b000 [pid 5479] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5007] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5479] <... mprotect resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5479] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5479] <... clone resumed>, parent_tid=[5504], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5504 [pid 5007] <... openat resumed>) = 4 [ 87.710913][ T26] audit: type=1800 audit(1686875946.146:69): pid=5480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 87.750515][ T5484] F2FS-fs (loop5): invalid crc value [pid 5479] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] fstat(4, [pid 5479] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, ./strace-static-x86_64: Process 5504 attached 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5504] set_robust_list(0x7fedb043b9e0, 24 [pid 5007] getdents64(4, [pid 5504] <... set_robust_list resumed>) = 0 [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4 [pid 5504] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5007] <... close resumed>) = 0 [pid 5007] rmdir("./10/bus") = 0 [pid 5504] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5007] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5504] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5504] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./10/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./10") = 0 [pid 5007] mkdir("./11", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5507 ./strace-static-x86_64: Process 5507 attached [pid 5507] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5507] chdir("./11") = 0 [pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5507] setpgid(0, 0) = 0 [pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5507] write(3, "1000", 4) = 4 [pid 5507] close(3) = 0 [pid 5507] symlink("/dev/binderfs", "./binderfs") = 0 [ 87.814837][ T5484] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5507] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5507] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5508], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5508 [pid 5507] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5508 attached [pid 5508] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5508] memfd_create("syzkaller", 0 [pid 5480] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5508] <... memfd_create resumed>) = 3 [pid 5480] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5480] <... futex resumed>) = 0 [pid 5508] <... mmap resumed>) = 0x7fedae557000 [pid 5480] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] exit_group(0 [pid 5504] <... futex resumed>) = ? [pid 5480] <... futex resumed>) = ? [pid 5479] <... exit_group resumed>) = ? [pid 5504] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ [pid 5479] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=36 /* 0.36 s */} --- [pid 5008] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./11/bus") = 0 [pid 5006] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5484] <... mount resumed>) = 0 [pid 5006] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5484] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] unlink("./11/binderfs" [pid 5484] chdir("./bus" [pid 5006] <... unlink resumed>) = 0 [pid 5484] <... chdir resumed>) = 0 [pid 5006] getdents64(3, [pid 5484] ioctl(4, LOOP_CLR_FD [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5484] <... ioctl resumed>) = 0 [pid 5006] close(3 [pid 5484] close(4 [pid 5006] <... close resumed>) = 0 [pid 5484] <... close resumed>) = 0 [pid 5006] rmdir("./11" [pid 5484] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... rmdir resumed>) = 0 [pid 5484] <... futex resumed>) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5006] mkdir("./12", 0777 [pid 5483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.943477][ T5484] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 87.964976][ T5484] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5484] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5006] <... mkdir resumed>) = 0 [pid 5484] <... open resumed>) = 4 [pid 5484] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5484] <... futex resumed>) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5484] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... openat resumed>) = 3 [pid 5484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5483] <... futex resumed>) = 0 [pid 5006] ioctl(3, LOOP_CLR_FD [pid 5484] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5510 ./strace-static-x86_64: Process 5510 attached [pid 5510] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5510] chdir("./12") = 0 [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5510] setpgid(0, 0) = 0 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5510] write(3, "1000", 4) = 4 [pid 5510] close(3) = 0 [pid 5510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5510] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5510] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5510] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5511], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5511 [pid 5510] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.026147][ T26] audit: type=1800 audit(1686875946.466:70): pid=5484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5510] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5511 attached [pid 5511] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5511] memfd_create("syzkaller", 0) = 3 [pid 5511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5483] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5483] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5512], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5512 [pid 5483] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5512 attached [pid 5512] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5512] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5512] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5512] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5484] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5484] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5484] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] exit_group(0 [pid 5512] <... futex resumed>) = ? [pid 5484] <... futex resumed>) = ? [pid 5483] <... exit_group resumed>) = ? [pid 5512] +++ exited with 0 +++ [pid 5484] +++ exited with 0 +++ [pid 5483] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5483, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5497] <... write resumed>) = 32394836 [pid 5497] munmap(0x7fedae557000, 32394836) = 0 [pid 5497] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5498] <... write resumed>) = 32394836 [pid 5497] ioctl(4, LOOP_SET_FD, 3 [pid 5498] munmap(0x7fedae557000, 32394836 [pid 5497] <... ioctl resumed>) = 0 [pid 5497] close(3) = 0 [pid 5497] mkdir("./bus", 0777) = 0 [pid 5497] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5498] <... munmap resumed>) = 0 [pid 5498] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 88.363480][ T5497] loop3: detected capacity change from 0 to 63271 [ 88.389325][ T5497] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 88.402209][ T5498] loop4: detected capacity change from 0 to 63271 [pid 5498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5498] close(3) = 0 [pid 5498] mkdir("./bus", 0777) = 0 [ 88.415712][ T5497] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 88.431123][ T5498] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5498] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 88.456661][ T5498] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 88.551147][ T5497] F2FS-fs (loop3): invalid crc value [ 88.551701][ T5498] F2FS-fs (loop4): invalid crc value [ 88.577333][ T5497] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.602169][ T5498] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5008] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./11/bus") = 0 [pid 5008] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./11/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./11") = 0 [pid 5008] mkdir("./12", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5519 ./strace-static-x86_64: Process 5519 attached [pid 5519] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5519] chdir("./12") = 0 [pid 5519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5519] setpgid(0, 0) = 0 [pid 5519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5519] write(3, "1000", 4) = 4 [pid 5519] close(3) = 0 [pid 5519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5519] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5519] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5519] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5520], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5520 [pid 5519] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5520 attached [pid 5520] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5520] memfd_create("syzkaller", 0) = 3 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5498] <... mount resumed>) = 0 [pid 5498] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5498] chdir("./bus") = 0 [pid 5498] ioctl(4, LOOP_CLR_FD) = 0 [pid 5498] close(4) = 0 [pid 5498] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5498] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5495] <... futex resumed>) = 0 [pid 5498] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 88.710066][ T5498] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 88.726015][ T5497] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 88.733364][ T5498] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 88.741173][ T5497] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5495] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5498] <... open resumed>) = 4 [pid 5498] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... mount resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5498] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5497] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5495] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5497] <... openat resumed>) = 3 [pid 5495] <... futex resumed>) = 0 [pid 5498] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5497] chdir("./bus") = 0 [pid 5495] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] ioctl(4, LOOP_CLR_FD) = 0 [pid 5497] close(4) = 0 [pid 5497] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5497] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5494] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5497] <... open resumed>) = 4 [pid 5497] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5497] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5497] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5494] <... futex resumed>) = 0 [pid 5497] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5494] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5495] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5495] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5494] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... mprotect resumed>) = 0 [pid 5494] <... futex resumed>) = 0 [pid 5494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5495] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5494] <... mmap resumed>) = 0x7fedb041b000 [pid 5494] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] <... clone resumed>, parent_tid=[5523], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5523 [pid 5494] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5495] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5494] <... clone resumed>, parent_tid=[5524], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5524 [pid 5495] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5494] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5523 attached [pid 5494] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5523] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) ./strace-static-x86_64: Process 5524 attached [pid 5523] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5524] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5495] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5523] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5524] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5494] <... futex resumed>) = 0 [pid 5524] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./11/bus") = 0 [pid 5011] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./11/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./11") = 0 [pid 5011] mkdir("./12", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5525 ./strace-static-x86_64: Process 5525 attached [pid 5525] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5525] chdir("./12") = 0 [pid 5525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5525] setpgid(0, 0) = 0 [pid 5525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5525] write(3, "1000", 4) = 4 [pid 5525] close(3) = 0 [pid 5525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5525] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5525] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5525] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5526], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5526 [pid 5525] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5526 attached [pid 5526] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5526] memfd_create("syzkaller", 0) = 3 [pid 5526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5498] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5498] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] exit_group(0 [pid 5523] <... futex resumed>) = ? [pid 5498] <... futex resumed>) = ? [pid 5495] <... exit_group resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5498] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5495, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5508] <... write resumed>) = 32394836 [pid 5508] munmap(0x7fedae557000, 32394836 [pid 5010] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5497] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5497] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5497] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5494] exit_group(0 [pid 5524] <... futex resumed>) = ? [pid 5497] <... futex resumed>) = ? [pid 5494] <... exit_group resumed>) = ? [pid 5524] +++ exited with 0 +++ [pid 5497] +++ exited with 0 +++ [pid 5494] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5494, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [pid 5009] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5508] <... munmap resumed>) = 0 [pid 5508] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5508] close(3) = 0 [pid 5508] mkdir("./bus", 0777) = 0 [ 89.098770][ T5508] loop1: detected capacity change from 0 to 63271 [ 89.125739][ T5508] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 89.139763][ T5508] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 89.179983][ T5508] F2FS-fs (loop1): invalid crc value [ 89.219992][ T5508] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5508] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5508] <... mount resumed>) = 0 [pid 5508] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5508] chdir("./bus") = 0 [pid 5508] ioctl(4, LOOP_CLR_FD) = 0 [pid 5508] close(4) = 0 [pid 5508] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.333452][ T5508] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 89.352918][ T5508] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5508] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5508] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... write resumed>) = 32394836 [ 89.401242][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 89.401253][ T26] audit: type=1800 audit(1686875947.836:73): pid=5508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5511] munmap(0x7fedae557000, 32394836) = 0 [pid 5511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5511] ioctl(4, LOOP_SET_FD, 3 [pid 5507] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5507] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5507] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5531], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5531 [pid 5507] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5531 attached [pid 5531] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5531] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5531] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5531] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5511] <... ioctl resumed>) = 0 [pid 5511] close(3) = 0 [pid 5511] mkdir("./bus", 0777) = 0 [ 89.493637][ T5511] loop0: detected capacity change from 0 to 63271 [ 89.537225][ T5511] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 89.539288][ T5508] bio_check_eod: 14 callbacks suppressed [ 89.539299][ T5508] syz-executor278: attempt to access beyond end of device [ 89.539299][ T5508] loop1: rw=2049, sector=77824, nr_sectors = 3504 limit=63271 [ 89.565715][ T5511] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 89.577650][ T5511] F2FS-fs (loop0): invalid crc value [pid 5511] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [ 89.621595][ T5511] F2FS-fs (loop0): Found nat_bits in checkpoint [ 89.644738][ T5508] syz-executor278: attempt to access beyond end of device [ 89.644738][ T5508] loop1: rw=2049, sector=81328, nr_sectors = 592 limit=63271 [pid 5009] rmdir("./11/bus") = 0 [pid 5009] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./11/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./11") = 0 [pid 5009] mkdir("./12", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5535 ./strace-static-x86_64: Process 5535 attached [pid 5535] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5535] chdir("./12") = 0 [pid 5508] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5508] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... prctl resumed>) = 0 [pid 5508] <... futex resumed>) = 0 [pid 5535] setpgid(0, 0 [pid 5508] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] exit_group(0 [pid 5535] <... setpgid resumed>) = 0 [pid 5507] <... exit_group resumed>) = ? [pid 5531] <... futex resumed>) = ? [pid 5508] <... futex resumed>) = ? [pid 5535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5531] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ [pid 5507] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5507, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 5535] <... openat resumed>) = 3 [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5535] write(3, "1000", 4 [pid 5007] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5535] <... write resumed>) = 4 [pid 5535] close(3) = 0 [pid 5535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5535] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5535] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5537], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5537 [pid 5535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5537 attached [pid 5537] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5537] memfd_create("syzkaller", 0) = 3 [pid 5537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5511] <... mount resumed>) = 0 [pid 5010] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5511] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5511] chdir("./bus") = 0 [ 89.770281][ T5511] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 89.783155][ T5511] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5511] ioctl(4, LOOP_CLR_FD) = 0 [pid 5010] <... openat resumed>) = 4 [pid 5511] close(4) = 0 [pid 5511] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] <... futex resumed>) = 0 [pid 5511] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5510] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5511] <... open resumed>) = 4 [pid 5010] getdents64(4, [pid 5511] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5510] <... futex resumed>) = 1 [pid 5010] getdents64(4, [pid 5510] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5511] <... futex resumed>) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./11/bus" [pid 5511] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5010] <... rmdir resumed>) = 0 [pid 5010] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./11/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./11") = 0 [pid 5010] mkdir("./12", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5538 ./strace-static-x86_64: Process 5538 attached [ 89.846237][ T26] audit: type=1800 audit(1686875948.286:74): pid=5511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5538] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5538] chdir("./12") = 0 [pid 5538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5538] setpgid(0, 0) = 0 [pid 5510] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5510] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... openat resumed>) = 3 [pid 5510] <... futex resumed>) = 0 [pid 5538] write(3, "1000", 4 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5538] <... write resumed>) = 4 [pid 5510] <... mmap resumed>) = 0x7fedb041b000 [pid 5538] close(3 [pid 5510] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5538] <... close resumed>) = 0 [pid 5510] <... mprotect resumed>) = 0 [pid 5538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5510] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5538] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5539 attached ) = 0 [pid 5510] <... clone resumed>, parent_tid=[5539], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5539 [pid 5539] set_robust_list(0x7fedb043b9e0, 24 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5510] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... set_robust_list resumed>) = 0 [pid 5538] <... mmap resumed>) = 0x7fedb6957000 [pid 5510] <... futex resumed>) = 0 [pid 5539] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5538] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5510] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] <... mprotect resumed>) = 0 [pid 5538] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5540], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5540 [pid 5538] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5540 attached [pid 5540] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5540] memfd_create("syzkaller", 0) = 3 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5539] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5539] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5539] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5520] <... write resumed>) = 32394836 [ 90.024364][ T5511] syz-executor278: attempt to access beyond end of device [ 90.024364][ T5511] loop0: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5520] munmap(0x7fedae557000, 32394836) = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5520] close(3) = 0 [pid 5520] mkdir("./bus", 0777) = 0 [pid 5520] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 90.110669][ T5520] loop2: detected capacity change from 0 to 63271 [ 90.115001][ T5511] syz-executor278: attempt to access beyond end of device [ 90.115001][ T5511] loop0: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [ 90.142742][ T5520] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5511] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5511] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] exit_group(0 [pid 5539] <... futex resumed>) = ? [pid 5510] <... exit_group resumed>) = ? [pid 5511] <... futex resumed>) = ? [pid 5539] +++ exited with 0 +++ [pid 5511] +++ exited with 0 +++ [pid 5510] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5510, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- [pid 5006] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 90.176765][ T5520] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 90.246273][ T5520] F2FS-fs (loop2): invalid crc value [ 90.276790][ T5520] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5006] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] <... write resumed>) = 32394836 [pid 5526] munmap(0x7fedae557000, 32394836 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5526] <... munmap resumed>) = 0 [pid 5526] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5520] <... mount resumed>) = 0 [pid 5520] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5520] chdir("./bus") = 0 [pid 5520] ioctl(4, LOOP_CLR_FD) = 0 [pid 5520] close(4) = 0 [ 90.393048][ T5520] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 90.416591][ T5520] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 90.436405][ T5526] loop5: detected capacity change from 0 to 63271 [pid 5520] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] <... futex resumed>) = 0 [pid 5520] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5519] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... open resumed>) = 4 [pid 5520] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] close(3 [pid 5520] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] <... futex resumed>) = 0 [pid 5526] <... close resumed>) = 0 [pid 5520] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5519] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] mkdir("./bus", 0777) = 0 [ 90.488973][ T26] audit: type=1800 audit(1686875948.926:75): pid=5520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 90.507951][ T5526] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5526] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5519] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5519] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5519] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5545], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5545 [pid 5519] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5545 attached [pid 5545] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 90.532389][ T5526] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5545] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5007] <... umount2 resumed>) = 0 [pid 5545] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5545] <... futex resumed>) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5545] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./11/bus") = 0 [pid 5007] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./11/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./11") = 0 [pid 5007] mkdir("./12", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5546 ./strace-static-x86_64: Process 5546 attached [pid 5546] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5546] chdir("./12") = 0 [pid 5546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5546] setpgid(0, 0) = 0 [pid 5546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5546] write(3, "1000", 4) = 4 [pid 5546] close(3) = 0 [pid 5546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5546] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5546] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5546] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5549], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5549 [pid 5546] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5549 attached [pid 5549] set_robust_list(0x7fedb69779e0, 24) = 0 [ 90.611501][ T5520] syz-executor278: attempt to access beyond end of device [ 90.611501][ T5520] loop2: rw=2049, sector=77824, nr_sectors = 2488 limit=63271 [ 90.637548][ T5526] F2FS-fs (loop5): invalid crc value [pid 5549] memfd_create("syzkaller", 0) = 3 [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 90.668892][ T5526] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5537] <... write resumed>) = 32394836 [pid 5537] munmap(0x7fedae557000, 32394836) = 0 [pid 5537] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5537] close(3) = 0 [ 90.742418][ T5520] syz-executor278: attempt to access beyond end of device [ 90.742418][ T5520] loop2: rw=2049, sector=80312, nr_sectors = 1608 limit=63271 [ 90.780528][ T5537] loop3: detected capacity change from 0 to 63271 [pid 5537] mkdir("./bus", 0777) = 0 [pid 5537] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5520] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5520] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5520] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5526] <... mount resumed>) = 0 [pid 5519] exit_group(0) = ? [pid 5545] <... futex resumed>) = ? [pid 5545] +++ exited with 0 +++ [pid 5520] <... futex resumed>) = ? [pid 5520] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5519, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5526] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5008] <... openat resumed>) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5526] <... openat resumed>) = 3 [pid 5526] chdir("./bus") = 0 [pid 5526] ioctl(4, LOOP_CLR_FD) = 0 [pid 5526] close(4) = 0 [pid 5526] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5525] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.796001][ T5526] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 90.803180][ T5526] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 90.814556][ T5537] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5525] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] <... futex resumed>) = 1 [pid 5526] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5526] <... open resumed>) = 4 [pid 5526] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5526] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5525] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.844103][ T5537] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 90.858595][ T26] audit: type=1800 audit(1686875949.296:76): pid=5526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5525] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5525] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5525] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5525] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5553], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5553 [pid 5525] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5553 attached [ 90.905243][ T5537] F2FS-fs (loop3): invalid crc value [pid 5553] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5553] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5553] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = 0 [pid 5553] <... futex resumed>) = 1 [ 90.966629][ T5537] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5553] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5540] <... write resumed>) = 32394836 [pid 5540] munmap(0x7fedae557000, 32394836 [pid 5006] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./12/bus") = 0 [pid 5006] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./12/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./12" [pid 5540] <... munmap resumed>) = 0 [pid 5006] <... rmdir resumed>) = 0 [pid 5006] mkdir("./13", 0777 [pid 5540] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5006] <... mkdir resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 5540] <... openat resumed>) = 4 [ 91.030078][ T5526] syz-executor278: attempt to access beyond end of device [ 91.030078][ T5526] loop5: rw=2049, sector=77824, nr_sectors = 3240 limit=63271 [pid 5540] ioctl(4, LOOP_SET_FD, 3 [pid 5006] <... close resumed>) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5556 ./strace-static-x86_64: Process 5556 attached [pid 5556] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5556] chdir("./13") = 0 [pid 5556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5556] setpgid(0, 0) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5556] write(3, "1000", 4) = 4 [pid 5556] close(3 [pid 5540] <... ioctl resumed>) = 0 [pid 5556] <... close resumed>) = 0 [pid 5540] close(3 [pid 5556] symlink("/dev/binderfs", "./binderfs" [pid 5540] <... close resumed>) = 0 [pid 5556] <... symlink resumed>) = 0 [pid 5540] mkdir("./bus", 0777 [pid 5556] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... mkdir resumed>) = 0 [pid 5556] <... futex resumed>) = 0 [ 91.074232][ T5540] loop4: detected capacity change from 0 to 63271 [ 91.101900][ T5537] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 91.102146][ T5526] syz-executor278: attempt to access beyond end of device [ 91.102146][ T5526] loop5: rw=2049, sector=81064, nr_sectors = 856 limit=63271 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5540] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5556] <... mmap resumed>) = 0x7fedb6957000 [pid 5556] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5558], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5558 [pid 5556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5558 attached [pid 5558] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5558] memfd_create("syzkaller", 0) = 3 [pid 5558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5537] <... mount resumed>) = 0 [pid 5537] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5537] chdir("./bus") = 0 [pid 5537] ioctl(4, LOOP_CLR_FD) = 0 [pid 5537] close(4 [pid 5525] exit_group(0 [pid 5553] <... futex resumed>) = ? [pid 5525] <... exit_group resumed>) = ? [pid 5553] +++ exited with 0 +++ [pid 5537] <... close resumed>) = 0 [pid 5537] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5535] <... futex resumed>) = 0 [ 91.124195][ T5537] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 91.132906][ T5540] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... open resumed>) = 4 [pid 5537] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5537] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] <... futex resumed>) = 0 [pid 5537] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] <... pwritev2 resumed>) = ? [pid 5526] +++ exited with 0 +++ [pid 5525] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5525, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=47 /* 0.47 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 91.159519][ T26] audit: type=1800 audit(1686875949.596:77): pid=5537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 91.196349][ T5540] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 91.218776][ T5540] F2FS-fs (loop4): invalid crc value [pid 5011] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5535] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5535] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5535] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5562], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5562 [pid 5535] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5562] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [ 91.241943][ T5540] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5562] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5562] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... mount resumed>) = 0 [pid 5540] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./bus") = 0 [pid 5540] ioctl(4, LOOP_CLR_FD) = 0 [pid 5540] close(4) = 0 [pid 5540] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... futex resumed>) = 0 [pid 5538] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5538] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 91.336345][ T5540] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 91.355985][ T5540] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 91.360689][ T5537] syz-executor278: attempt to access beyond end of device [ 91.360689][ T5537] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5540] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5540] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [pid 5540] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5538] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.389748][ T26] audit: type=1800 audit(1686875949.826:78): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5538] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5538] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5538] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5538] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5564], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5564 [pid 5538] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5538] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5564 attached [pid 5564] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5564] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5564] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] <... futex resumed>) = 0 [ 91.481211][ T5537] syz-executor278: attempt to access beyond end of device [ 91.481211][ T5537] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5564] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5537] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5535] exit_group(0 [pid 5562] <... futex resumed>) = ? [pid 5537] <... futex resumed>) = ? [pid 5535] <... exit_group resumed>) = ? [pid 5562] +++ exited with 0 +++ [pid 5537] +++ exited with 0 +++ [pid 5535] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5535, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=41 /* 0.41 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5540] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5009] fstat(3, [pid 5540] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5538] exit_group(0 [pid 5009] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5538] <... exit_group resumed>) = ? [pid 5564] <... futex resumed>) = ? [pid 5540] <... futex resumed>) = ? [pid 5564] +++ exited with 0 +++ [pid 5540] +++ exited with 0 +++ [pid 5008] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5538] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5538, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./12/bus" [pid 5010] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] <... rmdir resumed>) = 0 [pid 5008] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./12/binderfs") = 0 [pid 5008] getdents64(3, [pid 5010] <... openat resumed>) = 3 [pid 5010] fstat(3, [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./12") = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] mkdir("./13", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5565 [pid 5558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 5565 attached [pid 5565] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5565] chdir("./13") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5565] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5566], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5566 [pid 5565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5566 attached [pid 5566] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5566] memfd_create("syzkaller", 0) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5549] <... write resumed>) = 32394836 [pid 5549] munmap(0x7fedae557000, 32394836 [pid 5011] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./12/bus") = 0 [pid 5011] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./12/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./12" [pid 5549] <... munmap resumed>) = 0 [pid 5011] <... rmdir resumed>) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5011] mkdir("./13", 0777 [pid 5549] <... openat resumed>) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3 [pid 5011] <... mkdir resumed>) = 0 [pid 5549] <... ioctl resumed>) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5567 [pid 5549] close(3) = 0 [pid 5549] mkdir("./bus", 0777) = 0 [pid 5549] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5567 attached [pid 5567] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5567] chdir("./13") = 0 [pid 5567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5567] setpgid(0, 0) = 0 [pid 5567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5567] write(3, "1000", 4) = 4 [pid 5567] close(3) = 0 [pid 5567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5567] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5567] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [ 91.937301][ T5549] loop1: detected capacity change from 0 to 63271 [ 91.962601][ T5549] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5567] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5568], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5568 [pid 5567] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5567] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5568 attached [pid 5568] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5568] memfd_create("syzkaller", 0) = 3 [pid 5568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 91.993639][ T5549] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 92.034421][ T5549] F2FS-fs (loop1): invalid crc value [ 92.081452][ T5549] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5549] <... mount resumed>) = 0 [pid 5549] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./bus") = 0 [pid 5549] ioctl(4, LOOP_CLR_FD) = 0 [pid 5549] close(4) = 0 [ 92.173975][ T5549] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 92.190965][ T5549] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5549] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5549] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5546] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... open resumed>) = 4 [pid 5549] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5549] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5549] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 92.240686][ T26] audit: type=1800 audit(1686875950.676:79): pid=5549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5546] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5546] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5546] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5546] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5573], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5573 [pid 5546] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5573] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5573] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5573] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5558] <... write resumed>) = 32394836 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, [pid 5558] munmap(0x7fedae557000, 32394836 [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5558] <... munmap resumed>) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] <... umount2 resumed>) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./12/bus") = 0 [pid 5010] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./12/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./12") = 0 [pid 5010] mkdir("./13", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5549] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5549] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] close(3 [pid 5549] <... futex resumed>) = 0 [pid 5546] exit_group(0 [pid 5010] <... close resumed>) = 0 [pid 5558] <... openat resumed>) = 4 [pid 5558] ioctl(4, LOOP_SET_FD, 3 [pid 5573] <... futex resumed>) = ? [pid 5546] <... exit_group resumed>) = ? [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5573] +++ exited with 0 +++ [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5574 [pid 5009] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5549] +++ exited with 0 +++ [pid 5546] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5546, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=35 /* 0.35 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5574 attached [pid 5009] lstat("./12/bus", [pid 5007] <... openat resumed>) = 3 [pid 5574] set_robust_list(0x5555556ed5e0, 24 [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] fstat(3, [pid 5574] <... set_robust_list resumed>) = 0 [pid 5009] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5574] chdir("./13" [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] getdents64(3, [pid 5574] <... chdir resumed>) = 0 [pid 5009] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5574] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] <... openat resumed>) = 4 [pid 5007] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5574] <... prctl resumed>) = 0 [pid 5009] fstat(4, [pid 5574] setpgid(0, 0 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./12/bus") = 0 [pid 5009] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5574] <... setpgid resumed>) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5009] lstat("./12/binderfs", [pid 5574] <... openat resumed>) = 3 [pid 5009] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5574] write(3, "1000", 4 [pid 5009] unlink("./12/binderfs" [pid 5574] <... write resumed>) = 4 [pid 5009] <... unlink resumed>) = 0 [pid 5574] close(3 [pid 5009] getdents64(3, [pid 5574] <... close resumed>) = 0 [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5574] symlink("/dev/binderfs", "./binderfs" [pid 5009] close(3) = 0 [pid 5574] <... symlink resumed>) = 0 [pid 5009] rmdir("./12" [pid 5574] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... ioctl resumed>) = 0 [pid 5009] <... rmdir resumed>) = 0 [pid 5574] <... futex resumed>) = 0 [pid 5558] close(3 [pid 5009] mkdir("./13", 0777 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5558] <... close resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5574] <... mmap resumed>) = 0x7fedb6957000 [pid 5558] mkdir("./bus", 0777 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5574] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5558] <... mkdir resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5574] <... mprotect resumed>) = 0 [pid 5558] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] ioctl(3, LOOP_CLR_FD [pid 5574] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 92.423438][ T5558] loop0: detected capacity change from 0 to 63271 [pid 5009] close(3./strace-static-x86_64: Process 5575 attached [pid 5574] <... clone resumed>, parent_tid=[5575], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5575 [pid 5009] <... close resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5576 ./strace-static-x86_64: Process 5576 attached [pid 5576] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5576] chdir("./13") = 0 [pid 5576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5576] setpgid(0, 0) = 0 [pid 5576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5576] write(3, "1000", 4) = 4 [pid 5576] close(3 [pid 5574] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] <... close resumed>) = 0 [pid 5576] symlink("/dev/binderfs", "./binderfs" [pid 5575] set_robust_list(0x7fedb69779e0, 24 [pid 5574] <... futex resumed>) = 0 [pid 5576] <... symlink resumed>) = 0 [pid 5575] <... set_robust_list resumed>) = 0 [pid 5574] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5576] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] memfd_create("syzkaller", 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5575] <... memfd_create resumed>) = 3 [pid 5575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5576] <... mmap resumed>) = 0x7fedb6957000 [pid 5575] <... mmap resumed>) = 0x7fedae557000 [pid 5576] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5577], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5577 [pid 5576] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5577 attached [pid 5577] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5577] memfd_create("syzkaller", 0) = 3 [pid 5577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 92.469086][ T5558] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 92.501920][ T5558] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 92.560086][ T5558] F2FS-fs (loop0): invalid crc value [ 92.609389][ T5558] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5566] <... write resumed>) = 32394836 [pid 5566] munmap(0x7fedae557000, 32394836) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] mkdir("./bus", 0777) = 0 [ 92.738534][ T5558] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 92.763529][ T5566] loop2: detected capacity change from 0 to 63271 [ 92.765001][ T5558] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 92.783741][ T5566] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5566] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5558] <... mount resumed>) = 0 [pid 5558] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5558] chdir("./bus") = 0 [pid 5558] ioctl(4, LOOP_CLR_FD) = 0 [pid 5558] close(4) = 0 [pid 5558] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5558] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] <... futex resumed>) = 0 [pid 5558] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] <... open resumed>) = 4 [pid 5558] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5558] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.809599][ T5566] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5556] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5556] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [ 92.848521][ T26] audit: type=1800 audit(1686875951.286:80): pid=5558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 92.881347][ T5566] F2FS-fs (loop2): invalid crc value [pid 5556] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5585], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5585 [pid 5556] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5585 attached [pid 5585] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5585] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5585] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [ 92.927232][ T5566] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5585] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5566] <... mount resumed>) = 0 [pid 5566] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./bus") = 0 [pid 5566] ioctl(4, LOOP_CLR_FD) = 0 [pid 5566] close(4) = 0 [pid 5566] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 4 [ 93.019024][ T5566] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 93.055536][ T5566] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5558] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5566] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 0 [pid 5566] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] exit_group(0 [pid 5585] <... futex resumed>) = ? [pid 5566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = ? [pid 5556] <... exit_group resumed>) = ? [pid 5585] +++ exited with 0 +++ [pid 5566] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5556, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, [ 93.081795][ T26] audit: type=1800 audit(1686875951.516:81): pid=5566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./12/bus") = 0 [pid 5007] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5565] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5007] lstat("./12/binderfs", [pid 5565] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5007] unlink("./12/binderfs" [pid 5565] <... mmap resumed>) = 0x7fedb041b000 [pid 5565] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5007] <... unlink resumed>) = 0 [pid 5565] <... mprotect resumed>) = 0 [pid 5565] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] getdents64(3, [pid 5565] <... clone resumed>, parent_tid=[5587], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5587 [pid 5565] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5565] <... futex resumed>) = 0 [pid 5007] close(3 [pid 5565] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... close resumed>) = 0 [pid 5007] rmdir("./12"./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x7fedb043b9e0, 24 [pid 5007] <... rmdir resumed>) = 0 [pid 5007] mkdir("./13", 0777 [pid 5587] <... set_robust_list resumed>) = 0 [pid 5587] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5007] <... mkdir resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3 [pid 5587] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5007] <... close resumed>) = 0 [pid 5587] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5587] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5588] chdir("./13") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5588] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5589], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5589 [pid 5588] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5589 attached [pid 5589] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5589] memfd_create("syzkaller", 0) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5566] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5566] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] exit_group(0 [pid 5587] <... futex resumed>) = ? [pid 5565] <... exit_group resumed>) = ? [pid 5587] +++ exited with 0 +++ [pid 5566] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5565, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5568] <... write resumed>) = 32394836 [pid 5568] munmap(0x7fedae557000, 32394836) = 0 [pid 5568] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5568] close(3) = 0 [pid 5568] mkdir("./bus", 0777) = 0 [ 93.471645][ T5568] loop5: detected capacity change from 0 to 63271 [ 93.494736][ T5568] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 93.553988][ T5568] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5568] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5575] <... write resumed>) = 32394836 [pid 5575] munmap(0x7fedae557000, 32394836) = 0 [pid 5575] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5575] close(3) = 0 [pid 5575] mkdir("./bus", 0777) = 0 [ 93.647403][ T5568] F2FS-fs (loop5): invalid crc value [ 93.666492][ T5575] loop4: detected capacity change from 0 to 63271 [ 93.686890][ T5568] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5575] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 93.701201][ T5575] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 93.721685][ T5575] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5577] <... write resumed>) = 32394836 [ 93.755752][ T5575] F2FS-fs (loop4): invalid crc value [pid 5577] munmap(0x7fedae557000, 32394836) = 0 [pid 5577] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5577] close(3) = 0 [pid 5577] mkdir("./bus", 0777) = 0 [ 93.785488][ T5575] F2FS-fs (loop4): Found nat_bits in checkpoint [ 93.803316][ T5577] loop3: detected capacity change from 0 to 63271 [ 93.824146][ T5577] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 93.835942][ T5568] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 93.842986][ T5568] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 93.852579][ T5577] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 93.874781][ T5575] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 5577] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5568] <... mount resumed>) = 0 [pid 5568] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5568] chdir("./bus") = 0 [pid 5568] ioctl(4, LOOP_CLR_FD) = 0 [pid 5568] close(4 [pid 5575] <... mount resumed>) = 0 [pid 5575] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5575] chdir("./bus") = 0 [pid 5575] ioctl(4, LOOP_CLR_FD) = 0 [pid 5575] close(4) = 0 [pid 5568] <... close resumed>) = 0 [pid 5568] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] <... futex resumed>) = 1 [pid 5575] <... futex resumed>) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5567] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5574] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5574] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 0 [pid 5568] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 93.885730][ T5577] F2FS-fs (loop3): invalid crc value [ 93.895565][ T5575] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 93.911483][ T5577] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5574] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... open resumed>) = 4 [pid 5575] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... open resumed>) = 4 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5575] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5574] <... futex resumed>) = 0 [pid 5568] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5568] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... futex resumed>) = 0 [pid 5567] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] <... futex resumed>) = 0 [pid 5567] <... futex resumed>) = 1 [pid 5568] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 93.923936][ T26] audit: type=1800 audit(1686875952.356:82): pid=5575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5567] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./13/bus") = 0 [pid 5006] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./13/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./13" [pid 5574] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5006] <... rmdir resumed>) = 0 [pid 5574] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] mkdir("./14", 0777 [pid 5574] <... futex resumed>) = 0 [pid 5006] <... mkdir resumed>) = 0 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 5574] <... mmap resumed>) = 0x7fedb041b000 [pid 5567] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5006] <... close resumed>) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5574] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5567] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5602 [pid 5574] <... mprotect resumed>) = 0 [pid 5567] <... futex resumed>) = 0 [pid 5574] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5567] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5567] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5574] <... clone resumed>, parent_tid=[5603], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5603 [pid 5567] <... mprotect resumed>) = 0 [pid 5574] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5567] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... clone resumed>, parent_tid=[5604], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5604 [pid 5567] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5603 attached [pid 5577] <... mount resumed>) = 0 [pid 5567] <... futex resumed>) = 0 [pid 5603] set_robust_list(0x7fedb043b9e0, 24 [pid 5577] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5567] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5604 attached [pid 5604] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5604] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5603] <... set_robust_list resumed>) = 0 [pid 5577] <... openat resumed>) = 3 [pid 5577] chdir("./bus" [pid 5603] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5577] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5602 attached [pid 5603] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5577] ioctl(4, LOOP_CLR_FD [pid 5603] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... ioctl resumed>) = 0 [pid 5603] <... futex resumed>) = 1 [pid 5577] close(4 [pid 5574] <... futex resumed>) = 0 [ 93.999769][ T5577] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 94.015544][ T5577] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5604] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5603] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] set_robust_list(0x5555556ed5e0, 24 [pid 5577] <... close resumed>) = 0 [pid 5604] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5604] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... set_robust_list resumed>) = 0 [pid 5577] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] chdir("./14" [pid 5577] <... futex resumed>) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5602] <... chdir resumed>) = 0 [pid 5576] <... futex resumed>) = 0 [pid 5576] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0 [pid 5577] <... open resumed>) = 4 [pid 5602] <... setpgid resumed>) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5577] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... openat resumed>) = 3 [pid 5577] <... futex resumed>) = 1 [pid 5576] <... futex resumed>) = 0 [pid 5602] write(3, "1000", 4 [pid 5577] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5576] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... write resumed>) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5602] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5602] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5605], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5605 [pid 5602] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5605 attached [pid 5605] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5605] memfd_create("syzkaller", 0) = 3 [pid 5605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5576] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5576] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5576] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5576] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5576] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5606], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5606 [pid 5576] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5576] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5606 attached [pid 5606] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5606] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5575] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5575] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] exit_group(0) = ? [pid 5603] <... futex resumed>) = ? [pid 5575] <... futex resumed>) = ? [pid 5603] +++ exited with 0 +++ [pid 5575] +++ exited with 0 +++ [pid 5574] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5574, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=31 /* 0.31 s */} --- [pid 5010] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./13/bus") = 0 [pid 5008] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./13/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5568] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] rmdir("./13" [pid 5568] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... rmdir resumed>) = 0 [pid 5576] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5568] <... futex resumed>) = 0 [pid 5008] mkdir("./14", 0777 [pid 5576] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5568] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... mkdir resumed>) = 0 [pid 5576] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5567] exit_group(0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5604] <... futex resumed>) = ? [pid 5568] <... futex resumed>) = ? [pid 5567] <... exit_group resumed>) = ? [pid 5008] <... openat resumed>) = 3 [pid 5606] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5604] +++ exited with 0 +++ [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5606] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5568] +++ exited with 0 +++ [pid 5567] +++ exited with 0 +++ [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5606] <... futex resumed>) = 0 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5567, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 5008] close(3 [pid 5606] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5008] <... close resumed>) = 0 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5607 [pid 5011] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5607 attached [pid 5607] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5607] chdir("./14") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5607] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5608], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5608 [pid 5607] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5608] memfd_create("syzkaller", 0) = 3 [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5577] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5577] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] exit_group(0 [pid 5606] <... futex resumed>) = ? [pid 5577] <... futex resumed>) = ? [pid 5576] <... exit_group resumed>) = ? [pid 5606] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ [pid 5576] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5576, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=34 /* 0.34 s */} --- [pid 5589] <... write resumed>) = 32394836 [pid 5589] munmap(0x7fedae557000, 32394836 [pid 5009] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5589] <... munmap resumed>) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5589] close(3) = 0 [pid 5589] mkdir("./bus", 0777) = 0 [ 94.399872][ T5589] loop1: detected capacity change from 0 to 63271 [ 94.433092][ T5589] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 94.465553][ T5589] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5589] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 94.626183][ T5589] F2FS-fs (loop1): invalid crc value [ 94.654588][ T5589] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, [pid 5589] <... mount resumed>) = 0 [pid 5589] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, [pid 5589] <... openat resumed>) = 3 [pid 5589] chdir("./bus") = 0 [pid 5589] ioctl(4, LOOP_CLR_FD) = 0 [pid 5589] close(4 [pid 5011] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, [pid 5589] <... close resumed>) = 0 [pid 5589] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5589] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 94.796023][ T5589] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 94.803352][ T5589] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5588] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... open resumed>) = 4 [pid 5589] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5588] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5011] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./13/bus") = 0 [pid 5011] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./13/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./13") = 0 [pid 5011] mkdir("./14", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5613 ./strace-static-x86_64: Process 5613 attached [pid 5613] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5613] chdir("./14") = 0 [pid 5613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5613] setpgid(0, 0) = 0 [pid 5613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5613] write(3, "1000", 4) = 4 [pid 5613] close(3) = 0 [pid 5613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5588] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5588] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [ 94.856887][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 94.856900][ T26] audit: type=1800 audit(1686875953.296:85): pid=5589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5588] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5614 attached [pid 5613] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... clone resumed>, parent_tid=[5614], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5614 [pid 5614] set_robust_list(0x7fedb043b9e0, 24 [pid 5613] <... futex resumed>) = 0 [pid 5588] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... set_robust_list resumed>) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5588] <... futex resumed>) = 0 [pid 5614] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5613] <... mmap resumed>) = 0x7fedb6957000 [pid 5588] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5613] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5615], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5615 [pid 5613] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5614] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5614] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5614] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./13/bus") = 0 [pid 5010] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./13/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./13") = 0 [pid 5010] mkdir("./14", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 95.035147][ T5589] bio_check_eod: 14 callbacks suppressed [ 95.035164][ T5589] syz-executor278: attempt to access beyond end of device [ 95.035164][ T5589] loop1: rw=2049, sector=77824, nr_sectors = 2144 limit=63271 [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5616 ./strace-static-x86_64: Process 5616 attached [pid 5616] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5616] chdir("./14") = 0 [pid 5616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5616] setpgid(0, 0) = 0 [pid 5616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5616] write(3, "1000", 4) = 4 [pid 5616] close(3) = 0 [pid 5616] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5616] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5616] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5616] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5617], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5617 [pid 5616] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5617 attached [pid 5617] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5617] memfd_create("syzkaller", 0) = 3 [pid 5617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./13/bus") = 0 [pid 5009] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./13/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./13") = 0 [pid 5009] mkdir("./14", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5618 ./strace-static-x86_64: Process 5618 attached [pid 5618] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5618] chdir("./14") = 0 [pid 5618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5618] setpgid(0, 0) = 0 [pid 5618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5618] write(3, "1000", 4) = 4 [pid 5618] close(3) = 0 [pid 5618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5618] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5618] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5618] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5619], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5619 [pid 5618] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.150386][ T5589] syz-executor278: attempt to access beyond end of device [ 95.150386][ T5589] loop1: rw=2049, sector=79968, nr_sectors = 1952 limit=63271 [pid 5618] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5619 attached [pid 5619] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5619] memfd_create("syzkaller", 0) = 3 [pid 5619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5589] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5589] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] exit_group(0) = ? [pid 5614] <... futex resumed>) = ? [pid 5589] <... futex resumed>) = ? [pid 5614] +++ exited with 0 +++ [pid 5589] +++ exited with 0 +++ [pid 5588] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5588, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=45 /* 0.45 s */} --- [pid 5007] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5605] <... write resumed>) = 32394836 [pid 5605] munmap(0x7fedae557000, 32394836) = 0 [pid 5605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5605] close(3) = 0 [pid 5605] mkdir("./bus", 0777) = 0 [pid 5605] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5608] <... write resumed>) = 32394836 [ 95.332172][ T5605] loop0: detected capacity change from 0 to 63271 [ 95.366979][ T5605] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5608] munmap(0x7fedae557000, 32394836) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] mkdir("./bus", 0777) = 0 [ 95.395914][ T5605] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 95.408521][ T5605] F2FS-fs (loop0): invalid crc value [ 95.417174][ T5608] loop2: detected capacity change from 0 to 63271 [ 95.434266][ T5605] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5608] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 95.458208][ T5608] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 95.494078][ T5608] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5605] <... mount resumed>) = 0 [pid 5605] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5605] chdir("./bus") = 0 [pid 5605] ioctl(4, LOOP_CLR_FD) = 0 [pid 5605] close(4) = 0 [pid 5605] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5602] <... futex resumed>) = 0 [ 95.528480][ T5605] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 95.547176][ T5605] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5602] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] <... open resumed>) = 4 [pid 5605] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5605] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5602] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.580201][ T26] audit: type=1800 audit(1686875954.016:86): pid=5605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5602] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5602] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5602] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5626], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5626 [pid 5602] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5626] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [ 95.640995][ T5608] F2FS-fs (loop2): invalid crc value [pid 5617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5626] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5626] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5626] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 95.688067][ T5608] F2FS-fs (loop2): Found nat_bits in checkpoint [ 95.704911][ T5605] syz-executor278: attempt to access beyond end of device [ 95.704911][ T5605] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 95.805525][ T5605] syz-executor278: attempt to access beyond end of device [ 95.805525][ T5605] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 95.833501][ T5608] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 95.845225][ T5608] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5608] <... mount resumed>) = 0 [pid 5608] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./bus") = 0 [pid 5608] ioctl(4, LOOP_CLR_FD) = 0 [pid 5608] close(4) = 0 [pid 5605] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5608] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5607] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... open resumed>) = 4 [pid 5605] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5607] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] <... futex resumed>) = 0 [pid 5602] exit_group(0 [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5626] <... futex resumed>) = ? [pid 5602] <... exit_group resumed>) = ? [pid 5626] +++ exited with 0 +++ [pid 5605] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5602, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=43 /* 0.43 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 95.902277][ T26] audit: type=1800 audit(1686875954.336:87): pid=5608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5006] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5607] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5607] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5607] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5629], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5629 [pid 5607] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5629 attached [pid 5629] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5629] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5629] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5629] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] <... write resumed>) = 32394836 [ 96.053068][ T5608] syz-executor278: attempt to access beyond end of device [ 96.053068][ T5608] loop2: rw=2049, sector=77824, nr_sectors = 2112 limit=63271 [pid 5615] munmap(0x7fedae557000, 32394836) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./13/bus") = 0 [pid 5007] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./13/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./13") = 0 [pid 5007] mkdir("./14", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5630 [pid 5615] <... ioctl resumed>) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./bus", 0777) = 0 ./strace-static-x86_64: Process 5630 attached [pid 5615] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5630] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5630] chdir("./14") = 0 [pid 5630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5630] setpgid(0, 0) = 0 [pid 5630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5630] write(3, "1000", 4) = 4 [pid 5630] close(3) = 0 [pid 5630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5630] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5630] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5630] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5631], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5631 [pid 5630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5631 attached [pid 5631] set_robust_list(0x7fedb69779e0, 24) = 0 [ 96.127331][ T5615] loop5: detected capacity change from 0 to 63271 [ 96.161817][ T5615] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5631] memfd_create("syzkaller", 0) = 3 [pid 5631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 96.190504][ T5608] syz-executor278: attempt to access beyond end of device [ 96.190504][ T5608] loop2: rw=2049, sector=79936, nr_sectors = 1984 limit=63271 [ 96.195693][ T5615] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5608] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5608] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] exit_group(0) = ? [pid 5629] <... futex resumed>) = ? [pid 5608] <... futex resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5629] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=44 /* 0.44 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 96.293616][ T5615] F2FS-fs (loop5): invalid crc value [pid 5008] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5617] <... write resumed>) = 32394836 [pid 5617] munmap(0x7fedae557000, 32394836 [pid 5619] <... write resumed>) = 32394836 [pid 5619] munmap(0x7fedae557000, 32394836 [pid 5617] <... munmap resumed>) = 0 [pid 5617] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 96.344870][ T5615] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5617] ioctl(4, LOOP_SET_FD, 3 [pid 5619] <... munmap resumed>) = 0 [pid 5619] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5619] ioctl(4, LOOP_SET_FD, 3 [pid 5617] <... ioctl resumed>) = 0 [pid 5617] close(3) = 0 [pid 5617] mkdir("./bus", 0777) = 0 [pid 5617] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5619] <... ioctl resumed>) = 0 [pid 5619] close(3) = 0 [pid 5619] mkdir("./bus", 0777) = 0 [ 96.386904][ T5617] loop4: detected capacity change from 0 to 63271 [ 96.411626][ T5619] loop3: detected capacity change from 0 to 63271 [ 96.425899][ T5617] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 96.435234][ T5619] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 96.453140][ T5617] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 96.461572][ T5619] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 96.471618][ T5619] F2FS-fs (loop3): invalid crc value [pid 5619] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5615] <... mount resumed>) = 0 [pid 5615] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./bus") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 0 [ 96.483301][ T5615] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 96.493492][ T5615] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 96.510471][ T5619] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5615] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5615] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5615] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 96.539255][ T26] audit: type=1800 audit(1686875954.976:88): pid=5615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5613] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5613] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5613] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [ 96.589805][ T5617] F2FS-fs (loop4): invalid crc value [pid 5613] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5642], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5642 [pid 5613] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5642 attached [pid 5642] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5642] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5642] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5642] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 96.632116][ T5617] F2FS-fs (loop4): Found nat_bits in checkpoint [ 96.668416][ T5619] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 5631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 96.689787][ T5619] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 96.722052][ T5615] syz-executor278: attempt to access beyond end of device [ 96.722052][ T5615] loop5: rw=2049, sector=77824, nr_sectors = 2064 limit=63271 [pid 5006] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5619] <... mount resumed>) = 0 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5619] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5006] getdents64(4, [pid 5619] <... openat resumed>) = 3 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5619] chdir("./bus") = 0 [pid 5006] getdents64(4, [pid 5619] ioctl(4, LOOP_CLR_FD) = 0 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5619] close(4) = 0 [pid 5006] close(4 [pid 5619] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... close resumed>) = 0 [pid 5619] <... futex resumed>) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5006] rmdir("./14/bus" [pid 5619] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5618] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] <... rmdir resumed>) = 0 [pid 5618] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./14/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./14") = 0 [pid 5006] mkdir("./15", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5645 ./strace-static-x86_64: Process 5645 attached [pid 5645] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5645] chdir("./15") = 0 [pid 5645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5645] setpgid(0, 0) = 0 [pid 5645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5645] write(3, "1000", 4) = 4 [pid 5645] close(3) = 0 [pid 5645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5645] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5619] <... open resumed>) = 4 [pid 5619] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5619] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5618] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5618] <... futex resumed>) = 0 [pid 5619] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5618] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5646], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5646 [pid 5645] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5646 attached [pid 5646] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5646] memfd_create("syzkaller", 0) = 3 [pid 5646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 96.735823][ T5617] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 96.754575][ T26] audit: type=1800 audit(1686875955.186:89): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5617] <... mount resumed>) = 0 [pid 5617] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5618] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] <... openat resumed>) = 3 [pid 5618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5617] chdir("./bus" [pid 5618] <... mmap resumed>) = 0x7fedb041b000 [pid 5618] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5617] <... chdir resumed>) = 0 [pid 5618] <... mprotect resumed>) = 0 [pid 5618] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5617] ioctl(4, LOOP_CLR_FD [pid 5618] <... clone resumed>, parent_tid=[5647], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5647 [pid 5618] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] <... ioctl resumed>) = 0 [pid 5617] close(4) = 0 [ 96.796447][ T5617] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 96.835760][ T5615] syz-executor278: attempt to access beyond end of device [pid 5617] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5647 attached ) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5617] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5647] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5617] <... open resumed>) = 4 [pid 5618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5618] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5617] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5617] <... futex resumed>) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5617] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5647] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5647] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.835760][ T5615] loop5: rw=2049, sector=79888, nr_sectors = 2032 limit=63271 [ 96.857945][ T26] audit: type=1800 audit(1686875955.296:90): pid=5617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5647] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5616] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5616] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5616] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5616] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5648], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5648 [pid 5616] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5616] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5648 attached [pid 5648] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5648] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5008] <... umount2 resumed>) = 0 [pid 5648] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5648] <... futex resumed>) = 1 [pid 5616] <... futex resumed>) = 0 [pid 5008] lstat("./14/bus", [pid 5648] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5615] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5615] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5613] exit_group(0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5642] <... futex resumed>) = ? [pid 5615] <... futex resumed>) = ? [pid 5613] <... exit_group resumed>) = ? [pid 5642] +++ exited with 0 +++ [pid 5615] +++ exited with 0 +++ [pid 5008] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5613] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5613, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5008] <... openat resumed>) = 4 [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] fstat(4, [pid 5011] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] getdents64(4, [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./14/bus") = 0 [pid 5008] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./14/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./14") = 0 [pid 5008] mkdir("./15", 0777) = 0 [ 96.948291][ T5619] syz-executor278: attempt to access beyond end of device [ 96.948291][ T5619] loop3: rw=2049, sector=77824, nr_sectors = 3792 limit=63271 [ 96.948997][ T5617] syz-executor278: attempt to access beyond end of device [ 96.948997][ T5617] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5617] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5617] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] close(3 [pid 5616] exit_group(0 [pid 5008] <... close resumed>) = 0 [pid 5648] <... futex resumed>) = ? [pid 5616] <... exit_group resumed>) = ? [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5648] +++ exited with 0 +++ [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5649 [pid 5617] <... futex resumed>) = ? [pid 5617] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5616, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- ./strace-static-x86_64: Process 5649 attached [pid 5649] set_robust_list(0x5555556ed5e0, 24 [pid 5010] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5649] <... set_robust_list resumed>) = 0 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5649] chdir("./15" [pid 5010] getdents64(3, [pid 5649] <... chdir resumed>) = 0 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5649] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5619] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5010] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5649] <... prctl resumed>) = 0 [pid 5649] setpgid(0, 0 [pid 5619] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] exit_group(0 [pid 5649] <... setpgid resumed>) = 0 [pid 5647] <... futex resumed>) = ? [pid 5618] <... exit_group resumed>) = ? [pid 5647] +++ exited with 0 +++ [pid 5649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5619] <... futex resumed>) = ? [pid 5649] <... openat resumed>) = 3 [pid 5619] +++ exited with 0 +++ [pid 5618] +++ exited with 0 +++ [pid 5649] write(3, "1000", 4) = 4 [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5618, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=43 /* 0.43 s */} --- [pid 5649] close(3 [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 5649] <... close resumed>) = 0 [pid 5009] <... restart_syscall resumed>) = 0 [pid 5649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5009] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5649] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5009] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5649] <... mmap resumed>) = 0x7fedb6957000 [pid 5009] <... openat resumed>) = 3 [pid 5649] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5009] fstat(3, [pid 5649] <... mprotect resumed>) = 0 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5649] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5649] <... clone resumed>, parent_tid=[5650], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5650 [pid 5009] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5649] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5650 attached [pid 5650] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5650] memfd_create("syzkaller", 0) = 3 [pid 5650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5631] <... write resumed>) = 32394836 [pid 5631] munmap(0x7fedae557000, 32394836) = 0 [pid 5631] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5631] close(3) = 0 [pid 5631] mkdir("./bus", 0777) = 0 [ 97.481481][ T5631] loop1: detected capacity change from 0 to 63271 [ 97.514943][ T5631] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 97.557448][ T5631] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5631] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 97.598493][ T5631] F2FS-fs (loop1): invalid crc value [ 97.649346][ T5631] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./14/bus") = 0 [pid 5011] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./14/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./14") = 0 [pid 5011] mkdir("./15", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5654 ./strace-static-x86_64: Process 5654 attached [pid 5654] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5654] chdir("./15") = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5654] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5656], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5656 [pid 5654] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5656 attached [pid 5656] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5656] memfd_create("syzkaller", 0) = 3 [pid 5656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./14/bus") = 0 [pid 5009] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./14/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./14") = 0 [pid 5009] mkdir("./15", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5657 [pid 5631] <... mount resumed>) = 0 [pid 5631] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5631] chdir("./bus") = 0 [ 97.798007][ T5631] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 97.805076][ T5631] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5631] ioctl(4, LOOP_CLR_FD) = 0 [pid 5631] close(4) = 0 [pid 5631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] <... open resumed>) = 4 [pid 5631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5631] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5657 attached [pid 5657] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5657] chdir("./15") = 0 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5657] setpgid(0, 0) = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5657] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5658 attached , parent_tid=[5658], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5658 [pid 5658] set_robust_list(0x7fedb69779e0, 24 [ 97.874925][ T26] audit: type=1800 audit(1686875956.306:91): pid=5631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5657] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... set_robust_list resumed>) = 0 [pid 5657] <... futex resumed>) = 0 [pid 5630] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5658] memfd_create("syzkaller", 0 [pid 5657] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5630] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] <... memfd_create resumed>) = 3 [pid 5630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5630] <... mmap resumed>) = 0x7fedb041b000 [pid 5010] <... umount2 resumed>) = 0 [pid 5630] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5630] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5659], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5659 [pid 5630] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5630] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./14/bus", [pid 5658] <... mmap resumed>) = 0x7fedae557000 [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./14/bus") = 0 [pid 5010] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./14/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./14") = 0 [pid 5010] mkdir("./15", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3./strace-static-x86_64: Process 5659 attached ) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5659] set_robust_list(0x7fedb043b9e0, 24./strace-static-x86_64: Process 5660 attached ) = 0 [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5660 [pid 5660] set_robust_list(0x5555556ed5e0, 24 [pid 5659] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5660] <... set_robust_list resumed>) = 0 [pid 5660] chdir("./15" [pid 5659] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5660] <... chdir resumed>) = 0 [pid 5659] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5659] <... futex resumed>) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5660] <... prctl resumed>) = 0 [pid 5659] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] setpgid(0, 0) = 0 [pid 5660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5660] write(3, "1000", 4) = 4 [pid 5660] close(3) = 0 [pid 5660] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5660] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5660] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5646] <... write resumed>) = 32394836 [pid 5646] munmap(0x7fedae557000, 32394836 [pid 5660] <... mprotect resumed>) = 0 [pid 5660] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5661], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5661 [pid 5660] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5661 attached [pid 5661] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5646] <... munmap resumed>) = 0 [pid 5661] memfd_create("syzkaller", 0) = 3 [pid 5661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5646] close(3) = 0 [pid 5646] mkdir("./bus", 0777) = 0 [ 98.066076][ T5646] loop0: detected capacity change from 0 to 63271 [ 98.105731][ T5646] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5646] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5631] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5631] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5630] exit_group(0 [pid 5659] <... futex resumed>) = ? [pid 5630] <... exit_group resumed>) = ? [pid 5631] <... futex resumed>) = ? [pid 5659] +++ exited with 0 +++ [pid 5631] +++ exited with 0 +++ [pid 5630] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5630, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- [pid 5007] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 98.125722][ T5646] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 98.157108][ T5646] F2FS-fs (loop0): invalid crc value [pid 5007] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5650] <... write resumed>) = 32394836 [pid 5650] munmap(0x7fedae557000, 32394836) = 0 [pid 5650] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 98.195753][ T5646] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5650] close(3) = 0 [pid 5650] mkdir("./bus", 0777) = 0 [ 98.250548][ T5650] loop2: detected capacity change from 0 to 63271 [ 98.286203][ T5650] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 98.294680][ T5650] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 98.317057][ T5650] F2FS-fs (loop2): invalid crc value [ 98.322604][ T5646] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 98.343502][ T5646] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5650] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5646] <... mount resumed>) = 0 [pid 5646] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5646] chdir("./bus") = 0 [pid 5646] ioctl(4, LOOP_CLR_FD) = 0 [pid 5646] close(4) = 0 [pid 5646] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5645] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... open resumed>) = 4 [pid 5646] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5646] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5645] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.363718][ T5650] F2FS-fs (loop2): Found nat_bits in checkpoint [ 98.393319][ T26] audit: type=1800 audit(1686875956.826:92): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5645] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5645] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5645] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5645] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5669], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5669 [pid 5645] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5645] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5669 attached [pid 5669] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5669] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5669] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] <... futex resumed>) = 0 [pid 5669] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5650] <... mount resumed>) = 0 [pid 5650] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5650] chdir("./bus") = 0 [pid 5650] ioctl(4, LOOP_CLR_FD) = 0 [pid 5650] close(4) = 0 [pid 5650] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] <... futex resumed>) = 0 [ 98.522195][ T5650] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 98.541256][ T5650] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5650] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5649] <... futex resumed>) = 0 [pid 5649] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5650] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5650] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5649] <... futex resumed>) = 0 [pid 5649] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5649] <... futex resumed>) = 0 [pid 5649] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5646] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5646] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5646] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5645] exit_group(0 [pid 5669] <... futex resumed>) = ? [pid 5646] <... futex resumed>) = ? [pid 5645] <... exit_group resumed>) = ? [pid 5646] +++ exited with 0 +++ [pid 5669] +++ exited with 0 +++ [pid 5645] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5645, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [ 98.618734][ T26] audit: type=1800 audit(1686875957.056:93): pid=5650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5649] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5006] getdents64(3, [pid 5649] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5649] <... futex resumed>) = 0 [pid 5649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5649] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5649] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5671], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5671 [pid 5649] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5671 attached [pid 5671] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5671] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5671] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5649] <... futex resumed>) = 0 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./14/bus") = 0 [pid 5007] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./14/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./14") = 0 [pid 5007] mkdir("./15", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5672 [pid 5650] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5650] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5649] exit_group(0 [pid 5671] <... futex resumed>) = ? [pid 5649] <... exit_group resumed>) = ? [pid 5671] +++ exited with 0 +++ [pid 5650] +++ exited with 0 +++ [pid 5649] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5649, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [pid 5008] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5672 attached [pid 5672] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5672] chdir("./15") = 0 [pid 5672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5672] setpgid(0, 0) = 0 [pid 5672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5672] write(3, "1000", 4) = 4 [pid 5672] close(3) = 0 [pid 5672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5672] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5672] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5673 attached [pid 5673] set_robust_list(0x7fedb69779e0, 24 [pid 5672] <... clone resumed>, parent_tid=[5673], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5673 [pid 5672] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] <... set_robust_list resumed>) = 0 [pid 5673] memfd_create("syzkaller", 0) = 3 [pid 5673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5656] <... write resumed>) = 32394836 [pid 5656] munmap(0x7fedae557000, 32394836) = 0 [pid 5656] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5656] close(3) = 0 [pid 5656] mkdir("./bus", 0777) = 0 [ 99.134786][ T5656] loop5: detected capacity change from 0 to 63271 [ 99.164618][ T5656] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5656] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5661] <... write resumed>) = 32394836 [pid 5661] munmap(0x7fedae557000, 32394836 [pid 5658] <... write resumed>) = 32394836 [pid 5658] munmap(0x7fedae557000, 32394836 [pid 5661] <... munmap resumed>) = 0 [pid 5661] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 99.207506][ T5656] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 99.247143][ T5656] F2FS-fs (loop5): invalid crc value [pid 5661] ioctl(4, LOOP_SET_FD, 3 [pid 5658] <... munmap resumed>) = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5658] ioctl(4, LOOP_SET_FD, 3 [pid 5661] <... ioctl resumed>) = 0 [pid 5661] close(3) = 0 [pid 5661] mkdir("./bus", 0777) = 0 [pid 5661] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5658] <... ioctl resumed>) = 0 [pid 5658] close(3) = 0 [pid 5658] mkdir("./bus", 0777) = 0 [ 99.271589][ T5661] loop4: detected capacity change from 0 to 63271 [ 99.279414][ T5658] loop3: detected capacity change from 0 to 63271 [ 99.290313][ T5661] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 99.305313][ T5658] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 99.307355][ T5656] F2FS-fs (loop5): Found nat_bits in checkpoint [ 99.320342][ T5661] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 99.333455][ T5658] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 99.348326][ T5661] F2FS-fs (loop4): invalid crc value [ 99.370883][ T5658] F2FS-fs (loop3): invalid crc value [pid 5658] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./15/bus") = 0 [pid 5006] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./15/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./15") = 0 [pid 5006] mkdir("./16", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5683] chdir("./16") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5683] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5685], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5685 [pid 5683] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.396044][ T5661] F2FS-fs (loop4): Found nat_bits in checkpoint [ 99.430481][ T5658] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5683] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5685 attached [pid 5685] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5685] memfd_create("syzkaller", 0) = 3 [pid 5685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5656] <... mount resumed>) = 0 [pid 5656] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5656] chdir("./bus") = 0 [pid 5656] ioctl(4, LOOP_CLR_FD) = 0 [pid 5656] close(4) = 0 [pid 5656] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [ 99.456115][ T5656] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 99.466513][ T5656] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5656] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5654] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... open resumed>) = 4 [pid 5656] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./15/bus") = 0 [ 99.523322][ T26] audit: type=1800 audit(1686875957.956:94): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5008] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./15/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./15") = 0 [pid 5008] mkdir("./16", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5688 [pid 5654] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5654] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5654] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5689], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5689 [pid 5654] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5688 attached [pid 5688] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5688] chdir("./16") = 0 [pid 5688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5688] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5689 attached [pid 5688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5689] set_robust_list(0x7fedb043b9e0, 24 [pid 5688] <... openat resumed>) = 3 [pid 5689] <... set_robust_list resumed>) = 0 [pid 5689] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5688] write(3, "1000", 4) = 4 [pid 5688] close(3) = 0 [pid 5688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5688] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5688] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5688] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5690], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5690 [pid 5688] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] <... mount resumed>) = 0 [pid 5658] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5658] chdir("./bus") = 0 [pid 5658] ioctl(4, LOOP_CLR_FD) = 0 [pid 5658] close(4) = 0 ./strace-static-x86_64: Process 5690 attached [pid 5690] set_robust_list(0x7fedb69779e0, 24 [pid 5658] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... set_robust_list resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] memfd_create("syzkaller", 0 [pid 5658] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... memfd_create resumed>) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5658] <... open resumed>) = 4 [ 99.564143][ T5658] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 99.578841][ T5661] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 99.586522][ T5658] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 99.594246][ T5661] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5658] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5654] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5654] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5661] <... mount resumed>) = 0 [pid 5661] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5661] chdir("./bus") = 0 [pid 5661] ioctl(4, LOOP_CLR_FD) = 0 [pid 5661] close(4) = 0 [pid 5661] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5661] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5660] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... open resumed>) = 4 [pid 5661] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... futex resumed>) = 0 [pid 5661] <... futex resumed>) = 1 [pid 5689] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5661] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5660] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5689] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = 0 [pid 5657] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5657] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5691], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5691 [pid 5657] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5691 attached [pid 5691] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5691] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5691] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5691] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5660] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5660] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5660] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5692], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5692 [pid 5660] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5660] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5692 attached [pid 5692] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5692] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5692] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5660] <... futex resumed>) = 0 [pid 5692] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5656] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] exit_group(0 [pid 5689] <... futex resumed>) = ? [pid 5656] <... futex resumed>) = ? [pid 5654] <... exit_group resumed>) = ? [pid 5689] +++ exited with 0 +++ [pid 5656] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5654, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5661] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5661] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5661] <... futex resumed>) = 0 [pid 5011] <... openat resumed>) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5660] exit_group(0 [pid 5692] <... futex resumed>) = ? [pid 5660] <... exit_group resumed>) = ? [pid 5692] +++ exited with 0 +++ [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5661] +++ exited with 0 +++ [pid 5660] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5660, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5010] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5658] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5658] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] exit_group(0 [pid 5658] <... futex resumed>) = 0 [pid 5658] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... futex resumed>) = ? [pid 5658] <... futex resumed>) = ? [pid 5657] <... exit_group resumed>) = ? [pid 5658] +++ exited with 0 +++ [pid 5691] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5657, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=43 /* 0.43 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5673] <... write resumed>) = 32394836 [pid 5673] munmap(0x7fedae557000, 32394836) = 0 [pid 5673] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5673] close(3) = 0 [pid 5673] mkdir("./bus", 0777) = 0 [ 100.096223][ T5673] loop1: detected capacity change from 0 to 63271 [ 100.112958][ T5673] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 100.131728][ T5673] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5673] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 100.357606][ T5673] F2FS-fs (loop1): invalid crc value [ 100.392565][ T5673] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./15/bus") = 0 [pid 5009] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./15/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./15") = 0 [pid 5009] mkdir("./16", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5696 ./strace-static-x86_64: Process 5696 attached [pid 5696] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5696] chdir("./16") = 0 [pid 5696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5696] setpgid(0, 0) = 0 [pid 5696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5696] write(3, "1000", 4) = 4 [pid 5696] close(3) = 0 [pid 5696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5696] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5673] <... mount resumed>) = 0 [pid 5696] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5673] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5696] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5698], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5698 [pid 5673] <... openat resumed>) = 3 [pid 5696] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5673] chdir("./bus" [pid 5696] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5673] <... chdir resumed>) = 0 [pid 5673] ioctl(4, LOOP_CLR_FD) = 0 [pid 5673] close(4) = 0 [pid 5673] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5685] <... write resumed>) = 32394836 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5672] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] <... futex resumed>) = 0 [pid 5673] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5672] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5698 attached [pid 5698] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5698] memfd_create("syzkaller", 0 [pid 5673] <... open resumed>) = 4 [ 100.523683][ T5673] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 100.546615][ T5673] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5698] <... memfd_create resumed>) = 3 [pid 5698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5685] munmap(0x7fedae557000, 32394836 [pid 5673] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5673] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5672] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5672] <... futex resumed>) = 0 [pid 5685] <... munmap resumed>) = 0 [pid 5685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 100.595672][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 100.595686][ T26] audit: type=1800 audit(1686875959.026:97): pid=5673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5685] ioctl(4, LOOP_SET_FD, 3 [pid 5672] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... ioctl resumed>) = 0 [pid 5685] close(3) = 0 [pid 5685] mkdir("./bus", 0777) = 0 [ 100.643165][ T5685] loop0: detected capacity change from 0 to 63271 [pid 5685] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5672] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5672] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5672] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5672] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5699], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5699 [pid 5672] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5699 attached [pid 5699] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5699] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5699] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5672] <... futex resumed>) = 0 [pid 5699] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = 0 [ 100.670620][ T5685] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 100.710587][ T5685] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5011] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./15/bus") = 0 [pid 5011] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./15/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./15") = 0 [pid 5011] mkdir("./16", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5010] <... umount2 resumed>) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5700 [pid 5010] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5700 attached [pid 5010] close(4) = 0 [pid 5700] set_robust_list(0x5555556ed5e0, 24 [pid 5010] rmdir("./15/bus" [pid 5700] <... set_robust_list resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5010] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5700] chdir("./16" [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5700] <... chdir resumed>) = 0 [pid 5010] lstat("./15/binderfs", [pid 5700] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5700] <... prctl resumed>) = 0 [pid 5010] unlink("./15/binderfs" [pid 5700] setpgid(0, 0) = 0 [pid 5010] <... unlink resumed>) = 0 [pid 5700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] getdents64(3, [pid 5700] <... openat resumed>) = 3 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5700] write(3, "1000", 4 [pid 5010] close(3 [pid 5700] <... write resumed>) = 4 [pid 5010] <... close resumed>) = 0 [pid 5700] close(3 [pid 5010] rmdir("./15" [pid 5700] <... close resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 5700] symlink("/dev/binderfs", "./binderfs" [pid 5010] mkdir("./16", 0777 [pid 5700] <... symlink resumed>) = 0 [pid 5700] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... mkdir resumed>) = 0 [pid 5700] <... futex resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5010] <... openat resumed>) = 3 [pid 5700] <... mmap resumed>) = 0x7fedb6957000 [pid 5010] ioctl(3, LOOP_CLR_FD [pid 5700] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5690] <... write resumed>) = 32394836 [ 100.747992][ T5673] bio_check_eod: 14 callbacks suppressed [ 100.748007][ T5673] syz-executor278: attempt to access beyond end of device [ 100.748007][ T5673] loop1: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 100.768127][ T5685] F2FS-fs (loop0): invalid crc value [pid 5010] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5700] <... mprotect resumed>) = 0 [pid 5690] munmap(0x7fedae557000, 32394836 [pid 5010] close(3 [pid 5700] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5690] <... munmap resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5700] <... clone resumed>, parent_tid=[5704], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5704 [pid 5690] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5700] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... openat resumed>) = 4 [pid 5700] <... futex resumed>) = 0 [pid 5690] ioctl(4, LOOP_SET_FD, 3 [pid 5700] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5705 ./strace-static-x86_64: Process 5705 attached [pid 5690] <... ioctl resumed>) = 0 [pid 5705] set_robust_list(0x5555556ed5e0, 24 [pid 5690] close(3 [pid 5705] <... set_robust_list resumed>) = 0 [pid 5690] <... close resumed>) = 0 [pid 5705] chdir("./16" [pid 5690] mkdir("./bus", 0777 [pid 5705] <... chdir resumed>) = 0 [pid 5705] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5690] <... mkdir resumed>) = 0 [pid 5705] <... prctl resumed>) = 0 [pid 5690] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5705] setpgid(0, 0) = 0 [ 100.829656][ T5673] syz-executor278: attempt to access beyond end of device [ 100.829656][ T5673] loop1: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 100.855980][ T5685] F2FS-fs (loop0): Found nat_bits in checkpoint [ 100.862896][ T5690] loop2: detected capacity change from 0 to 63271 [pid 5705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5704 attached [pid 5704] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5704] memfd_create("syzkaller", 0 [pid 5705] <... openat resumed>) = 3 [pid 5704] <... memfd_create resumed>) = 3 [pid 5704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5705] write(3, "1000", 4 [pid 5704] <... mmap resumed>) = 0x7fedae557000 [pid 5673] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5705] <... write resumed>) = 4 [pid 5673] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] close(3 [pid 5673] <... futex resumed>) = 0 [pid 5672] exit_group(0 [pid 5705] <... close resumed>) = 0 [pid 5699] <... futex resumed>) = ? [pid 5672] <... exit_group resumed>) = ? [pid 5705] symlink("/dev/binderfs", "./binderfs" [pid 5699] +++ exited with 0 +++ [pid 5673] +++ exited with 0 +++ [pid 5672] +++ exited with 0 +++ [pid 5705] <... symlink resumed>) = 0 [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5672, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=49 /* 0.49 s */} --- [pid 5705] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5705] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5705] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5705] <... clone resumed>, parent_tid=[5709], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5709 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5705] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5705] <... futex resumed>) = 0 [pid 5007] <... openat resumed>) = 3 [pid 5705] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 100.876031][ T5690] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 100.884666][ T5690] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 100.898930][ T5690] F2FS-fs (loop2): invalid crc value [pid 5007] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5709 attached [pid 5709] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5709] memfd_create("syzkaller", 0) = 3 [pid 5709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 100.924746][ T5690] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5690] <... mount resumed>) = 0 [pid 5690] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./bus") = 0 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5690] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.005517][ T5685] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 101.012575][ T5685] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 101.022371][ T5690] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 101.029653][ T5690] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5690] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5685] <... mount resumed>) = 0 [pid 5685] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5685] chdir("./bus") = 0 [pid 5685] ioctl(4, LOOP_CLR_FD) = 0 [pid 5685] close(4) = 0 [pid 5685] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] <... futex resumed>) = 1 [pid 5690] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5690] <... futex resumed>) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5690] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5688] <... futex resumed>) = 0 [pid 5685] <... open resumed>) = 4 [pid 5690] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5688] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5685] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] <... futex resumed>) = 0 [pid 5685] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 101.073201][ T26] audit: type=1800 audit(1686875959.506:98): pid=5690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5683] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5688] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5683] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5712], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5712 [pid 5683] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5712 attached [pid 5688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5712] set_robust_list(0x7fedb043b9e0, 24 [pid 5688] <... mmap resumed>) = 0x7fedb041b000 [pid 5712] <... set_robust_list resumed>) = 0 [pid 5688] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5712] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5688] <... mprotect resumed>) = 0 [pid 5688] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5713], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5713 [pid 5688] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5713 attached [pid 5698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5688] <... futex resumed>) = 0 [pid 5713] set_robust_list(0x7fedb043b9e0, 24 [pid 5688] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... set_robust_list resumed>) = 0 [ 101.169600][ T26] audit: type=1800 audit(1686875959.546:99): pid=5685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5713] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5683] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5713] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5713] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5688] <... futex resumed>) = 0 [pid 5713] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5712] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.219144][ T5690] syz-executor278: attempt to access beyond end of device [ 101.219144][ T5690] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5712] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5690] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5690] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5688] exit_group(0 [pid 5713] <... futex resumed>) = ? [pid 5688] <... exit_group resumed>) = ? [pid 5713] +++ exited with 0 +++ [pid 5690] <... futex resumed>) = ? [pid 5690] +++ exited with 0 +++ [pid 5688] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5688, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=45 /* 0.45 s */} --- [pid 5008] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 101.272090][ T5690] syz-executor278: attempt to access beyond end of device [ 101.272090][ T5690] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 101.299551][ T5685] syz-executor278: attempt to access beyond end of device [ 101.299551][ T5685] loop0: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5683] exit_group(0 [pid 5712] <... futex resumed>) = ? [pid 5683] <... exit_group resumed>) = ? [pid 5712] +++ exited with 0 +++ [ 101.446797][ T5685] syz-executor278: attempt to access beyond end of device [ 101.446797][ T5685] loop0: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [pid 5685] <... pwritev2 resumed>) = ? [pid 5685] +++ exited with 0 +++ [pid 5683] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5683, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5006] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./15/bus") = 0 [pid 5007] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./15/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./15") = 0 [pid 5007] mkdir("./16", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5714 ./strace-static-x86_64: Process 5714 attached [pid 5714] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5714] chdir("./16") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5714] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5715], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5715 [pid 5714] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5715 attached [pid 5715] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5715] memfd_create("syzkaller", 0) = 3 [pid 5715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5698] <... write resumed>) = 32394836 [pid 5698] munmap(0x7fedae557000, 32394836) = 0 [pid 5698] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5698] close(3) = 0 [pid 5698] mkdir("./bus", 0777) = 0 [pid 5698] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5709] <... write resumed>) = 32394836 [ 101.943048][ T5698] loop3: detected capacity change from 0 to 63271 [ 101.980481][ T5698] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5709] munmap(0x7fedae557000, 32394836) = 0 [pid 5709] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5709] ioctl(4, LOOP_SET_FD, 3 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./16/bus") = 0 [pid 5008] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./16/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5709] <... ioctl resumed>) = 0 [pid 5008] rmdir("./16" [pid 5709] close(3 [pid 5008] <... rmdir resumed>) = 0 [pid 5709] <... close resumed>) = 0 [pid 5008] mkdir("./17", 0777) = 0 [pid 5709] mkdir("./bus", 0777 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5709] <... mkdir resumed>) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5709] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [ 102.027464][ T5698] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 102.054841][ T5709] loop4: detected capacity change from 0 to 63271 [ 102.071097][ T5698] F2FS-fs (loop3): invalid crc value [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5719 ./strace-static-x86_64: Process 5719 attached [pid 5719] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5719] chdir("./17") = 0 [pid 5719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5719] setpgid(0, 0) = 0 [pid 5719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5719] write(3, "1000", 4) = 4 [pid 5719] close(3) = 0 [pid 5719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5719] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5719] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5719] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5720], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5720 [pid 5719] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5720 attached [pid 5720] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5720] memfd_create("syzkaller", 0) = 3 [pid 5720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 102.114553][ T5709] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 102.128146][ T5698] F2FS-fs (loop3): Found nat_bits in checkpoint [ 102.141537][ T5709] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5704] <... write resumed>) = 32394836 [pid 5704] munmap(0x7fedae557000, 32394836) = 0 [pid 5006] <... umount2 resumed>) = 0 [ 102.175260][ T5709] F2FS-fs (loop4): invalid crc value [pid 5704] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5704] ioctl(4, LOOP_SET_FD, 3 [pid 5006] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5704] <... ioctl resumed>) = 0 [pid 5006] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5704] close(3 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5704] <... close resumed>) = 0 [pid 5704] mkdir("./bus", 0777 [pid 5006] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5704] <... mkdir resumed>) = 0 [pid 5006] fstat(4, [pid 5704] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./16/bus") = 0 [ 102.215099][ T5709] F2FS-fs (loop4): Found nat_bits in checkpoint [ 102.223307][ T5704] loop5: detected capacity change from 0 to 63271 [ 102.242026][ T5704] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5006] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./16/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./16") = 0 [pid 5006] mkdir("./17", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 102.260365][ T5704] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 102.274559][ T5698] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 102.283712][ T5704] F2FS-fs (loop5): invalid crc value [ 102.287673][ T5698] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 102.297197][ T5709] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 5006] close(3 [pid 5698] <... mount resumed>) = 0 [pid 5698] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5698] chdir("./bus") = 0 [pid 5698] ioctl(4, LOOP_CLR_FD) = 0 [pid 5698] close(4 [pid 5006] <... close resumed>) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5709] <... mount resumed>) = 0 [pid 5698] <... close resumed>) = 0 [pid 5698] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] <... futex resumed>) = 1 [pid 5698] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5727 [pid 5709] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5698] <... open resumed>) = 4 [pid 5698] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5698] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5696] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] <... futex resumed>) = 0 [pid 5698] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5696] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... openat resumed>) = 3 [pid 5709] chdir("./bus"./strace-static-x86_64: Process 5727 attached [pid 5727] set_robust_list(0x5555556ed5e0, 24 [pid 5709] <... chdir resumed>) = 0 [pid 5727] <... set_robust_list resumed>) = 0 [pid 5709] ioctl(4, LOOP_CLR_FD [pid 5727] chdir("./17") = 0 [pid 5709] <... ioctl resumed>) = 0 [pid 5727] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5709] close(4 [pid 5727] <... prctl resumed>) = 0 [ 102.323599][ T5709] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 102.343263][ T26] audit: type=1800 audit(1686875960.776:100): pid=5698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5727] setpgid(0, 0) = 0 [pid 5727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5727] write(3, "1000", 4) = 4 [pid 5727] close(3) = 0 [pid 5727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5727] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5727] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5727] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5709] <... close resumed>) = 0 [pid 5727] <... clone resumed>, parent_tid=[5730], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5730 [pid 5727] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5730 attached [pid 5730] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5730] memfd_create("syzkaller", 0) = 3 [pid 5730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5709] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5709] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5705] <... futex resumed>) = 0 [pid 5709] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5705] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... open resumed>) = 4 [pid 5709] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5705] <... futex resumed>) = 0 [pid 5709] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5705] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5709] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5705] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.379521][ T5704] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5696] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5696] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5732], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5732 [pid 5696] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5732 attached [pid 5732] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 102.428551][ T26] audit: type=1800 audit(1686875960.836:101): pid=5709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 102.456716][ T5704] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 5732] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5704] <... mount resumed>) = 0 [pid 5705] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5704] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5705] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... openat resumed>) = 3 [pid 5705] <... futex resumed>) = 0 [pid 5704] chdir("./bus" [pid 5705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5704] <... chdir resumed>) = 0 [pid 5705] <... mmap resumed>) = 0x7fedb041b000 [pid 5704] ioctl(4, LOOP_CLR_FD [pid 5705] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5704] <... ioctl resumed>) = 0 [pid 5705] <... mprotect resumed>) = 0 [pid 5704] close(4) = 0 [pid 5704] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5704] <... futex resumed>) = 1 [ 102.475490][ T5704] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5704] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... futex resumed>) = 0 [pid 5705] <... clone resumed>, parent_tid=[5733], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5733 [pid 5696] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5733 attached [pid 5733] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5733] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5732] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5732] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5700] <... futex resumed>) = 1 [pid 5733] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5732] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5705] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5704] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5700] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5733] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] <... open resumed>) = 4 [pid 5733] <... futex resumed>) = 1 [pid 5733] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 102.507785][ T5709] syz-executor278: attempt to access beyond end of device [ 102.507785][ T5709] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 102.530810][ T26] audit: type=1800 audit(1686875960.966:102): pid=5704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5705] <... futex resumed>) = 0 [pid 5704] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5700] <... futex resumed>) = 0 [pid 5700] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5704] <... futex resumed>) = 0 [pid 5700] <... futex resumed>) = 1 [pid 5709] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5704] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5700] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5709] <... futex resumed>) = 0 [pid 5705] exit_group(0 [pid 5733] <... futex resumed>) = ? [pid 5705] <... exit_group resumed>) = ? [pid 5733] +++ exited with 0 +++ [pid 5709] +++ exited with 0 +++ [pid 5705] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5705, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=46 /* 0.46 s */} --- [pid 5010] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 102.543608][ T5698] syz-executor278: attempt to access beyond end of device [ 102.543608][ T5698] loop3: rw=2049, sector=77824, nr_sectors = 2088 limit=63271 [ 102.561487][ T5709] syz-executor278: attempt to access beyond end of device [ 102.561487][ T5709] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5700] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5700] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5700] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5700] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5734], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5734 [pid 5700] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5700] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5734 attached [pid 5734] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5734] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5734] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5700] <... futex resumed>) = 0 [ 102.647748][ T5698] syz-executor278: attempt to access beyond end of device [ 102.647748][ T5698] loop3: rw=2049, sector=79912, nr_sectors = 2008 limit=63271 [pid 5734] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5698] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] exit_group(0 [pid 5732] <... futex resumed>) = ? [pid 5698] <... futex resumed>) = ? [pid 5696] <... exit_group resumed>) = ? [pid 5732] +++ exited with 0 +++ [pid 5698] +++ exited with 0 +++ [pid 5696] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5696, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5009] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5704] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5704] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5700] exit_group(0) = ? [pid 5734] <... futex resumed>) = ? [pid 5734] +++ exited with 0 +++ [pid 5704] <... futex resumed>) = ? [pid 5704] +++ exited with 0 +++ [pid 5700] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5700, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5011] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./16/bus") = 0 [pid 5010] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./16/binderfs", [pid 5715] <... write resumed>) = 32394836 [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5715] munmap(0x7fedae557000, 32394836 [pid 5010] unlink("./16/binderfs" [pid 5715] <... munmap resumed>) = 0 [pid 5010] <... unlink resumed>) = 0 [pid 5010] getdents64(3, [pid 5715] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./16" [pid 5715] <... openat resumed>) = 4 [pid 5010] <... rmdir resumed>) = 0 [pid 5010] mkdir("./17", 0777 [pid 5715] ioctl(4, LOOP_SET_FD, 3 [pid 5010] <... mkdir resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5735 ./strace-static-x86_64: Process 5735 attached [pid 5735] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5735] chdir("./17") = 0 [pid 5735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5735] setpgid(0, 0) = 0 [pid 5715] <... ioctl resumed>) = 0 [pid 5715] close(3 [pid 5735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5735] write(3, "1000", 4 [pid 5715] <... close resumed>) = 0 [pid 5735] <... write resumed>) = 4 [pid 5735] close(3) = 0 [pid 5735] symlink("/dev/binderfs", "./binderfs" [pid 5715] mkdir("./bus", 0777 [pid 5735] <... symlink resumed>) = 0 [pid 5735] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5715] <... mkdir resumed>) = 0 [pid 5735] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5736], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5736 [pid 5715] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5735] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.327249][ T5715] loop1: detected capacity change from 0 to 63271 [pid 5735] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5736] memfd_create("syzkaller", 0) = 3 [pid 5736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./16/bus") = 0 [pid 5009] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 103.368567][ T5715] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5009] unlink("./16/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./16") = 0 [pid 5009] mkdir("./17", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5737 [ 103.417021][ T5715] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock ./strace-static-x86_64: Process 5737 attached [pid 5737] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5737] chdir("./17") = 0 [pid 5737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5737] setpgid(0, 0) = 0 [pid 5737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5737] write(3, "1000", 4) = 4 [pid 5737] close(3) = 0 [pid 5737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5737] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5737] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5737] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5738], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5738 [pid 5737] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5738 attached [pid 5738] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5738] memfd_create("syzkaller", 0) = 3 [ 103.458419][ T5715] F2FS-fs (loop1): invalid crc value [pid 5738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 103.514458][ T5715] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5720] <... write resumed>) = 32394836 [pid 5720] munmap(0x7fedae557000, 32394836) = 0 [pid 5720] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5720] ioctl(4, LOOP_SET_FD, 3 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5730] <... write resumed>) = 32394836 [pid 5730] munmap(0x7fedae557000, 32394836 [pid 5720] <... ioctl resumed>) = 0 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./16/bus") = 0 [pid 5011] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./16/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./16") = 0 [pid 5011] mkdir("./17", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5720] close(3 [pid 5011] <... openat resumed>) = 3 [pid 5720] <... close resumed>) = 0 [pid 5720] mkdir("./bus", 0777 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3 [pid 5720] <... mkdir resumed>) = 0 [pid 5011] <... close resumed>) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5743 ./strace-static-x86_64: Process 5743 attached [pid 5743] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5743] chdir("./17") = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5720] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5743] <... prctl resumed>) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5743] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5743] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [ 103.628694][ T5720] loop2: detected capacity change from 0 to 63271 [ 103.638768][ T5715] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 103.667489][ T5720] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5743] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5744], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5744 [pid 5743] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... munmap resumed>) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5744 attached [pid 5744] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5744] memfd_create("syzkaller", 0) = 3 [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5730] close(3) = 0 [pid 5730] mkdir("./bus", 0777) = 0 [pid 5730] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5715] <... mount resumed>) = 0 [pid 5715] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5715] chdir("./bus") = 0 [pid 5715] ioctl(4, LOOP_CLR_FD) = 0 [pid 5715] close(4) = 0 [pid 5715] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5714] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... open resumed>) = 4 [ 103.677091][ T5715] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 103.685325][ T5720] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 103.695761][ T5730] loop0: detected capacity change from 0 to 63271 [ 103.706499][ T5730] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5715] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5714] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5714] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5714] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5750], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5750 [pid 5714] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.729007][ T26] audit: type=1800 audit(1686875962.166:103): pid=5715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 103.755672][ T5730] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 103.765415][ T5720] F2FS-fs (loop2): invalid crc value [ 103.773333][ T5730] F2FS-fs (loop0): invalid crc value [pid 5714] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5750 attached [pid 5750] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5750] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5750] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5750] <... futex resumed>) = 0 [ 103.818836][ T5730] F2FS-fs (loop0): Found nat_bits in checkpoint [ 103.834742][ T5720] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5750] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5720] <... mount resumed>) = 0 [pid 5730] <... mount resumed>) = 0 [pid 5720] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5730] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5720] chdir("./bus" [pid 5730] <... openat resumed>) = 3 [pid 5720] <... chdir resumed>) = 0 [pid 5730] chdir("./bus" [pid 5720] ioctl(4, LOOP_CLR_FD [pid 5730] <... chdir resumed>) = 0 [pid 5720] <... ioctl resumed>) = 0 [pid 5730] ioctl(4, LOOP_CLR_FD [pid 5720] close(4 [pid 5730] <... ioctl resumed>) = 0 [pid 5720] <... close resumed>) = 0 [ 103.927768][ T5730] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 103.935704][ T5720] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 103.942844][ T5720] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 103.950877][ T5730] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5730] close(4 [pid 5720] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... close resumed>) = 0 [pid 5720] <... futex resumed>) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5730] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5730] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 0 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5719] <... futex resumed>) = 0 [pid 5715] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] exit_group(0 [pid 5750] <... futex resumed>) = ? [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = 0 [pid 5719] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... futex resumed>) = ? [pid 5714] <... exit_group resumed>) = ? [pid 5730] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5727] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] +++ exited with 0 +++ [pid 5750] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5714, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=30 /* 0.30 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5730] <... open resumed>) = 4 [pid 5720] <... open resumed>) = 4 [pid 5007] fstat(3, [pid 5730] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 0 [pid 5720] <... futex resumed>) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5007] getdents64(3, [pid 5730] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5720] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = 0 [pid 5720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5719] <... futex resumed>) = 0 [pid 5007] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5730] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5727] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5720] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5719] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 104.030047][ T26] audit: type=1800 audit(1686875962.466:104): pid=5730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5727] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5719] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5727] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5719] <... futex resumed>) = 0 [pid 5727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5727] <... mmap resumed>) = 0x7fedb041b000 [pid 5719] <... mmap resumed>) = 0x7fedb041b000 [pid 5727] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5719] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5727] <... mprotect resumed>) = 0 [pid 5719] <... mprotect resumed>) = 0 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5727] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5719] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5727] <... clone resumed>, parent_tid=[5754], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5754 [pid 5719] <... clone resumed>, parent_tid=[5755], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5755 [pid 5727] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] <... futex resumed>) = 0 [pid 5719] <... futex resumed>) = 0 [pid 5727] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5755 attached [pid 5755] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5755] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5755] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 0 [pid 5755] <... futex resumed>) = 1 [ 104.102660][ T26] audit: type=1800 audit(1686875962.466:105): pid=5720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5755] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5754 attached [pid 5754] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5754] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5754] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] <... futex resumed>) = 0 [pid 5754] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5720] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5720] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] exit_group(0 [pid 5755] <... futex resumed>) = ? [pid 5719] <... exit_group resumed>) = ? [pid 5755] +++ exited with 0 +++ [pid 5720] <... futex resumed>) = ? [pid 5730] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5730] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] exit_group(0) = ? [pid 5754] <... futex resumed>) = ? [pid 5730] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5727] +++ exited with 0 +++ [pid 5720] +++ exited with 0 +++ [pid 5719] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5719, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5727, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5008] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... openat resumed>) = 3 [pid 5006] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] fstat(3, [pid 5006] <... openat resumed>) = 3 [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] fstat(3, [pid 5008] getdents64(3, [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5738] <... write resumed>) = 32394836 [pid 5738] munmap(0x7fedae557000, 32394836) = 0 [pid 5738] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5738] close(3) = 0 [pid 5738] mkdir("./bus", 0777) = 0 [pid 5738] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5736] <... write resumed>) = 32394836 [ 104.725712][ T5738] loop3: detected capacity change from 0 to 63271 [ 104.753187][ T5738] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5736] munmap(0x7fedae557000, 32394836 [pid 5744] <... write resumed>) = 32394836 [pid 5744] munmap(0x7fedae557000, 32394836) = 0 [pid 5736] <... munmap resumed>) = 0 [pid 5736] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 104.777575][ T5738] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5736] ioctl(4, LOOP_SET_FD, 3 [pid 5007] <... umount2 resumed>) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5744] ioctl(4, LOOP_SET_FD, 3 [pid 5007] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5744] <... ioctl resumed>) = 0 [pid 5744] close(3) = 0 [pid 5744] mkdir("./bus", 0777 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./16/bus" [pid 5744] <... mkdir resumed>) = 0 [pid 5007] <... rmdir resumed>) = 0 [pid 5007] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5744] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5007] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./16/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./16") = 0 [pid 5007] mkdir("./17", 0777 [pid 5736] <... ioctl resumed>) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 5736] close(3 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5736] <... close resumed>) = 0 [pid 5736] mkdir("./bus", 0777 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5759 [pid 5736] <... mkdir resumed>) = 0 [ 104.819973][ T5738] F2FS-fs (loop3): invalid crc value [ 104.826734][ T5744] loop5: detected capacity change from 0 to 63271 [ 104.826823][ T5736] loop4: detected capacity change from 0 to 63271 [ 104.853143][ T5744] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5736] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5759 attached [pid 5759] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5759] chdir("./17") = 0 [pid 5759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5759] setpgid(0, 0) = 0 [pid 5759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5759] write(3, "1000", 4) = 4 [pid 5759] close(3) = 0 [pid 5759] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5759] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5759] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5760], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5760 [pid 5759] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5760 attached [pid 5760] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5760] memfd_create("syzkaller", 0) = 3 [pid 5760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 104.875366][ T5744] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 104.885235][ T5736] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 104.886287][ T5738] F2FS-fs (loop3): Found nat_bits in checkpoint [ 104.893903][ T5736] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 104.939929][ T5744] F2FS-fs (loop5): invalid crc value [ 104.945937][ T5736] F2FS-fs (loop4): invalid crc value [ 104.977345][ T5736] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./17/bus") = 0 [pid 5006] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./17/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./17") = 0 [pid 5006] mkdir("./18", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5767 ./strace-static-x86_64: Process 5767 attached [pid 5767] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5767] chdir("./18") = 0 [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5767] setpgid(0, 0) = 0 [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [ 104.991483][ T5744] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5767] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5767] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5769], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5769 [pid 5767] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5769 attached [pid 5769] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5769] memfd_create("syzkaller", 0) = 3 [pid 5769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5738] <... mount resumed>) = 0 [pid 5738] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5738] chdir("./bus") = 0 [pid 5738] ioctl(4, LOOP_CLR_FD) = 0 [pid 5738] close(4) = 0 [pid 5738] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] <... futex resumed>) = 1 [ 105.066358][ T5738] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 105.079776][ T5738] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 105.091916][ T5736] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 5738] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5738] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5738] <... futex resumed>) = 1 [pid 5737] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... mount resumed>) = 0 [ 105.109220][ T5736] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 105.119563][ T26] audit: type=1800 audit(1686875963.556:106): pid=5738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5737] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5737] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... umount2 resumed>) = 0 [pid 5737] <... futex resumed>) = 0 [pid 5736] <... openat resumed>) = 3 [pid 5737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5736] chdir("./bus" [pid 5737] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] <... chdir resumed>) = 0 [pid 5737] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5737] <... clone resumed>, parent_tid=[5772], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5772 [pid 5737] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] close(4 [pid 5737] <... futex resumed>) = 0 [pid 5737] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5736] <... close resumed>) = 0 [pid 5008] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./17/bus") = 0 [pid 5008] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./17/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5736] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] rmdir("./17" [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 5735] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] mkdir("./18", 0777 [pid 5736] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5735] <... futex resumed>) = 0 [pid 5736] <... open resumed>) = 4 [pid 5735] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... mkdir resumed>) = 0 [pid 5736] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5736] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] <... futex resumed>) = 0 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5736] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5735] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5773 ./strace-static-x86_64: Process 5772 attached [pid 5772] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5744] <... mount resumed>) = 0 [pid 5772] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5744] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5744] chdir("./bus") = 0 [pid 5744] ioctl(4, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 5773 attached [pid 5744] close(4 [pid 5773] set_robust_list(0x5555556ed5e0, 24 [pid 5744] <... close resumed>) = 0 [pid 5773] <... set_robust_list resumed>) = 0 [pid 5744] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] chdir("./18" [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5773] <... chdir resumed>) = 0 [pid 5744] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5743] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5773] setpgid(0, 0) = 0 [pid 5743] <... futex resumed>) = 0 [pid 5773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5743] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... openat resumed>) = 3 [pid 5744] <... open resumed>) = 4 [pid 5773] write(3, "1000", 4 [pid 5744] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... write resumed>) = 4 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5773] close(3 [pid 5744] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... close resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5773] symlink("/dev/binderfs", "./binderfs" [ 105.158727][ T5744] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 105.178315][ T5744] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5744] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5743] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... symlink resumed>) = 0 [pid 5737] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5773] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5773] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5773] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5774 attached [pid 5772] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5773] <... clone resumed>, parent_tid=[5774], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5774 [pid 5772] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] set_robust_list(0x7fedb69779e0, 24 [pid 5773] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... set_robust_list resumed>) = 0 [pid 5773] <... futex resumed>) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 0 [pid 5773] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5772] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5774] memfd_create("syzkaller", 0) = 3 [pid 5735] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5735] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5735] <... clone resumed>, parent_tid=[5775], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5775 [pid 5774] <... mmap resumed>) = 0x7fedae557000 [pid 5735] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5735] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5775] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5743] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5775] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] <... futex resumed>) = 1 [pid 5775] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5735] <... futex resumed>) = 0 [pid 5743] <... mmap resumed>) = 0x7fedb041b000 [pid 5743] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5743] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5776], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5776 [pid 5743] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5776 attached [pid 5776] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5776] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5776] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5776] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5736] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] exit_group(0 [pid 5736] <... futex resumed>) = 0 [pid 5775] <... futex resumed>) = ? [pid 5735] <... exit_group resumed>) = ? [pid 5775] +++ exited with 0 +++ [pid 5738] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5736] +++ exited with 0 +++ [pid 5735] +++ exited with 0 +++ [pid 5738] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5735, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=46 /* 0.46 s */} --- [pid 5738] <... futex resumed>) = 0 [pid 5760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5738] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] exit_group(0 [pid 5010] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5738] <... futex resumed>) = ? [pid 5737] <... exit_group resumed>) = ? [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5772] <... futex resumed>) = ? [pid 5738] +++ exited with 0 +++ [pid 5010] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5772] +++ exited with 0 +++ [pid 5737] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5737, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- [pid 5009] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5744] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5744] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5744] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] exit_group(0 [pid 5776] <... futex resumed>) = ? [pid 5743] <... exit_group resumed>) = ? [pid 5776] +++ exited with 0 +++ [pid 5744] <... futex resumed>) = ? [pid 5744] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5743, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5760] <... write resumed>) = 32394836 [pid 5760] munmap(0x7fedae557000, 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./17/bus") = 0 [pid 5010] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./17/binderfs" [pid 5760] <... munmap resumed>) = 0 [pid 5010] <... unlink resumed>) = 0 [pid 5760] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5010] getdents64(3, [pid 5760] <... openat resumed>) = 4 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5760] ioctl(4, LOOP_SET_FD, 3 [pid 5010] close(3 [pid 5760] <... ioctl resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./17") = 0 [pid 5010] mkdir("./18", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3 [pid 5760] close(3 [pid 5010] <... close resumed>) = 0 [pid 5760] <... close resumed>) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5760] mkdir("./bus", 0777) = 0 [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5777 [pid 5760] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5777 attached [pid 5777] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5777] chdir("./18") = 0 [pid 5777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5777] setpgid(0, 0) = 0 [pid 5777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5777] write(3, "1000", 4) = 4 [pid 5777] close(3) = 0 [pid 5777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5777] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5777] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5778], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5778 [pid 5777] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5778] memfd_create("syzkaller", 0) = 3 [pid 5778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 106.115751][ T5760] loop1: detected capacity change from 0 to 63271 [ 106.137541][ T5760] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 106.155250][ T5760] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [ 106.203090][ T5760] F2FS-fs (loop1): invalid crc value [ 106.243187][ T5760] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5009] rmdir("./17/bus" [pid 5774] <... write resumed>) = 32394836 [pid 5009] <... rmdir resumed>) = 0 [pid 5774] munmap(0x7fedae557000, 32394836 [pid 5009] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./17/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./17") = 0 [pid 5009] mkdir("./18", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3 [pid 5774] <... munmap resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5782 ./strace-static-x86_64: Process 5782 attached [pid 5782] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5782] chdir("./18" [pid 5774] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5782] <... chdir resumed>) = 0 [pid 5774] <... openat resumed>) = 4 [pid 5782] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5774] ioctl(4, LOOP_SET_FD, 3 [pid 5782] <... prctl resumed>) = 0 [pid 5782] setpgid(0, 0) = 0 [pid 5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1000", 4) = 4 [pid 5782] close(3) = 0 [pid 5782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5782] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5782] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] <... ioctl resumed>) = 0 [pid 5782] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5774] close(3) = 0 [pid 5782] <... clone resumed>, parent_tid=[5783], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5783 [pid 5782] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] mkdir("./bus", 0777./strace-static-x86_64: Process 5783 attached [pid 5782] <... futex resumed>) = 0 [pid 5783] set_robust_list(0x7fedb69779e0, 24 [pid 5782] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5774] <... mkdir resumed>) = 0 [pid 5783] <... set_robust_list resumed>) = 0 [pid 5774] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5783] memfd_create("syzkaller", 0) = 3 [pid 5769] <... write resumed>) = 32394836 [pid 5769] munmap(0x7fedae557000, 32394836 [pid 5783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, [pid 5769] <... munmap resumed>) = 0 [pid 5011] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [ 106.314159][ T5774] loop2: detected capacity change from 0 to 63271 [ 106.342809][ T5774] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5011] close(4) = 0 [pid 5011] rmdir("./17/bus") = 0 [pid 5011] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./17/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./17") = 0 [pid 5011] mkdir("./18", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5785 [pid 5769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5769] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5785 attached [pid 5785] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5785] chdir("./18") = 0 [pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5785] setpgid(0, 0) = 0 [pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 106.374397][ T5774] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 106.385538][ T5760] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 106.392577][ T5760] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 106.411289][ T5769] loop0: detected capacity change from 0 to 63271 [pid 5785] write(3, "1000", 4) = 4 [pid 5785] close(3) = 0 [pid 5785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5785] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5785] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5785] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5786], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5786 [pid 5785] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5769] <... ioctl resumed>) = 0 [pid 5769] close(3) = 0 [pid 5760] <... mount resumed>) = 0 [pid 5769] mkdir("./bus", 0777) = 0 [pid 5769] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5760] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5786 attached ) = 3 [pid 5786] set_robust_list(0x7fedb69779e0, 24 [pid 5760] chdir("./bus" [pid 5786] <... set_robust_list resumed>) = 0 [pid 5760] <... chdir resumed>) = 0 [pid 5786] memfd_create("syzkaller", 0 [pid 5760] ioctl(4, LOOP_CLR_FD [pid 5786] <... memfd_create resumed>) = 3 [pid 5760] <... ioctl resumed>) = 0 [pid 5786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5760] close(4 [pid 5786] <... mmap resumed>) = 0x7fedae557000 [pid 5760] <... close resumed>) = 0 [ 106.426999][ T5774] F2FS-fs (loop2): invalid crc value [ 106.439702][ T5769] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 106.464582][ T5769] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5760] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5759] <... futex resumed>) = 0 [pid 5760] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5759] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5760] <... open resumed>) = 4 [pid 5760] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5759] <... futex resumed>) = 0 [pid 5760] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5759] <... futex resumed>) = 0 [pid 5760] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 106.466153][ T5774] F2FS-fs (loop2): Found nat_bits in checkpoint [ 106.482452][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 106.482464][ T26] audit: type=1800 audit(1686875964.916:109): pid=5760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 106.516113][ T5769] F2FS-fs (loop0): invalid crc value [pid 5759] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5759] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5759] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5759] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5793], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5793 [pid 5759] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5793 attached [ 106.565745][ T5769] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5793] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5759] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5793] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5793] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.621686][ T5760] bio_check_eod: 14 callbacks suppressed [ 106.621702][ T5760] syz-executor278: attempt to access beyond end of device [ 106.621702][ T5760] loop1: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 106.654919][ T5774] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 5793] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... mount resumed>) = 0 [pid 5774] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5774] chdir("./bus") = 0 [pid 5774] ioctl(4, LOOP_CLR_FD) = 0 [pid 5774] close(4) = 0 [pid 5774] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5774] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5773] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.665509][ T5774] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 106.673226][ T5769] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 106.688209][ T5769] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5773] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... open resumed>) = 4 [pid 5774] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5773] <... futex resumed>) = 0 [pid 5774] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5773] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... mount resumed>) = 0 [pid 5769] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5769] chdir("./bus") = 0 [pid 5769] ioctl(4, LOOP_CLR_FD) = 0 [pid 5769] close(4) = 0 [pid 5769] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = 1 [pid 5769] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5767] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5769] <... open resumed>) = 4 [pid 5769] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5769] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 106.713678][ T26] audit: type=1800 audit(1686875965.146:110): pid=5774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5767] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5769] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5767] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5773] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5773] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [ 106.776985][ T5760] syz-executor278: attempt to access beyond end of device [ 106.776985][ T5760] loop1: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5773] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5796 attached [pid 5778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5796] set_robust_list(0x7fedb043b9e0, 24 [pid 5773] <... clone resumed>, parent_tid=[5796], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5796 [pid 5796] <... set_robust_list resumed>) = 0 [pid 5773] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5773] <... futex resumed>) = 0 [pid 5796] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5773] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5796] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 106.816221][ T26] audit: type=1800 audit(1686875965.206:111): pid=5769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5767] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5767] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5797], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5797 [pid 5767] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5797 attached [pid 5797] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5797] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5797] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5767] <... futex resumed>) = 0 [ 106.873346][ T5774] syz-executor278: attempt to access beyond end of device [ 106.873346][ T5774] loop2: rw=2049, sector=77824, nr_sectors = 3832 limit=63271 [pid 5797] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5760] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5760] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5759] exit_group(0 [pid 5793] <... futex resumed>) = ? [pid 5759] <... exit_group resumed>) = ? [pid 5793] +++ exited with 0 +++ [pid 5760] <... futex resumed>) = ? [pid 5760] +++ exited with 0 +++ [pid 5759] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5759, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- [pid 5007] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 106.941586][ T5774] syz-executor278: attempt to access beyond end of device [ 106.941586][ T5774] loop2: rw=2049, sector=81656, nr_sectors = 264 limit=63271 [ 106.951230][ T5769] syz-executor278: attempt to access beyond end of device [ 106.951230][ T5769] loop0: rw=2049, sector=77824, nr_sectors = 2784 limit=63271 [pid 5786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5774] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5774] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] exit_group(0 [pid 5774] <... futex resumed>) = ? [pid 5796] <... futex resumed>) = ? [pid 5773] <... exit_group resumed>) = ? [pid 5796] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ [pid 5773] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5773, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5008] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 107.037278][ T5769] syz-executor278: attempt to access beyond end of device [ 107.037278][ T5769] loop0: rw=2049, sector=80608, nr_sectors = 1312 limit=63271 [pid 5008] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5769] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5769] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] exit_group(0 [pid 5797] <... futex resumed>) = ? [pid 5769] <... futex resumed>) = ? [pid 5767] <... exit_group resumed>) = ? [pid 5797] +++ exited with 0 +++ [pid 5769] +++ exited with 0 +++ [pid 5767] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5767, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=44 /* 0.44 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5778] <... write resumed>) = 32394836 [pid 5778] munmap(0x7fedae557000, 32394836) = 0 [pid 5778] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5778] close(3) = 0 [pid 5778] mkdir("./bus", 0777) = 0 [ 107.451146][ T5778] loop4: detected capacity change from 0 to 63271 [pid 5778] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5783] <... write resumed>) = 32394836 [ 107.498032][ T5778] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 107.536448][ T5778] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5783] munmap(0x7fedae557000, 32394836) = 0 [pid 5783] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5783] ioctl(4, LOOP_SET_FD, 3 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./17/bus") = 0 [pid 5007] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./17/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./17") = 0 [pid 5007] mkdir("./18", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5800 [pid 5783] <... ioctl resumed>) = 0 [ 107.583330][ T5778] F2FS-fs (loop4): invalid crc value [ 107.616591][ T5783] loop3: detected capacity change from 0 to 63271 [pid 5783] close(3./strace-static-x86_64: Process 5800 attached ) = 0 [pid 5800] set_robust_list(0x5555556ed5e0, 24 [pid 5783] mkdir("./bus", 0777 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5783] <... mkdir resumed>) = 0 [pid 5800] chdir("./18" [pid 5783] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5800] <... chdir resumed>) = 0 [pid 5786] <... write resumed>) = 32394836 [pid 5786] munmap(0x7fedae557000, 32394836 [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5800] setpgid(0, 0) = 0 [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5800] write(3, "1000", 4) = 4 [pid 5800] close(3) = 0 [pid 5800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5800] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5800] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5800] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5802], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5802 [pid 5800] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5786] <... munmap resumed>) = 0 [pid 5786] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 107.654539][ T5778] F2FS-fs (loop4): Found nat_bits in checkpoint [ 107.666146][ T5783] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 107.674758][ T5783] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5786] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5802 attached ) = 0 [pid 5786] close(3) = 0 [pid 5786] mkdir("./bus", 0777 [pid 5802] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5802] memfd_create("syzkaller", 0) = 3 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5786] <... mkdir resumed>) = 0 [ 107.713726][ T5786] loop5: detected capacity change from 0 to 63271 [ 107.716638][ T5783] F2FS-fs (loop3): invalid crc value [ 107.732620][ T5786] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 107.744373][ T5786] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5786] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./18/bus" [pid 5778] <... mount resumed>) = 0 [pid 5778] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5778] chdir("./bus") = 0 [pid 5778] ioctl(4, LOOP_CLR_FD) = 0 [pid 5778] close(4) = 0 [pid 5778] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.765629][ T5786] F2FS-fs (loop5): invalid crc value [ 107.776093][ T5778] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 107.786847][ T5783] F2FS-fs (loop3): Found nat_bits in checkpoint [ 107.795738][ T5778] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5778] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5008] <... rmdir resumed>) = 0 [pid 5778] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5778] <... futex resumed>) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5777] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5777] <... futex resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5777] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./18/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./18") = 0 [pid 5008] mkdir("./19", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5808 [pid 5006] <... umount2 resumed>) = 0 [ 107.819099][ T26] audit: type=1800 audit(1686875966.256:112): pid=5778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5006] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5808 attached [pid 5808] set_robust_list(0x5555556ed5e0, 24 [pid 5006] lstat("./18/bus", [pid 5808] <... set_robust_list resumed>) = 0 [pid 5808] chdir("./19") = 0 [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4) = 4 [pid 5808] close(3) = 0 [pid 5808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5808] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5808] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5808] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5812], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5812 [pid 5808] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5808] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5006] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5812 attached [pid 5812] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5812] memfd_create("syzkaller", 0 [pid 5006] <... openat resumed>) = 4 [pid 5812] <... memfd_create resumed>) = 3 [pid 5812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, [pid 5812] <... mmap resumed>) = 0x7fedae557000 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./18/bus" [pid 5777] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5777] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5777] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5777] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5813], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5813 [pid 5777] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5777] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... rmdir resumed>) = 0 [pid 5006] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./18/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3./strace-static-x86_64: Process 5813 attached ) = 0 [pid 5006] rmdir("./18" [pid 5813] set_robust_list(0x7fedb043b9e0, 24 [pid 5006] <... rmdir resumed>) = 0 [pid 5006] mkdir("./19", 0777 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5006] <... mkdir resumed>) = 0 [pid 5813] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5783] <... mount resumed>) = 0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5814 [ 107.873019][ T5786] F2FS-fs (loop5): Found nat_bits in checkpoint [ 107.881518][ T5783] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 107.896380][ T5783] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5813] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5783] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5814 attached [pid 5813] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... openat resumed>) = 3 [pid 5813] <... futex resumed>) = 1 [pid 5777] <... futex resumed>) = 0 [pid 5783] chdir("./bus" [pid 5814] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5814] chdir("./19" [pid 5813] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] <... chdir resumed>) = 0 [pid 5814] <... chdir resumed>) = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0 [pid 5783] ioctl(4, LOOP_CLR_FD [pid 5814] <... setpgid resumed>) = 0 [pid 5783] <... ioctl resumed>) = 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5783] close(4 [pid 5814] <... openat resumed>) = 3 [pid 5783] <... close resumed>) = 0 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5783] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5783] <... futex resumed>) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5814] <... mmap resumed>) = 0x7fedb6957000 [pid 5814] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5815], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5815 [pid 5814] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5783] <... open resumed>) = 4 ./strace-static-x86_64: Process 5815 attached [pid 5815] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5815] memfd_create("syzkaller", 0) = 3 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5783] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5782] <... futex resumed>) = 0 [ 107.971441][ T26] audit: type=1800 audit(1686875966.406:113): pid=5783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 107.976321][ T5778] syz-executor278: attempt to access beyond end of device [ 107.976321][ T5778] loop4: rw=2049, sector=77824, nr_sectors = 2504 limit=63271 [pid 5782] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5782] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5782] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5782] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5817], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5817 [pid 5782] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5817 attached [pid 5817] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5817] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5817] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5817] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] <... mount resumed>) = 0 [pid 5786] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5786] chdir("./bus") = 0 [pid 5786] ioctl(4, LOOP_CLR_FD) = 0 [pid 5786] close(4) = 0 [pid 5786] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] <... futex resumed>) = 0 [pid 5786] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5785] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5785] <... futex resumed>) = 0 [ 108.052316][ T5786] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 108.056129][ T5783] syz-executor278: attempt to access beyond end of device [ 108.056129][ T5783] loop3: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [ 108.071630][ T5786] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 108.087695][ T5778] syz-executor278: attempt to access beyond end of device [ 108.087695][ T5778] loop4: rw=2049, sector=80328, nr_sectors = 1592 limit=63271 [pid 5786] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5785] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5786] <... open resumed>) = 4 [pid 5778] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5786] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5778] <... futex resumed>) = 0 [pid 5785] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = 0 [pid 5785] <... futex resumed>) = 1 [pid 5783] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5778] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5785] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] exit_group(0) = ? [pid 5817] <... futex resumed>) = ? [pid 5783] <... futex resumed>) = ? [pid 5777] exit_group(0 [pid 5817] +++ exited with 0 +++ [pid 5813] <... futex resumed>) = ? [pid 5783] +++ exited with 0 +++ [pid 5782] +++ exited with 0 +++ [pid 5778] <... futex resumed>) = ? [pid 5777] <... exit_group resumed>) = ? [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5782, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=38 /* 0.38 s */} --- [pid 5813] +++ exited with 0 +++ [pid 5778] +++ exited with 0 +++ [pid 5009] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5777] +++ exited with 0 +++ [ 108.131840][ T5783] syz-executor278: attempt to access beyond end of device [ 108.131840][ T5783] loop3: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [ 108.148961][ T26] audit: type=1800 audit(1686875966.586:114): pid=5786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5777, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5785] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5785] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5785] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5785] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5818], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5818 [pid 5785] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5818 attached [pid 5818] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5818] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5818] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] <... futex resumed>) = 0 [pid 5818] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5786] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5786] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5785] exit_group(0 [pid 5818] <... futex resumed>) = ? [pid 5786] <... futex resumed>) = ? [pid 5785] <... exit_group resumed>) = ? [pid 5818] +++ exited with 0 +++ [pid 5786] +++ exited with 0 +++ [pid 5785] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5785, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5011] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5802] <... write resumed>) = 32394836 [pid 5802] munmap(0x7fedae557000, 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, [pid 5802] <... munmap resumed>) = 0 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5802] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5009] getdents64(4, [pid 5802] <... openat resumed>) = 4 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4 [pid 5802] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... close resumed>) = 0 [pid 5009] rmdir("./18/bus") = 0 [pid 5009] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./18/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5802] <... ioctl resumed>) = 0 [pid 5009] close(3 [pid 5802] close(3 [pid 5009] <... close resumed>) = 0 [pid 5802] <... close resumed>) = 0 [pid 5009] rmdir("./18" [pid 5802] mkdir("./bus", 0777 [pid 5009] <... rmdir resumed>) = 0 [pid 5009] mkdir("./19", 0777 [pid 5802] <... mkdir resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5802] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x5555556ed5e0, 24) = 0 [ 108.943148][ T5802] loop1: detected capacity change from 0 to 63271 [ 108.970673][ T5802] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5819] chdir("./19") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5819] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] <... umount2 resumed>) = 0 [pid 5819] <... clone resumed>, parent_tid=[5820], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5820 [pid 5010] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5010] lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./18/bus"./strace-static-x86_64: Process 5820 attached ) = 0 [pid 5010] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] set_robust_list(0x7fedb69779e0, 24 [pid 5011] <... umount2 resumed>) = 0 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./18/binderfs", [pid 5820] <... set_robust_list resumed>) = 0 [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./18/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3 [pid 5820] memfd_create("syzkaller", 0 [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./18" [pid 5820] <... memfd_create resumed>) = 3 [pid 5010] <... rmdir resumed>) = 0 [pid 5010] mkdir("./19", 0777 [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] <... mkdir resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... mmap resumed>) = 0x7fedae557000 [pid 5010] <... openat resumed>) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5823 ./strace-static-x86_64: Process 5823 attached [pid 5823] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5823] chdir("./19") = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3) = 0 [pid 5823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5823] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5824], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5824 [pid 5823] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5011] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 108.995787][ T5802] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 109.021965][ T5802] F2FS-fs (loop1): invalid crc value [pid 5011] fstat(4, ./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./18/bus") = 0 [pid 5011] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./18/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./18") = 0 [pid 5011] mkdir("./19", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5826 [ 109.072319][ T5802] F2FS-fs (loop1): Found nat_bits in checkpoint ./strace-static-x86_64: Process 5826 attached [pid 5826] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5826] chdir("./19") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5826] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5826] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5827], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5827 [pid 5826] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5827 attached [pid 5827] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5812] <... write resumed>) = 32394836 [pid 5812] munmap(0x7fedae557000, 32394836 [pid 5802] <... mount resumed>) = 0 [pid 5802] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5802] chdir("./bus") = 0 [pid 5802] ioctl(4, LOOP_CLR_FD) = 0 [ 109.213559][ T5802] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 109.233913][ T5802] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5802] close(4 [pid 5812] <... munmap resumed>) = 0 [pid 5812] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5812] ioctl(4, LOOP_SET_FD, 3 [pid 5802] <... close resumed>) = 0 [pid 5802] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5802] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5800] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... ioctl resumed>) = 0 [pid 5812] close(3) = 0 [pid 5812] mkdir("./bus", 0777) = 0 [pid 5812] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5802] <... open resumed>) = 4 [ 109.279107][ T5812] loop2: detected capacity change from 0 to 63271 [ 109.300379][ T26] audit: type=1800 audit(1686875967.736:115): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 109.314790][ T5812] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5802] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [pid 5802] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5800] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5800] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5800] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5800] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5815] <... write resumed>) = 32394836 ./strace-static-x86_64: Process 5829 attached [pid 5800] <... clone resumed>, parent_tid=[5829], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5829 [pid 5829] set_robust_list(0x7fedb043b9e0, 24 [pid 5800] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5800] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5829] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5800] <... futex resumed>) = 0 [ 109.380154][ T5812] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5829] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] munmap(0x7fedae557000, 32394836) = 0 [pid 5815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 109.420760][ T5812] F2FS-fs (loop2): invalid crc value [pid 5815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5815] close(3) = 0 [pid 5815] mkdir("./bus", 0777) = 0 [ 109.450542][ T5815] loop0: detected capacity change from 0 to 63271 [ 109.462912][ T5812] F2FS-fs (loop2): Found nat_bits in checkpoint [ 109.490500][ T5815] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5815] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5802] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5802] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5802] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] exit_group(0 [pid 5829] <... futex resumed>) = ? [pid 5802] <... futex resumed>) = ? [pid 5800] <... exit_group resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5802] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5800, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [pid 5007] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 109.505315][ T5815] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 109.531447][ T5815] F2FS-fs (loop0): invalid crc value [ 109.557057][ T5815] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5007] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5815] <... mount resumed>) = 0 [pid 5815] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5815] chdir("./bus") = 0 [pid 5815] ioctl(4, LOOP_CLR_FD) = 0 [pid 5815] close(4) = 0 [pid 5815] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5814] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.619986][ T5812] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 109.627307][ T5815] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 109.634340][ T5815] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 109.651050][ T5812] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5814] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... mount resumed>) = 0 [pid 5812] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5812] chdir("./bus") = 0 [pid 5812] ioctl(4, LOOP_CLR_FD) = 0 [pid 5812] close(4) = 0 [pid 5812] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = 0 [pid 5808] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] <... futex resumed>) = 1 [pid 5808] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5815] <... open resumed>) = 4 [pid 5815] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... open resumed>) = 4 [pid 5812] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5808] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5808] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5814] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 0 [pid 5814] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 109.690443][ T26] audit: type=1800 audit(1686875968.126:116): pid=5815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5814] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5808] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5814] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5814] <... mmap resumed>) = 0x7fedb041b000 [pid 5808] <... mmap resumed>) = 0x7fedb041b000 [pid 5814] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5808] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5814] <... mprotect resumed>) = 0 [pid 5808] <... mprotect resumed>) = 0 [pid 5814] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5808] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5814] <... clone resumed>, parent_tid=[5838], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5838 [pid 5808] <... clone resumed>, parent_tid=[5839], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5839 [pid 5814] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 0 [pid 5814] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5838] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus"./strace-static-x86_64: Process 5839 attached [pid 5839] set_robust_list(0x7fedb043b9e0, 24 [pid 5838] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5838] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5838] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5808] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5839] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5839] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.805561][ T26] audit: type=1800 audit(1686875968.156:117): pid=5812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5839] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5815] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] exit_group(0 [pid 5838] <... futex resumed>) = ? [pid 5814] <... exit_group resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5815] +++ exited with 0 +++ [pid 5814] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5814, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- [pid 5006] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5812] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5812] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] exit_group(0 [pid 5812] <... futex resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5808] <... exit_group resumed>) = ? [pid 5812] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ [pid 5808] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5808, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=34 /* 0.34 s */} --- [pid 5008] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] <... write resumed>) = 32394836 [pid 5827] munmap(0x7fedae557000, 32394836) = 0 [pid 5824] <... write resumed>) = 32394836 [pid 5824] munmap(0x7fedae557000, 32394836 [pid 5827] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3 [pid 5824] <... munmap resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5827] <... ioctl resumed>) = 0 [pid 5824] <... openat resumed>) = 4 [pid 5827] close(3 [pid 5824] ioctl(4, LOOP_SET_FD, 3 [pid 5827] <... close resumed>) = 0 [pid 5824] <... ioctl resumed>) = 0 [pid 5827] mkdir("./bus", 0777 [pid 5824] close(3 [pid 5827] <... mkdir resumed>) = 0 [pid 5824] <... close resumed>) = 0 [pid 5827] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5824] mkdir("./bus", 0777) = 0 [ 110.272430][ T5827] loop5: detected capacity change from 0 to 63271 [ 110.297204][ T5824] loop4: detected capacity change from 0 to 63271 [ 110.308692][ T5827] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5824] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./18/bus") = 0 [pid 5007] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./18/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./18") = 0 [pid 5007] mkdir("./19", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5840 [ 110.318903][ T5824] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 110.334162][ T5827] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 110.342849][ T5824] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock ./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5840] chdir("./19") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5840] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5841], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5841 [pid 5840] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5841 attached [pid 5840] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5841] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 110.383679][ T5827] F2FS-fs (loop5): invalid crc value [ 110.390600][ T5824] F2FS-fs (loop4): invalid crc value [ 110.434869][ T5827] F2FS-fs (loop5): Found nat_bits in checkpoint [ 110.448456][ T5824] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5820] <... write resumed>) = 32394836 [pid 5820] munmap(0x7fedae557000, 32394836) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3 [pid 5827] <... mount resumed>) = 0 [pid 5827] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./bus") = 0 [pid 5827] ioctl(4, LOOP_CLR_FD) = 0 [ 110.570784][ T5827] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 110.578095][ T5820] loop3: detected capacity change from 0 to 63271 [ 110.588613][ T5824] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 110.595498][ T5827] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 110.599800][ T5824] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5827] close(4) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5820] close(3) = 0 [pid 5820] mkdir("./bus", 0777) = 0 [pid 5820] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5827] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... futex resumed>) = 0 [pid 5826] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5827] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5826] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... open resumed>) = 4 [pid 5824] <... mount resumed>) = 0 [pid 5824] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5824] chdir("./bus") = 0 [pid 5824] ioctl(4, LOOP_CLR_FD) = 0 [pid 5824] close(4) = 0 [pid 5824] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... futex resumed>) = 1 [pid 5824] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5824] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... futex resumed>) = 1 [ 110.618867][ T5820] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 110.632302][ T26] audit: type=1800 audit(1686875969.066:118): pid=5827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 110.643061][ T5820] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5824] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5826] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5826] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5850], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5850 [pid 5826] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5850] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5823] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5823] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5823] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] <... umount2 resumed>) = 0 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5823] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5823] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5851], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5851 [pid 5823] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./19/bus") = 0 [pid 5006] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./19/binderfs", ./strace-static-x86_64: Process 5851 attached {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./19/binderfs" [pid 5851] set_robust_list(0x7fedb043b9e0, 24 [pid 5006] <... unlink resumed>) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5006] rmdir("./19" [pid 5851] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] <... rmdir resumed>) = 0 [pid 5006] mkdir("./20", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5852 ./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5852] chdir("./20") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5854], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5854 [pid 5852] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5851] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5851] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5851] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5854] memfd_create("syzkaller", 0 [pid 5008] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5854] <... memfd_create resumed>) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 110.742825][ T5820] F2FS-fs (loop3): invalid crc value [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5850] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] lstat("./19/bus", [pid 5850] <... futex resumed>) = 0 [pid 5850] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./19/bus") = 0 [pid 5008] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./19/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./19") = 0 [pid 5008] mkdir("./20", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 110.791347][ T5820] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5857 ./strace-static-x86_64: Process 5857 attached [pid 5857] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5857] chdir("./20") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5857] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5858], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5858 [pid 5857] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5827] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5826] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5858 attached [pid 5850] +++ exited with 0 +++ [pid 5858] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5827] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=41 /* 0.41 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5824] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] exit_group(0) = ? [pid 5851] <... futex resumed>) = ? [pid 5824] <... futex resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5011] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5824] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ [pid 5011] <... openat resumed>) = 3 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...> [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] <... restart_syscall resumed>) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] <... mount resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5820] chdir("./bus") = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [ 110.956185][ T5820] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 110.963253][ T5820] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5820] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5819] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... open resumed>) = 4 [pid 5820] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5819] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5819] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5819] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5860], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5860 [pid 5819] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5860 attached [pid 5860] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5860] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5819] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5860] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5860] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5820] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] exit_group(0 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... exit_group resumed>) = ? [pid 5860] <... futex resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5820] +++ exited with 0 +++ [pid 5819] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=37 /* 0.37 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5841] <... write resumed>) = 32394836 [pid 5841] munmap(0x7fedae557000, 32394836) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./19/bus") = 0 [pid 5010] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./19/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./19") = 0 [pid 5010] mkdir("./20", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5861 ./strace-static-x86_64: Process 5861 attached [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3) = 0 [pid 5841] mkdir("./bus", 0777 [pid 5861] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5841] <... mkdir resumed>) = 0 [pid 5841] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5861] chdir("./20") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 111.622800][ T5841] loop1: detected capacity change from 0 to 63271 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5861] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5862], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5862 [pid 5861] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 111.675630][ T5841] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 111.684084][ T5841] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5011] lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./19/bus") = 0 [pid 5011] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./19/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./19") = 0 [pid 5011] mkdir("./20", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5863 [ 111.749952][ T5841] F2FS-fs (loop1): invalid crc value ./strace-static-x86_64: Process 5863 attached [pid 5863] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5863] chdir("./20") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5863] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5867], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5867 [pid 5863] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5867 attached [pid 5867] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 111.819943][ T5841] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./19/bus") = 0 [pid 5009] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./19/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./19") = 0 [pid 5009] mkdir("./20", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5869 ./strace-static-x86_64: Process 5869 attached [pid 5869] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5869] chdir("./20") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5869] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5870 attached , parent_tid=[5870], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5870 [pid 5841] <... mount resumed>) = 0 [pid 5870] set_robust_list(0x7fedb69779e0, 24 [pid 5869] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... set_robust_list resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5870] memfd_create("syzkaller", 0 [pid 5841] chdir("./bus" [pid 5870] <... memfd_create resumed>) = 3 [pid 5841] <... chdir resumed>) = 0 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5841] ioctl(4, LOOP_CLR_FD [pid 5870] <... mmap resumed>) = 0x7fedae557000 [pid 5841] <... ioctl resumed>) = 0 [ 111.939309][ T5841] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 111.951280][ T5841] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5841] close(4) = 0 [pid 5841] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] <... futex resumed>) = 0 [pid 5841] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5840] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... open resumed>) = 4 [pid 5841] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5840] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.009647][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 112.009660][ T26] audit: type=1800 audit(1686875970.446:121): pid=5841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5840] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5840] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5840] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5871], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5871 [pid 5840] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5871] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5854] <... write resumed>) = 32394836 [pid 5854] munmap(0x7fedae557000, 32394836 [pid 5871] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5871] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5871] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... munmap resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] mkdir("./bus", 0777) = 0 [ 112.179104][ T5854] loop0: detected capacity change from 0 to 63271 [ 112.190572][ T5841] bio_check_eod: 14 callbacks suppressed [ 112.190586][ T5841] syz-executor278: attempt to access beyond end of device [ 112.190586][ T5841] loop1: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 112.200566][ T5854] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 112.285347][ T5854] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 112.292641][ T5841] syz-executor278: attempt to access beyond end of device [ 112.292641][ T5841] loop1: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5854] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5858] <... write resumed>) = 32394836 [pid 5858] munmap(0x7fedae557000, 32394836 [pid 5840] exit_group(0 [pid 5871] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [pid 5871] +++ exited with 0 +++ [ 112.327961][ T5854] F2FS-fs (loop0): invalid crc value [pid 5858] <... munmap resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... pwritev2 resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=33 /* 0.33 s */} --- [pid 5007] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5858] <... ioctl resumed>) = 0 [pid 5858] close(3) = 0 [pid 5858] mkdir("./bus", 0777) = 0 [pid 5858] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 112.376790][ T5854] F2FS-fs (loop0): Found nat_bits in checkpoint [ 112.396491][ T5858] loop2: detected capacity change from 0 to 63271 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 112.439248][ T5858] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 112.475080][ T5858] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 112.490894][ T5854] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 112.500086][ T5858] F2FS-fs (loop2): invalid crc value [ 112.517398][ T5854] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5854] <... mount resumed>) = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./bus") = 0 [pid 5854] ioctl(4, LOOP_CLR_FD) = 0 [pid 5854] close(4) = 0 [pid 5854] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5854] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 112.549842][ T5858] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5854] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5854] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5852] <... futex resumed>) = 0 [ 112.598628][ T26] audit: type=1800 audit(1686875971.036:122): pid=5854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5852] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5852] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5880], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5880 [pid 5852] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5880] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5858] <... mount resumed>) = 0 [pid 5858] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./bus") = 0 [pid 5858] ioctl(4, LOOP_CLR_FD) = 0 [ 112.676384][ T5858] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 112.683799][ T5858] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5858] close(4 [pid 5880] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5862] <... write resumed>) = 32394836 [pid 5858] <... close resumed>) = 0 [pid 5880] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] munmap(0x7fedae557000, 32394836 [pid 5858] <... open resumed>) = 4 [pid 5862] <... munmap resumed>) = 0 [pid 5858] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5858] <... futex resumed>) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... openat resumed>) = 4 [ 112.749147][ T26] audit: type=1800 audit(1686875971.186:123): pid=5858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 112.766421][ T5854] syz-executor278: attempt to access beyond end of device [ 112.766421][ T5854] loop0: rw=2049, sector=77824, nr_sectors = 2504 limit=63271 [pid 5858] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] mkdir("./bus", 0777) = 0 [pid 5862] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5857] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5857] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5881], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5881 [pid 5857] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.801593][ T5862] loop4: detected capacity change from 0 to 63271 [ 112.826183][ T5862] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5857] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5881 attached [pid 5881] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5881] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5857] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 112.857951][ T5862] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 112.886401][ T5854] syz-executor278: attempt to access beyond end of device [ 112.886401][ T5854] loop0: rw=2049, sector=80328, nr_sectors = 1592 limit=63271 [pid 5881] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5881] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.916001][ T5862] F2FS-fs (loop4): invalid crc value [pid 5881] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5854] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0 [pid 5880] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5854] <... futex resumed>) = ? [pid 5854] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=43 /* 0.43 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 112.957933][ T5862] F2FS-fs (loop4): Found nat_bits in checkpoint [ 112.973928][ T5858] syz-executor278: attempt to access beyond end of device [ 112.973928][ T5858] loop2: rw=2049, sector=77824, nr_sectors = 3952 limit=63271 [pid 5006] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] exit_group(0 [pid 5881] <... futex resumed>) = ? [pid 5857] <... exit_group resumed>) = ? [pid 5881] +++ exited with 0 +++ [pid 5862] <... mount resumed>) = 0 [pid 5862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./bus" [pid 5858] <... pwritev2 resumed>) = ? [pid 5862] <... chdir resumed>) = 0 [pid 5862] ioctl(4, LOOP_CLR_FD) = 0 [ 113.038610][ T5858] syz-executor278: attempt to access beyond end of device [ 113.038610][ T5858] loop2: rw=2049, sector=81776, nr_sectors = 144 limit=63271 [ 113.067259][ T5862] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 113.080636][ T5862] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5862] close(4 [pid 5870] <... write resumed>) = 32394836 [pid 5862] <... close resumed>) = 0 [pid 5858] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ [pid 5870] munmap(0x7fedae557000, 32394836 [pid 5867] <... write resumed>) = 32394836 [pid 5862] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [pid 5007] <... umount2 resumed>) = 0 [pid 5870] <... munmap resumed>) = 0 [pid 5867] munmap(0x7fedae557000, 32394836 [pid 5862] <... futex resumed>) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... futex resumed>) = 0 [pid 5008] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5008] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5870] <... openat resumed>) = 4 [pid 5867] <... munmap resumed>) = 0 [pid 5862] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5007] lstat("./19/bus", [pid 5867] <... openat resumed>) = 4 [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5862] <... open resumed>) = 4 [pid 5007] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] <... futex resumed>) = 1 [pid 5007] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... openat resumed>) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./19/bus") = 0 [pid 5007] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./19/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./19") = 0 [pid 5007] mkdir("./20", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3 [pid 5861] <... futex resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5861] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5886 [pid 5862] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5862] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5861] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5886 attached [pid 5870] close(3 [pid 5886] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5870] <... close resumed>) = 0 [pid 5867] <... ioctl resumed>) = 0 [pid 5867] close(3) = 0 [pid 5867] mkdir("./bus", 0777 [pid 5886] chdir("./20") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0 [pid 5867] <... mkdir resumed>) = 0 [pid 5886] <... setpgid resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [ 113.180952][ T26] audit: type=1800 audit(1686875971.616:124): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 113.202581][ T5867] loop5: detected capacity change from 0 to 63271 [ 113.202716][ T5870] loop3: detected capacity change from 0 to 63271 [pid 5870] mkdir("./bus", 0777 [pid 5886] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5886] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5887], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5887 [pid 5886] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5886] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5887] memfd_create("syzkaller", 0 [pid 5861] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5861] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5861] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5887] <... memfd_create resumed>) = 3 [pid 5861] <... mprotect resumed>) = 0 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5887] <... mmap resumed>) = 0x7fedae557000 [pid 5861] <... clone resumed>, parent_tid=[5888], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5888 [pid 5861] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5888] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5888] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... futex resumed>) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 113.244616][ T5867] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 113.256770][ T5867] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 113.266256][ T5870] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 113.275253][ T5870] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 113.325080][ T5870] F2FS-fs (loop3): invalid crc value [ 113.329788][ T5862] syz-executor278: attempt to access beyond end of device [ 113.329788][ T5862] loop4: rw=2049, sector=77824, nr_sectors = 2552 limit=63271 [ 113.330490][ T5867] F2FS-fs (loop5): invalid crc value [ 113.367957][ T5870] F2FS-fs (loop3): Found nat_bits in checkpoint [ 113.419099][ T5867] F2FS-fs (loop5): Found nat_bits in checkpoint [ 113.442904][ T5862] syz-executor278: attempt to access beyond end of device [ 113.442904][ T5862] loop4: rw=2049, sector=80376, nr_sectors = 1544 limit=63271 [pid 5862] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5862] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] exit_group(0 [pid 5888] <... futex resumed>) = ? [pid 5862] <... futex resumed>) = ? [pid 5861] <... exit_group resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=39 /* 0.39 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5870] <... mount resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./bus") = 0 [pid 5870] ioctl(4, LOOP_CLR_FD) = 0 [pid 5870] close(4) = 0 [pid 5870] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 1 [ 113.491073][ T5870] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 113.519035][ T5870] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5870] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5870] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 1 [ 113.558449][ T26] audit: type=1800 audit(1686875971.996:125): pid=5870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 113.582162][ T5867] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 5870] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5867] <... mount resumed>) = 0 [pid 5867] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./bus") = 0 [pid 5869] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5869] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5897], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5897 [pid 5869] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5867] close(4) = 0 [pid 5867] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5897 attached [pid 5897] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5897] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5863] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5867] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.616955][ T5867] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5863] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5869] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5863] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5898], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5898 [pid 5863] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.673102][ T26] audit: type=1800 audit(1686875972.106:126): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5863] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5898] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5897] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5897] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5898] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5898] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.764360][ T5870] syz-executor278: attempt to access beyond end of device [ 113.764360][ T5870] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5898] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./20/bus") = 0 [pid 5006] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./20/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./20") = 0 [pid 5006] mkdir("./21", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5899 ./strace-static-x86_64: Process 5899 attached [pid 5899] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5899] chdir("./21") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5899] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5899] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5900], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5900 [pid 5899] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... umount2 resumed>) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5900 attached [ 113.854661][ T5867] syz-executor278: attempt to access beyond end of device [ 113.854661][ T5867] loop5: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5008] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5900] set_robust_list(0x7fedb69779e0, 24 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... set_robust_list resumed>) = 0 [pid 5008] lstat("./20/bus", [pid 5900] memfd_create("syzkaller", 0 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5900] <... memfd_create resumed>) = 3 [pid 5008] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] <... mmap resumed>) = 0x7fedae557000 [pid 5008] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5869] exit_group(0 [pid 5008] getdents64(4, [pid 5897] <... futex resumed>) = ? [pid 5869] <... exit_group resumed>) = ? [pid 5008] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5897] +++ exited with 0 +++ [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./20/bus") = 0 [pid 5008] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./20/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./20") = 0 [pid 5008] mkdir("./21", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5901 [pid 5870] <... pwritev2 resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=43 /* 0.43 s */} --- ./strace-static-x86_64: Process 5901 attached [pid 5009] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5901] set_robust_list(0x5555556ed5e0, 24 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5901] <... set_robust_list resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5901] chdir("./21" [pid 5009] fstat(3, [pid 5901] <... chdir resumed>) = 0 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5901] <... prctl resumed>) = 0 [pid 5901] setpgid(0, 0 [pid 5009] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5901] <... setpgid resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5901] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5902], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5902 [pid 5901] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5863] exit_group(0 [pid 5898] <... futex resumed>) = ? [pid 5863] <... exit_group resumed>) = ? [pid 5898] +++ exited with 0 +++ [pid 5867] <... pwritev2 resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./20/bus") = 0 [pid 5010] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./20/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./20") = 0 [pid 5010] mkdir("./21", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5903 ./strace-static-x86_64: Process 5903 attached [pid 5903] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5903] chdir("./21") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5903] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5903] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5904], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5904 [pid 5903] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5887] <... write resumed>) = 32394836 [pid 5887] munmap(0x7fedae557000, 32394836 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5887] <... munmap resumed>) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] mkdir("./bus", 0777) = 0 [ 114.410865][ T5887] loop1: detected capacity change from 0 to 63271 [ 114.437433][ T5887] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 114.469081][ T5887] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 114.508047][ T5887] F2FS-fs (loop1): invalid crc value [ 114.549296][ T5887] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5887] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5887] <... mount resumed>) = 0 [pid 5887] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./bus") = 0 [pid 5887] ioctl(4, LOOP_CLR_FD) = 0 [pid 5887] close(4) = 0 [pid 5887] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 114.653810][ T5887] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 114.673594][ T5887] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5886] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... open resumed>) = 4 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5887] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5887] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5886] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./20/bus") = 0 [pid 5009] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./20/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./20") = 0 [ 114.740288][ T26] audit: type=1800 audit(1686875973.176:127): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5009] mkdir("./21", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5909 [pid 5886] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5886] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5886] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5910], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5910 [pid 5886] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5909] chdir("./21") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x7fedb043b9e0, 24 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5909] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5910] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5909] <... clone resumed>, parent_tid=[5911], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5911 [pid 5909] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5910] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5910] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5910] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./20/bus") = 0 [pid 5011] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./20/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./20") = 0 [pid 5011] mkdir("./21", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5912 ./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5912] chdir("./21") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5912] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5913], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5913 [pid 5912] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5913 attached [pid 5913] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5887] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5887] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] exit_group(0 [pid 5910] <... futex resumed>) = ? [pid 5887] <... futex resumed>) = ? [pid 5886] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=44 /* 0.44 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5900] <... write resumed>) = 32394836 [pid 5900] munmap(0x7fedae557000, 32394836) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] mkdir("./bus", 0777) = 0 [ 115.084148][ T5900] loop0: detected capacity change from 0 to 63271 [ 115.126745][ T5900] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 115.135295][ T5900] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5900] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5902] <... write resumed>) = 32394836 [pid 5902] munmap(0x7fedae557000, 32394836) = 0 [ 115.185869][ T5900] F2FS-fs (loop0): invalid crc value [ 115.207862][ T5900] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5902] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] mkdir("./bus", 0777) = 0 [pid 5902] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5900] <... mount resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./bus") = 0 [pid 5900] ioctl(4, LOOP_CLR_FD) = 0 [ 115.287691][ T5902] loop2: detected capacity change from 0 to 63271 [ 115.298677][ T5900] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 115.309309][ T5902] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 115.317900][ T5900] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5900] close(4) = 0 [pid 5900] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5900] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 115.330097][ T5902] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5899] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] <... open resumed>) = 4 [pid 5900] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5900] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5900] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 115.368267][ T26] audit: type=1800 audit(1686875973.806:128): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5899] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5899] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5921], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5921 [ 115.432597][ T5902] F2FS-fs (loop2): invalid crc value [pid 5899] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5921] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5921] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [ 115.478351][ T5902] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5921] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5904] <... write resumed>) = 32394836 [pid 5904] munmap(0x7fedae557000, 32394836) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] mkdir("./bus", 0777) = 0 [ 115.589342][ T5902] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 115.607479][ T5904] loop4: detected capacity change from 0 to 63271 [ 115.618012][ T5902] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5904] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5902] <... mount resumed>) = 0 [pid 5902] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./bus") = 0 [pid 5902] ioctl(4, LOOP_CLR_FD) = 0 [pid 5900] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5902] close(4 [pid 5900] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] exit_group(0 [pid 5921] <... futex resumed>) = ? [pid 5902] <... close resumed>) = 0 [pid 5900] <... futex resumed>) = ? [pid 5899] <... exit_group resumed>) = ? [pid 5921] +++ exited with 0 +++ [pid 5902] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] +++ exited with 0 +++ [pid 5899] +++ exited with 0 +++ [pid 5902] <... futex resumed>) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5902] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5901] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [ 115.636629][ T5904] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 115.646972][ T5904] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5006] restart_syscall(<... resuming interrupted clone ...> [pid 5902] <... open resumed>) = 4 [pid 5006] <... restart_syscall resumed>) = 0 [pid 5902] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5006] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5901] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 115.689282][ T26] audit: type=1800 audit(1686875974.126:129): pid=5902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5006] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5901] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5901] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5901] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5925], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5925 [pid 5901] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5925 attached [ 115.737848][ T5904] F2FS-fs (loop4): invalid crc value [pid 5925] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5925] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5925] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [ 115.783510][ T5904] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5925] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./20/bus") = 0 [pid 5007] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./20/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./20") = 0 [pid 5007] mkdir("./21", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5928 ./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5928] chdir("./21") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5928] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5902] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5928] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5902] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... mprotect resumed>) = 0 [pid 5902] <... futex resumed>) = 0 [pid 5928] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5902] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] exit_group(0 [pid 5928] <... clone resumed>, parent_tid=[5929], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5929 [pid 5925] <... futex resumed>) = ? [pid 5902] <... futex resumed>) = ? [pid 5901] <... exit_group resumed>) = ? [pid 5928] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] +++ exited with 0 +++ ./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x7fedb69779e0, 24 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=34 /* 0.34 s */} --- [pid 5008] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5929] <... set_robust_list resumed>) = 0 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5008] <... openat resumed>) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] getdents64(3, [pid 5929] <... mmap resumed>) = 0x7fedae557000 [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5911] <... write resumed>) = 32394836 [pid 5904] <... mount resumed>) = 0 [pid 5904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./bus") = 0 [ 115.889895][ T5904] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 115.914936][ T5904] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5904] ioctl(4, LOOP_CLR_FD) = 0 [pid 5904] close(4) = 0 [pid 5904] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... futex resumed>) = 1 [pid 5904] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5904] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5903] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] munmap(0x7fedae557000, 32394836) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5903] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.978354][ T26] audit: type=1800 audit(1686875974.416:130): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5903] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5903] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5911] close(3) = 0 [pid 5903] <... clone resumed>, parent_tid=[5930], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5930 [pid 5911] mkdir("./bus", 0777 [pid 5903] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... mkdir resumed>) = 0 [pid 5903] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5930 attached [pid 5911] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5903] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5930] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5930] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [ 116.036842][ T5911] loop3: detected capacity change from 0 to 63271 [ 116.057124][ T5911] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 116.105506][ T5911] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 116.148249][ T5911] F2FS-fs (loop3): invalid crc value [pid 5930] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5904] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] exit_group(0 [pid 5930] <... futex resumed>) = ? [ 116.180773][ T5911] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5904] <... futex resumed>) = ? [pid 5903] <... exit_group resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ [pid 5903] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=41 /* 0.41 s */} --- [pid 5010] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5913] <... write resumed>) = 32394836 [pid 5913] munmap(0x7fedae557000, 32394836) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] mkdir("./bus", 0777 [pid 5911] <... mount resumed>) = 0 [pid 5913] <... mkdir resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5913] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5911] <... openat resumed>) = 3 [ 116.288863][ T5913] loop5: detected capacity change from 0 to 63271 [ 116.297074][ T5911] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 116.304114][ T5911] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 116.321477][ T5913] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5911] chdir("./bus") = 0 [pid 5911] ioctl(4, LOOP_CLR_FD) = 0 [pid 5911] close(4) = 0 [pid 5911] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5911] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5911] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... open resumed>) = 4 [pid 5911] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5911] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] <... futex resumed>) = 0 [pid 5911] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 116.375568][ T5913] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 116.393833][ T5913] F2FS-fs (loop5): invalid crc value [pid 5909] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5909] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5938], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5938 [pid 5909] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5938] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./21/bus") = 0 [pid 5006] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./21/binderfs", [pid 5938] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5938] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5938] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./21/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./21") = 0 [pid 5006] mkdir("./22", 0777) = 0 [ 116.458408][ T5913] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5939 ./strace-static-x86_64: Process 5939 attached [pid 5939] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5939] chdir("./22") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5939] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5939] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5939] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5940], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5940 [pid 5939] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5940 attached [pid 5940] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5911] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5911] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] exit_group(0 [pid 5938] <... futex resumed>) = ? [pid 5911] <... futex resumed>) = ? [pid 5909] <... exit_group resumed>) = ? [pid 5938] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5913] <... mount resumed>) = 0 [ 116.589446][ T5913] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 116.621557][ T5913] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5913] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./bus") = 0 [pid 5913] ioctl(4, LOOP_CLR_FD) = 0 [pid 5913] close(4) = 0 [pid 5913] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 1 [pid 5913] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5913] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5912] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5912] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5912] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5942], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5942 [pid 5912] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5942] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5942] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5942] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./21/bus") = 0 [pid 5008] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./21/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./21") = 0 [pid 5008] mkdir("./22", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5943 ./strace-static-x86_64: Process 5943 attached [pid 5943] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5943] chdir("./22") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5943] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5943] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5943] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5944], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5944 [pid 5943] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5944 attached [pid 5944] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5944] memfd_create("syzkaller", 0) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5913] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5913] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] exit_group(0 [pid 5942] <... futex resumed>) = ? [pid 5913] <... futex resumed>) = ? [pid 5912] <... exit_group resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [pid 5011] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./21/bus") = 0 [pid 5010] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./21/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./21") = 0 [pid 5010] mkdir("./22", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5945 ./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5945] chdir("./22") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5945] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5945] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5946], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5946 [pid 5945] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5929] <... write resumed>) = 32394836 [pid 5929] munmap(0x7fedae557000, 32394836 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5929] <... munmap resumed>) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] mkdir("./bus", 0777) = 0 [ 117.206420][ T5929] loop1: detected capacity change from 0 to 63271 [ 117.229690][ T5929] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 117.265311][ T5929] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 117.307374][ T5929] F2FS-fs (loop1): invalid crc value [pid 5929] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 117.355967][ T5929] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./21/bus") = 0 [pid 5009] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./21/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./21") = 0 [pid 5009] mkdir("./22", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5951 ./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5951] chdir("./22") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [ 117.486901][ T5929] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 117.493971][ T5929] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5951] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5951] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5952], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5952 [pid 5951] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5929] <... mount resumed>) = 0 [pid 5929] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./bus") = 0 [pid 5929] ioctl(4, LOOP_CLR_FD) = 0 [pid 5929] close(4) = 0 [pid 5929] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5929] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5928] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5952 attached [pid 5929] <... open resumed>) = 4 [pid 5952] set_robust_list(0x7fedb69779e0, 24 [pid 5929] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5929] <... futex resumed>) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5952] memfd_create("syzkaller", 0 [pid 5929] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... memfd_create resumed>) = 3 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5928] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... mmap resumed>) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./21/bus") = 0 [pid 5011] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./21/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./21") = 0 [pid 5011] mkdir("./22", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 117.567668][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 117.567688][ T26] audit: type=1800 audit(1686875976.006:133): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5953 [pid 5928] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5928] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5928] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5954], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5954 [pid 5928] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5953 attached ) = 0 [pid 5953] set_robust_list(0x5555556ed5e0, 24 [pid 5928] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] chdir("./22") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5954 attached [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5954] set_robust_list(0x7fedb043b9e0, 24 [pid 5953] <... openat resumed>) = 3 [pid 5954] <... set_robust_list resumed>) = 0 [pid 5953] write(3, "1000", 4 [pid 5954] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5953] <... write resumed>) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5953] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5955], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5955 [pid 5953] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5954] <... quotactl resumed>) = -1 ESRCH (No such process) ./strace-static-x86_64: Process 5955 attached [pid 5954] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5955] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5954] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5940] <... write resumed>) = 32394836 [pid 5940] munmap(0x7fedae557000, 32394836) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 117.749408][ T5929] bio_check_eod: 14 callbacks suppressed [ 117.749425][ T5929] syz-executor278: attempt to access beyond end of device [ 117.749425][ T5929] loop1: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [ 117.807432][ T5940] loop0: detected capacity change from 0 to 63271 [ 117.843680][ T5929] syz-executor278: attempt to access beyond end of device [pid 5940] mkdir("./bus", 0777) = 0 [pid 5940] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5928] exit_group(0 [pid 5954] <... futex resumed>) = ? [pid 5928] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [ 117.843680][ T5929] loop1: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 117.861303][ T5940] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 117.879004][ T5940] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5929] <... pwritev2 resumed>) = ? [pid 5929] +++ exited with 0 +++ [pid 5928] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=40 /* 0.40 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 117.922492][ T5940] F2FS-fs (loop0): invalid crc value [pid 5007] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5944] <... write resumed>) = 32394836 [ 117.978374][ T5940] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5944] munmap(0x7fedae557000, 32394836) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5944] close(3) = 0 [pid 5944] mkdir("./bus", 0777) = 0 [ 118.043995][ T5944] loop2: detected capacity change from 0 to 63271 [ 118.081421][ T5944] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5944] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5940] <... mount resumed>) = 0 [pid 5940] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./bus") = 0 [pid 5940] ioctl(4, LOOP_CLR_FD) = 0 [pid 5940] close(4 [ 118.103800][ T5940] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 118.104280][ T5944] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 118.119677][ T5940] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5940] <... close resumed>) = 0 [pid 5940] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5940] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5939] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... open resumed>) = 4 [pid 5940] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5940] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5939] <... futex resumed>) = 0 [pid 5940] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5939] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5939] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5939] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5939] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5962], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5962 [pid 5939] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.176950][ T26] audit: type=1800 audit(1686875976.616:134): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 118.212601][ T5944] F2FS-fs (loop2): invalid crc value [pid 5939] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5962] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5962] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5962] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 118.271855][ T5944] F2FS-fs (loop2): Found nat_bits in checkpoint [ 118.306418][ T5940] syz-executor278: attempt to access beyond end of device [ 118.306418][ T5940] loop0: rw=2049, sector=77824, nr_sectors = 2136 limit=63271 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5946] <... write resumed>) = 32394836 [pid 5946] munmap(0x7fedae557000, 32394836 [pid 5944] <... mount resumed>) = 0 [pid 5946] <... munmap resumed>) = 0 [pid 5944] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./bus") = 0 [pid 5944] ioctl(4, LOOP_CLR_FD [pid 5946] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5944] <... ioctl resumed>) = 0 [pid 5944] close(4) = 0 [pid 5946] <... openat resumed>) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5944] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5944] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [ 118.407442][ T5944] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 118.409218][ T5940] syz-executor278: attempt to access beyond end of device [ 118.409218][ T5940] loop0: rw=2049, sector=79960, nr_sectors = 1960 limit=63271 [ 118.414536][ T5944] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5944] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5943] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... ioctl resumed>) = 0 [pid 5946] close(3 [pid 5944] <... open resumed>) = 4 [pid 5944] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5944] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5943] <... futex resumed>) = 0 [pid 5946] <... close resumed>) = 0 [pid 5946] mkdir("./bus", 0777) = 0 [pid 5946] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 118.458048][ T5946] loop4: detected capacity change from 0 to 63271 [ 118.467959][ T26] audit: type=1800 audit(1686875976.906:135): pid=5944 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 118.497719][ T5946] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5943] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5943] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5943] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5943] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5943] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5965], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5965 [pid 5943] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x7fedb043b9e0, 24 [pid 5940] <... pwritev2 resumed>) = -1 EIO (Input/output error) [ 118.514799][ T5946] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5940] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5940] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 5939] exit_group(0 [pid 5965] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5962] <... futex resumed>) = ? [pid 5940] <... futex resumed>) = ? [pid 5939] <... exit_group resumed>) = ? [pid 5965] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] +++ exited with 0 +++ [pid 5940] +++ exited with 0 +++ [pid 5965] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5965] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 118.559633][ T5946] F2FS-fs (loop4): invalid crc value [ 118.613157][ T5946] F2FS-fs (loop4): Found nat_bits in checkpoint [ 118.647977][ T5944] syz-executor278: attempt to access beyond end of device [ 118.647977][ T5944] loop2: rw=2049, sector=77824, nr_sectors = 3392 limit=63271 [pid 5006] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] exit_group(0 [pid 5965] <... futex resumed>) = ? [pid 5943] <... exit_group resumed>) = ? [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5965] +++ exited with 0 +++ [pid 5007] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./21/bus") = 0 [pid 5007] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./21/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./21") = 0 [pid 5007] mkdir("./22", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 118.732539][ T5944] syz-executor278: attempt to access beyond end of device [ 118.732539][ T5944] loop2: rw=2049, sector=81216, nr_sectors = 704 limit=63271 [ 118.733378][ T5946] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5970 ./strace-static-x86_64: Process 5970 attached [pid 5970] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5970] chdir("./22") = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] setpgid(0, 0) = 0 [pid 5944] <... pwritev2 resumed>) = ? [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5970] close(3) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5970] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5970] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5944] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5970] <... clone resumed>, parent_tid=[5971], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5971 [pid 5970] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- [pid 5970] <... futex resumed>) = 0 [pid 5008] restart_syscall(<... resuming interrupted clone ...> [pid 5970] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5971 attached [pid 5008] <... restart_syscall resumed>) = 0 [pid 5971] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5008] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5971] memfd_create("syzkaller", 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5971] <... memfd_create resumed>) = 3 [pid 5008] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5008] <... openat resumed>) = 3 [pid 5971] <... mmap resumed>) = 0x7fedae557000 [pid 5008] fstat(3, [pid 5946] <... mount resumed>) = 0 [pid 5946] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./bus" [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5946] <... chdir resumed>) = 0 [pid 5008] getdents64(3, [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5946] close(4 [pid 5008] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5946] <... close resumed>) = 0 [ 118.803909][ T5946] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5946] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5945] <... futex resumed>) = 0 [pid 5946] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5945] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... open resumed>) = 4 [pid 5946] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5945] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.884895][ T26] audit: type=1800 audit(1686875977.316:136): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5945] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... write resumed>) = 32394836 [pid 5952] munmap(0x7fedae557000, 32394836 [pid 5945] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5945] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5972], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5972 [pid 5945] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... write resumed>) = 32394836 ./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5972] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5955] munmap(0x7fedae557000, 32394836 [pid 5952] <... munmap resumed>) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3 [pid 5972] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5972] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5972] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] <... ioctl resumed>) = 0 [pid 5952] close(3) = 0 [pid 5952] mkdir("./bus", 0777) = 0 [pid 5952] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5955] <... munmap resumed>) = 0 [ 118.996425][ T5952] loop3: detected capacity change from 0 to 63271 [ 119.020747][ T5952] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 119.037810][ T5946] syz-executor278: attempt to access beyond end of device [pid 5955] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] mkdir("./bus", 0777) = 0 [ 119.037810][ T5946] loop4: rw=2049, sector=77824, nr_sectors = 2080 limit=63271 [ 119.053157][ T5952] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 119.062458][ T5955] loop5: detected capacity change from 0 to 63271 [ 119.076961][ T5955] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 119.085698][ T5955] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5955] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5945] exit_group(0 [pid 5972] <... futex resumed>) = ? [pid 5945] <... exit_group resumed>) = ? [pid 5972] +++ exited with 0 +++ [ 119.119572][ T5946] syz-executor278: attempt to access beyond end of device [ 119.119572][ T5946] loop4: rw=2049, sector=79904, nr_sectors = 2016 limit=63271 [pid 5946] <... pwritev2 resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5945] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=33 /* 0.33 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 119.193719][ T5952] F2FS-fs (loop3): invalid crc value [ 119.199125][ T5955] F2FS-fs (loop5): invalid crc value [pid 5010] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./22/bus") = 0 [pid 5006] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.240160][ T5955] F2FS-fs (loop5): Found nat_bits in checkpoint [ 119.251053][ T5952] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5006] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./22/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./22") = 0 [pid 5006] mkdir("./23", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5979 ./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5979] chdir("./23") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5979] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5979] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5979] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5980], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5980 [pid 5979] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5980 attached [pid 5980] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5980] memfd_create("syzkaller", 0) = 3 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5955] <... mount resumed>) = 0 [pid 5955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5952] <... mount resumed>) = 0 [pid 5955] <... openat resumed>) = 3 [pid 5952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5955] chdir("./bus" [pid 5952] <... openat resumed>) = 3 [pid 5955] <... chdir resumed>) = 0 [pid 5952] chdir("./bus" [pid 5955] ioctl(4, LOOP_CLR_FD [pid 5952] <... chdir resumed>) = 0 [pid 5955] <... ioctl resumed>) = 0 [pid 5952] ioctl(4, LOOP_CLR_FD [pid 5955] close(4 [pid 5952] <... ioctl resumed>) = 0 [pid 5955] <... close resumed>) = 0 [pid 5955] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] close(4 [pid 5955] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5952] <... close resumed>) = 0 [pid 5955] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5955] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5953] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 119.380395][ T5955] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 119.388938][ T5952] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 119.406022][ T5955] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 119.414106][ T5952] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5951] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... open resumed>) = 4 [pid 5952] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5955] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5952] <... open resumed>) = 4 [pid 5955] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5955] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5953] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5952] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 119.463546][ T26] audit: type=1800 audit(1686875977.896:137): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5951] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5951] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5953] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5951] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... mprotect resumed>) = 0 [pid 5951] <... futex resumed>) = 0 [pid 5953] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5953] <... clone resumed>, parent_tid=[5983], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5983 [pid 5951] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5953] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] <... mprotect resumed>) = 0 [pid 5953] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5984], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5984 [pid 5951] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5983 attached [pid 5983] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5983] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5983] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5983] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5984] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5984] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5984] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [ 119.572971][ T26] audit: type=1800 audit(1686875977.926:138): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 5008] rmdir("./22/bus") = 0 [pid 5008] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./22/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./22") = 0 [pid 5008] mkdir("./23", 0777) = 0 [pid 5955] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5955] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] exit_group(0 [pid 5008] <... openat resumed>) = 3 [pid 5983] <... futex resumed>) = ? [ 119.627321][ T5955] syz-executor278: attempt to access beyond end of device [ 119.627321][ T5955] loop5: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 119.650071][ T5952] syz-executor278: attempt to access beyond end of device [ 119.650071][ T5952] loop3: rw=2049, sector=77824, nr_sectors = 2416 limit=63271 [pid 5955] <... futex resumed>) = ? [pid 5953] <... exit_group resumed>) = ? [pid 5008] ioctl(3, LOOP_CLR_FD [pid 5983] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5008] close(3 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5011] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5985 ./strace-static-x86_64: Process 5985 attached [pid 5985] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5985] chdir("./23") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5952] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5985] close(3 [pid 5952] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... close resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5951] exit_group(0 [pid 5985] symlink("/dev/binderfs", "./binderfs" [pid 5984] <... futex resumed>) = ? [pid 5951] <... exit_group resumed>) = ? [pid 5985] <... symlink resumed>) = 0 [pid 5984] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ [pid 5985] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5985] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5951] +++ exited with 0 +++ [pid 5985] <... mprotect resumed>) = 0 [pid 5985] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- [pid 5009] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5985] <... clone resumed>, parent_tid=[5986], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5986 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5985] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5985] <... futex resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5985] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5986 attached [pid 5986] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5986] memfd_create("syzkaller", 0) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5971] <... write resumed>) = 32394836 [pid 5971] munmap(0x7fedae557000, 32394836) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] mkdir("./bus", 0777) = 0 [ 119.962391][ T5971] loop1: detected capacity change from 0 to 63271 [ 119.987458][ T5971] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5971] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./22/bus") = 0 [pid 5010] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./22/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./22") = 0 [pid 5010] mkdir("./23", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5987 ./strace-static-x86_64: Process 5987 attached [pid 5987] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5987] chdir("./23") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [ 120.014000][ T5971] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5987] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5987] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5988], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5988 [pid 5987] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5988] memfd_create("syzkaller", 0) = 3 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 120.202580][ T5971] F2FS-fs (loop1): invalid crc value [ 120.236581][ T5971] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5971] <... mount resumed>) = 0 [pid 5971] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./bus") = 0 [pid 5971] ioctl(4, LOOP_CLR_FD) = 0 [pid 5971] close(4) = 0 [pid 5971] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5971] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5970] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] <... open resumed>) = 4 [ 120.379832][ T5971] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 120.400750][ T5971] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 5971] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5971] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5970] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./22/bus") = 0 [pid 5011] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./22/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [ 120.450564][ T26] audit: type=1800 audit(1686875978.886:139): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./22") = 0 [pid 5011] mkdir("./23", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 5993 [pid 5970] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5970] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5994], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 5994 [pid 5970] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5994 attached ./strace-static-x86_64: Process 5993 attached [pid 5994] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5993] set_robust_list(0x5555556ed5e0, 24 [pid 5994] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5993] <... set_robust_list resumed>) = 0 [pid 5993] chdir("./23") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5993] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5995], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5995 [pid 5994] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5993] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5994] <... futex resumed>) = 1 [pid 5993] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5995 attached [pid 5994] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5995] memfd_create("syzkaller", 0) = 3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./22/bus") = 0 [pid 5009] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./22/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./22") = 0 [pid 5009] mkdir("./23", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 5996 ./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 5996] chdir("./23") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5971] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5996] <... openat resumed>) = 3 [pid 5971] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] write(3, "1000", 4 [pid 5971] <... futex resumed>) = 0 [pid 5970] exit_group(0 [pid 5996] <... write resumed>) = 4 [pid 5994] <... futex resumed>) = ? [pid 5970] <... exit_group resumed>) = ? [pid 5996] close(3 [pid 5994] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ [pid 5970] +++ exited with 0 +++ [pid 5996] <... close resumed>) = 0 [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=36 /* 0.36 s */} --- [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 5996] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5996] <... clone resumed>, parent_tid=[5997], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 5997 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5007] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5980] <... write resumed>) = 32394836 ./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5980] munmap(0x7fedae557000, 32394836 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5980] <... munmap resumed>) = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5980] close(3) = 0 [pid 5980] mkdir("./bus", 0777) = 0 [pid 5980] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5986] <... write resumed>) = 32394836 [ 120.805801][ T5980] loop0: detected capacity change from 0 to 63271 [ 120.831335][ T5980] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5986] munmap(0x7fedae557000, 32394836) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5986] close(3) = 0 [pid 5986] mkdir("./bus", 0777) = 0 [ 120.861383][ T5980] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 120.874844][ T5986] loop2: detected capacity change from 0 to 63271 [ 120.893587][ T5980] F2FS-fs (loop0): invalid crc value [ 120.909854][ T5986] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 120.938716][ T5980] F2FS-fs (loop0): Found nat_bits in checkpoint [ 120.949814][ T5986] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5986] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5980] <... mount resumed>) = 0 [pid 5980] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5980] chdir("./bus") = 0 [pid 5980] ioctl(4, LOOP_CLR_FD) = 0 [pid 5980] close(4) = 0 [pid 5980] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5980] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5979] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.062531][ T5980] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 121.062944][ T5986] F2FS-fs (loop2): invalid crc value [ 121.075272][ T5980] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 121.099117][ T5986] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5980] <... open resumed>) = 4 [pid 5979] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5980] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5980] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5979] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.140385][ T26] audit: type=1800 audit(1686875979.576:140): pid=5980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5979] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5979] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5979] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5979] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6006], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6006 [pid 5979] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6006 attached [pid 6006] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6006] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6006] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6006] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... mount resumed>) = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./bus") = 0 [pid 5986] ioctl(4, LOOP_CLR_FD) = 0 [pid 5986] close(4) = 0 [pid 5986] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] <... futex resumed>) = 0 [pid 5985] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5986] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 121.218402][ T5986] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 121.255502][ T5986] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 5985] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... open resumed>) = 4 [pid 5986] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5986] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] <... futex resumed>) = 0 [pid 5986] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5985] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... write resumed>) = 32394836 [ 121.279368][ T26] audit: type=1800 audit(1686875979.716:141): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5988] munmap(0x7fedae557000, 32394836 [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5988] <... munmap resumed>) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5985] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5988] <... openat resumed>) = 4 [pid 5985] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] ioctl(4, LOOP_SET_FD, 3 [pid 5985] <... futex resumed>) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5985] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6007], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6007 [pid 5985] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... ioctl resumed>) = 0 [pid 5988] close(3) = 0 [pid 5988] mkdir("./bus", 0777./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x7fedb043b9e0, 24 [pid 5988] <... mkdir resumed>) = 0 [pid 6007] <... set_robust_list resumed>) = 0 [pid 5988] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6007] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6007] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 6007] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5980] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] exit_group(0 [pid 6006] <... futex resumed>) = ? [pid 5980] <... futex resumed>) = ? [pid 5979] <... exit_group resumed>) = ? [ 121.360129][ T5988] loop4: detected capacity change from 0 to 63271 [ 121.377336][ T5988] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6006] +++ exited with 0 +++ [pid 5980] +++ exited with 0 +++ [pid 5979] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=38 /* 0.38 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5986] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] exit_group(0 [pid 6007] <... futex resumed>) = ? [pid 5986] <... futex resumed>) = ? [pid 5985] <... exit_group resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=35 /* 0.35 s */} --- [ 121.425544][ T5988] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 121.454070][ T5988] F2FS-fs (loop4): invalid crc value [pid 5008] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./22/bus") = 0 [pid 5007] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./22/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./22") = 0 [pid 5007] mkdir("./23", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 121.517268][ T5988] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6011 ./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6011] chdir("./23") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6011] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6012], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6012 [pid 6011] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5988] <... mount resumed>) = 0 [pid 5988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5988] chdir("./bus") = 0 [pid 5988] ioctl(4, LOOP_CLR_FD) = 0 [ 121.657311][ T5988] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 121.685879][ T5988] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5988] close(4) = 0 [pid 5988] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5987] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... write resumed>) = 32394836 [pid 5988] <... open resumed>) = 4 [pid 5988] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] <... futex resumed>) = 0 [pid 5988] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5987] <... futex resumed>) = 0 [pid 5988] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5987] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 121.754505][ T26] audit: type=1800 audit(1686875980.186:142): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 5995] munmap(0x7fedae557000, 32394836 [pid 5987] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5995] <... munmap resumed>) = 0 [pid 5987] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5987] <... futex resumed>) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5995] <... openat resumed>) = 4 [pid 5995] ioctl(4, LOOP_SET_FD, 3 [pid 5987] <... mmap resumed>) = 0x7fedb041b000 [pid 5987] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6014], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6014 [pid 5987] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... ioctl resumed>) = 0 [pid 5995] close(3) = 0 [pid 5995] mkdir("./bus", 0777./strace-static-x86_64: Process 6014 attached ) = 0 [pid 6014] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5995] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6014] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6014] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5987] <... futex resumed>) = 0 [ 121.839714][ T5995] loop5: detected capacity change from 0 to 63271 [ 121.875496][ T5995] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 121.888244][ T5995] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5988] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5988] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... write resumed>) = 32394836 [pid 5987] exit_group(0 [pid 6014] <... futex resumed>) = ? [pid 5997] munmap(0x7fedae557000, 32394836 [pid 5988] <... futex resumed>) = ? [pid 5987] <... exit_group resumed>) = ? [pid 6014] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ [pid 5987] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5997] <... munmap resumed>) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5010] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5997] close(3 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] <... close resumed>) = 0 [pid 5010] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5997] mkdir("./bus", 0777 [pid 5010] <... openat resumed>) = 3 [pid 5997] <... mkdir resumed>) = 0 [pid 5010] fstat(3, [pid 5997] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 121.977198][ T5997] loop3: detected capacity change from 0 to 63271 [ 122.002905][ T5995] F2FS-fs (loop5): invalid crc value [ 122.008414][ T5997] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 122.040977][ T5997] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 122.049618][ T5995] F2FS-fs (loop5): Found nat_bits in checkpoint [ 122.088022][ T5997] F2FS-fs (loop3): invalid crc value [pid 5010] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 122.129945][ T5997] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... umount2 resumed>) = 0 [pid 5995] <... mount resumed>) = 0 [pid 5995] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5995] chdir("./bus") = 0 [pid 5995] ioctl(4, LOOP_CLR_FD) = 0 [pid 5995] close(4) = 0 [pid 5995] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5995] <... futex resumed>) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5993] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... openat resumed>) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, [pid 5995] <... open resumed>) = 4 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4 [pid 5995] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5993] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... close resumed>) = 0 [pid 5006] rmdir("./23/bus") = 0 [pid 5006] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./23/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [ 122.174060][ T5995] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 122.187093][ T5995] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5006] close(3) = 0 [pid 5006] rmdir("./23") = 0 [pid 5006] mkdir("./24", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6022 ./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6022] chdir("./24") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5993] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] <... futex resumed>) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5993] <... mmap resumed>) = 0x7fedb041b000 [pid 6022] <... mmap resumed>) = 0x7fedb6957000 [pid 5993] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6022] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5993] <... mprotect resumed>) = 0 [pid 6022] <... mprotect resumed>) = 0 [pid 5993] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6022] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5993] <... clone resumed>, parent_tid=[6024], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6024 [pid 6022] <... clone resumed>, parent_tid=[6025], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6025 [pid 5993] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6025 attached ./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6024] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 6025] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6024] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6024] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 6024] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... mount resumed>) = 0 [pid 5997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./bus") = 0 [pid 5997] ioctl(4, LOOP_CLR_FD) = 0 [pid 5997] close(4) = 0 [pid 5997] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] <... futex resumed>) = 0 [pid 5996] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [ 122.282984][ T5997] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 122.306053][ T5997] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5997] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5996] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... umount2 resumed>) = 0 [pid 5997] <... open resumed>) = 4 [pid 5997] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [pid 5997] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5996] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./23/bus") = 0 [pid 5008] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./23/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./23") = 0 [pid 5008] mkdir("./24", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6026] chdir("./24") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5996] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5996] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6026] write(3, "1000", 4 [pid 5996] <... mprotect resumed>) = 0 [pid 5995] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6026] <... write resumed>) = 4 [pid 5996] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5995] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] close(3 [pid 5995] <... futex resumed>) = 0 [pid 5993] exit_group(0 [pid 6026] <... close resumed>) = 0 [pid 6024] <... futex resumed>) = ? [pid 5996] <... clone resumed>, parent_tid=[6027], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6027 [pid 5993] <... exit_group resumed>) = ? [pid 6026] symlink("/dev/binderfs", "./binderfs" [pid 6024] +++ exited with 0 +++ [pid 5996] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] +++ exited with 0 +++ [pid 5996] <... futex resumed>) = 0 [pid 5993] +++ exited with 0 +++ [pid 6026] <... symlink resumed>) = 0 [pid 5996] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6026] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} --- [pid 6026] <... futex resumed>) = 0 [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5011] <... restart_syscall resumed>) = 0 [pid 6026] <... mmap resumed>) = 0x7fedb6957000 ./strace-static-x86_64: Process 6027 attached [pid 6026] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6027] set_robust_list(0x7fedb043b9e0, 24 [pid 6026] <... mprotect resumed>) = 0 [pid 5011] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6027] <... set_robust_list resumed>) = 0 [pid 6026] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6027] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5011] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6026] <... clone resumed>, parent_tid=[6028], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6028 [pid 5011] <... openat resumed>) = 3 [pid 6026] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] fstat(3, [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6028 attached [pid 6028] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6028] memfd_create("syzkaller", 0) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6027] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6027] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5997] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] exit_group(0 [pid 6027] <... futex resumed>) = ? [pid 5996] <... exit_group resumed>) = ? [pid 6027] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./23/bus") = 0 [pid 5010] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./23/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./23") = 0 [pid 5010] mkdir("./24", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6029 ./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6029] chdir("./24") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... write resumed>) = 32394836 [pid 6029] <... futex resumed>) = 0 [pid 6012] munmap(0x7fedae557000, 32394836 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6029] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6030], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6030 [pid 6029] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6030 attached [pid 6030] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6012] <... munmap resumed>) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("./bus", 0777) = 0 [ 122.815974][ T6012] loop1: detected capacity change from 0 to 63271 [ 122.837131][ T6012] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6012] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 122.869587][ T6012] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 122.986473][ T6012] F2FS-fs (loop1): invalid crc value [ 123.009433][ T6012] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6012] <... mount resumed>) = 0 [pid 6012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./bus") = 0 [pid 6012] ioctl(4, LOOP_CLR_FD) = 0 [pid 6012] close(4) = 0 [pid 6012] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [ 123.132770][ T6012] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 123.159806][ T6012] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6012] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6011] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6012] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6011] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./23/bus") = 0 [pid 5011] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./23/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [ 123.210662][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 123.210682][ T26] audit: type=1800 audit(1686875981.646:145): pid=6012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] rmdir("./23" [pid 6011] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... rmdir resumed>) = 0 [pid 6011] <... futex resumed>) = 0 [pid 5011] mkdir("./24", 0777 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5011] <... mkdir resumed>) = 0 [pid 6011] <... mmap resumed>) = 0x7fedb041b000 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6011] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] <... openat resumed>) = 3 [pid 6011] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6011] <... clone resumed>, parent_tid=[6035], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6035 [pid 6011] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] close(3 [pid 6011] <... futex resumed>) = 0 [pid 5011] <... close resumed>) = 0 [pid 6011] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6036 ./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x5555556ed5e0, 24./strace-static-x86_64: Process 6035 attached ) = 0 [pid 6035] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6036] chdir("./24" [pid 6035] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 6036] <... chdir resumed>) = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6035] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6036] <... mmap resumed>) = 0x7fedb6957000 [pid 6035] <... futex resumed>) = 0 [pid 6036] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6035] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... mprotect resumed>) = 0 [pid 6036] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6037], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6037 [pid 6036] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./23/bus") = 0 [pid 5009] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./23/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./23") = 0 [pid 5009] mkdir("./24", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 123.391918][ T6012] bio_check_eod: 13 callbacks suppressed [ 123.391934][ T6012] syz-executor278: attempt to access beyond end of device [ 123.391934][ T6012] loop1: rw=2049, sector=77824, nr_sectors = 2496 limit=63271 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6038 ./strace-static-x86_64: Process 6038 attached [pid 6038] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6038] chdir("./24") = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6038] setpgid(0, 0) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6038] write(3, "1000", 4) = 4 [pid 6038] close(3) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6038] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6038] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6039], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6039 [pid 6038] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6039 attached [pid 6039] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6025] <... write resumed>) = 32394836 [ 123.507118][ T6012] syz-executor278: attempt to access beyond end of device [ 123.507118][ T6012] loop1: rw=2049, sector=80320, nr_sectors = 1600 limit=63271 [pid 6025] munmap(0x7fedae557000, 32394836) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3 [pid 6011] exit_group(0 [pid 6035] <... futex resumed>) = ? [pid 6025] <... close resumed>) = 0 [pid 6011] <... exit_group resumed>) = ? [pid 6035] +++ exited with 0 +++ [pid 6025] mkdir("./bus", 0777 [pid 6028] <... write resumed>) = 32394836 [pid 6012] <... pwritev2 resumed>) = ? [pid 6025] <... mkdir resumed>) = 0 [pid 6025] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6012] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=43 /* 0.43 s */} --- [ 123.580645][ T6025] loop0: detected capacity change from 0 to 63271 [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6028] munmap(0x7fedae557000, 32394836) = 0 [ 123.623070][ T6025] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 123.655496][ T6025] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6028] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6028] close(3) = 0 [pid 6028] mkdir("./bus", 0777) = 0 [ 123.675499][ T6025] F2FS-fs (loop0): invalid crc value [ 123.681879][ T6028] loop2: detected capacity change from 0 to 63271 [ 123.719024][ T6028] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 123.746534][ T6025] F2FS-fs (loop0): Found nat_bits in checkpoint [ 123.760417][ T6028] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 123.804982][ T6028] F2FS-fs (loop2): invalid crc value [pid 6028] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6025] <... mount resumed>) = 0 [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./bus") = 0 [pid 6025] ioctl(4, LOOP_CLR_FD) = 0 [pid 6025] close(4) = 0 [pid 6025] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... futex resumed>) = 1 [ 123.845849][ T6025] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 123.852908][ T6025] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 123.862208][ T6028] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6025] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6030] <... write resumed>) = 32394836 [pid 6025] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... futex resumed>) = 1 [pid 6025] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6030] munmap(0x7fedae557000, 32394836) = 0 [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6022] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6022] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6022] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6047], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6047 [pid 6022] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 123.898099][ T26] audit: type=1800 audit(1686875982.336:146): pid=6025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6030] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6047] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6030] <... ioctl resumed>) = 0 [pid 6030] close(3) = 0 [pid 6030] mkdir("./bus", 0777) = 0 [pid 6030] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 123.960085][ T6030] loop4: detected capacity change from 0 to 63271 [ 123.995989][ T6030] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6047] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6047] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.013560][ T6030] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 124.026093][ T6028] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 124.033137][ T6028] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 124.040634][ T6030] F2FS-fs (loop4): invalid crc value [ 124.047473][ T6025] syz-executor278: attempt to access beyond end of device [ 124.047473][ T6025] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 6047] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6028] <... mount resumed>) = 0 [pid 6028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6028] chdir("./bus") = 0 [pid 6028] ioctl(4, LOOP_CLR_FD) = 0 [pid 6028] close(4) = 0 [pid 6028] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6028] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6026] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6028] <... open resumed>) = 4 [pid 6028] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6028] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 124.079164][ T6030] F2FS-fs (loop4): Found nat_bits in checkpoint [ 124.102060][ T26] audit: type=1800 audit(1686875982.536:147): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6026] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6026] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6026] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6052], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6052 [pid 6026] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6052 attached [pid 6026] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6052] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6052] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [ 124.173032][ T6025] syz-executor278: attempt to access beyond end of device [ 124.173032][ T6025] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 6052] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] exit_group(0) = ? [pid 6047] <... futex resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6025] <... pwritev2 resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6022] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 124.234049][ T6030] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 124.256214][ T6028] syz-executor278: attempt to access beyond end of device [ 124.256214][ T6028] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 124.265528][ T6030] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5006] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6030] <... mount resumed>) = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./bus") = 0 [pid 6030] ioctl(4, LOOP_CLR_FD) = 0 [pid 6030] close(4) = 0 [pid 6030] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6030] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6029] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6029] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6030] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6029] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [ 124.333531][ T26] audit: type=1800 audit(1686875982.766:148): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 124.364728][ T6028] syz-executor278: attempt to access beyond end of device [ 124.364728][ T6028] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./23/bus") = 0 [pid 5007] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./23/binderfs" [pid 6029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6028] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5007] <... unlink resumed>) = 0 [pid 6029] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] getdents64(3, [pid 6029] <... futex resumed>) = 0 [pid 6028] <... futex resumed>) = 0 [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6028] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] close(3 [pid 6029] <... mmap resumed>) = 0x7fedb041b000 [pid 5007] <... close resumed>) = 0 [pid 6029] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6026] exit_group(0 [pid 5007] rmdir("./23" [pid 6029] <... mprotect resumed>) = 0 [pid 6026] <... exit_group resumed>) = ? [pid 6052] <... futex resumed>) = ? [pid 6029] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6028] <... futex resumed>) = ? [pid 5007] <... rmdir resumed>) = 0 [pid 6052] +++ exited with 0 +++ [pid 6029] <... clone resumed>, parent_tid=[6054], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6054 [pid 6028] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ [pid 5007] mkdir("./24", 0777 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6054 attached [pid 6029] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... restart_syscall resumed>) = 0 [pid 5007] <... mkdir resumed>) = 0 [pid 6054] set_robust_list(0x7fedb043b9e0, 24 [pid 6029] <... futex resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6029] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5007] <... openat resumed>) = 3 [pid 6054] <... set_robust_list resumed>) = 0 [pid 5008] <... openat resumed>) = 3 [pid 5008] fstat(3, [pid 6054] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] ioctl(3, LOOP_CLR_FD [pid 5008] getdents64(3, [pid 6054] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5008] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6054] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] close(3 [pid 6054] <... futex resumed>) = 1 [pid 6029] <... futex resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6055 [pid 6054] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6055] chdir("./24") = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6055] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6055] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6056], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6056 [pid 6055] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] <... write resumed>) = 32394836 [pid 6037] munmap(0x7fedae557000, 32394836./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x7fedb69779e0, 24) = 0 [ 124.485326][ T6030] syz-executor278: attempt to access beyond end of device [ 124.485326][ T6030] loop4: rw=2049, sector=77824, nr_sectors = 3448 limit=63271 [pid 6056] memfd_create("syzkaller", 0) = 3 [pid 6037] <... munmap resumed>) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6037] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] mkdir("./bus", 0777) = 0 [ 124.537155][ T6030] syz-executor278: attempt to access beyond end of device [ 124.537155][ T6030] loop4: rw=2049, sector=81272, nr_sectors = 648 limit=63271 [ 124.554110][ T6037] loop5: detected capacity change from 0 to 63271 [pid 6037] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6030] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6030] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6029] exit_group(0 [pid 6054] <... futex resumed>) = ? [pid 6030] <... futex resumed>) = ? [pid 6029] <... exit_group resumed>) = ? [pid 6054] +++ exited with 0 +++ [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=42 /* 0.42 s */} --- [pid 5010] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 124.578230][ T6037] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 124.591902][ T6037] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 5010] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] <... write resumed>) = 32394836 [pid 6039] munmap(0x7fedae557000, 32394836) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] mkdir("./bus", 0777) = 0 [ 124.661219][ T6039] loop3: detected capacity change from 0 to 63271 [ 124.679399][ T6039] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 124.698225][ T6039] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 124.735367][ T6037] F2FS-fs (loop5): invalid crc value [ 124.740768][ T6039] F2FS-fs (loop3): invalid crc value [ 124.768221][ T6039] F2FS-fs (loop3): Found nat_bits in checkpoint [ 124.783917][ T6037] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6039] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./bus") = 0 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] close(4) = 0 [pid 6039] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 124.896119][ T6039] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 124.903247][ T6039] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 124.911327][ T6037] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 124.925616][ T6037] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6039] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6037] <... mount resumed>) = 0 [pid 6039] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6039] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... openat resumed>) = 3 [pid 6038] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6037] chdir("./bus" [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... chdir resumed>) = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6036] <... futex resumed>) = 0 [pid 6037] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6036] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... open resumed>) = 4 [pid 6037] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6036] <... futex resumed>) = 0 [pid 6037] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 124.958507][ T26] audit: type=1800 audit(1686875983.396:149): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6036] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6038] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6038] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6038] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6065], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6065 [pid 6038] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6036] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6065 attached [pid 6065] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6065] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 6036] <... mmap resumed>) = 0x7fedb041b000 [pid 6036] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6066], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6066 [pid 6036] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6066 attached [pid 6066] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6066] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6036] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6065] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6065] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6066] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.082954][ T26] audit: type=1800 audit(1686875983.426:150): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6066] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./24/bus") = 0 [pid 5006] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./24/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./24") = 0 [pid 5006] mkdir("./25", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6067 ./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6067] chdir("./25") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6067] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6067] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6068], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6068 [pid 6067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6068 attached [pid 6068] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6068] memfd_create("syzkaller", 0) = 3 [ 125.178447][ T6037] syz-executor278: attempt to access beyond end of device [ 125.178447][ T6037] loop5: rw=2049, sector=77824, nr_sectors = 2288 limit=63271 [ 125.195358][ T6039] syz-executor278: attempt to access beyond end of device [ 125.195358][ T6039] loop3: rw=2049, sector=77824, nr_sectors = 2760 limit=63271 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6038] exit_group(0 [pid 6065] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 6065] +++ exited with 0 +++ [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./24/bus") = 0 [pid 5008] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./24/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./24") = 0 [pid 5008] mkdir("./25", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3 [pid 6039] <... pwritev2 resumed>) = ? [pid 5008] <... close resumed>) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6037] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6069 [pid 6037] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] exit_group(0 [pid 6066] <... futex resumed>) = ? [pid 6037] <... futex resumed>) = ? [pid 6036] <... exit_group resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=47 /* 0.47 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6037] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=43 /* 0.43 s */} --- ./strace-static-x86_64: Process 6069 attached [pid 5009] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6069] set_robust_list(0x5555556ed5e0, 24 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6069] <... set_robust_list resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5011] <... openat resumed>) = 3 [pid 5009] fstat(3, [pid 5011] fstat(3, [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6069] chdir("./25" [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, [pid 6069] <... chdir resumed>) = 0 [pid 5011] getdents64(3, [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6069] <... prctl resumed>) = 0 [pid 5011] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6069] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6070], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6070 [pid 6069] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6070 attached [pid 6070] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./24/bus") = 0 [pid 5010] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./24/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./24") = 0 [pid 5010] mkdir("./25", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6071 ./strace-static-x86_64: Process 6071 attached [pid 6071] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6071] chdir("./25") = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6071] setpgid(0, 0) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6071] write(3, "1000", 4) = 4 [pid 6071] close(3) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6071] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6071] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6072], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6072 [pid 6071] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6072 attached [pid 6072] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6072] memfd_create("syzkaller", 0) = 3 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6056] <... write resumed>) = 32394836 [pid 6056] munmap(0x7fedae557000, 32394836) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6056] <... ioctl resumed>) = 0 [pid 6056] close(3) = 0 [pid 6056] mkdir("./bus", 0777) = 0 [pid 6056] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 125.846567][ T6056] loop1: detected capacity change from 0 to 63271 [ 125.875927][ T6056] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 125.884603][ T6056] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 125.913808][ T6056] F2FS-fs (loop1): invalid crc value [ 125.954404][ T6056] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./24/bus") = 0 [pid 5009] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./24/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./24") = 0 [pid 5009] mkdir("./25", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6077 [pid 6072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6056] <... mount resumed>) = 0 [pid 6056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./bus") = 0 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 6056] close(4) = 0 ./strace-static-x86_64: Process 6077 attached [pid 6077] set_robust_list(0x5555556ed5e0, 24 [pid 6056] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... set_robust_list resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6077] chdir("./25" [pid 6056] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6055] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... chdir resumed>) = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6055] <... futex resumed>) = 0 [pid 6077] <... prctl resumed>) = 0 [pid 6077] setpgid(0, 0) = 0 [ 126.047579][ T6056] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 126.065915][ T6056] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6055] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6056] <... open resumed>) = 4 [pid 6077] <... openat resumed>) = 3 [pid 6056] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] write(3, "1000", 4 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6077] <... write resumed>) = 4 [pid 6056] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] close(3 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... close resumed>) = 0 [pid 6056] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6055] <... futex resumed>) = 0 [ 126.113471][ T26] audit: type=1800 audit(1686875984.546:151): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6077] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6078], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6078 [pid 6077] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6078] memfd_create("syzkaller", 0) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] <... umount2 resumed>) = 0 [pid 6055] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6055] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6055] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6079], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6079 [pid 6055] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6079 attached [pid 6079] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6079] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5011] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6079] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6079] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... openat resumed>) = 4 [pid 5011] fstat(4, [pid 6079] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6079] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./24/bus") = 0 [pid 5011] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./24/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./24") = 0 [pid 5011] mkdir("./25", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6080 ./strace-static-x86_64: Process 6080 attached [pid 6080] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6080] chdir("./25") = 0 [pid 6080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6080] setpgid(0, 0) = 0 [pid 6080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6080] write(3, "1000", 4) = 4 [pid 6080] close(3) = 0 [pid 6080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6080] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6080] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6080] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6081], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6081 [pid 6080] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6081] memfd_create("syzkaller", 0) = 3 [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6056] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6056] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] exit_group(0 [pid 6056] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] <... futex resumed>) = ? [pid 6056] <... futex resumed>) = ? [pid 6055] <... exit_group resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ [pid 6055] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=41 /* 0.41 s */} --- [pid 5007] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] <... write resumed>) = 32394836 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] munmap(0x7fedae557000, 32394836 [pid 5007] <... openat resumed>) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] <... munmap resumed>) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] mkdir("./bus", 0777) = 0 [ 126.417017][ T6070] loop2: detected capacity change from 0 to 63271 [ 126.447988][ T6070] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 126.488284][ T6070] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 126.518190][ T6070] F2FS-fs (loop2): invalid crc value [pid 6070] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6068] <... write resumed>) = 32394836 [ 126.548510][ T6070] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6068] munmap(0x7fedae557000, 32394836) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] mkdir("./bus", 0777) = 0 [ 126.620548][ T6068] loop0: detected capacity change from 0 to 63271 [ 126.643318][ T6070] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 126.654281][ T6068] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6068] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6070] <... mount resumed>) = 0 [pid 6070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] chdir("./bus") = 0 [pid 6070] ioctl(4, LOOP_CLR_FD) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] <... futex resumed>) = 0 [pid 6070] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 126.664003][ T6070] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 126.688309][ T6068] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6069] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... open resumed>) = 4 [pid 6070] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] <... futex resumed>) = 0 [pid 6070] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6069] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6069] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6069] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6088], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6088 [pid 6069] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.717012][ T26] audit: type=1800 audit(1686875985.156:152): pid=6070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 126.754668][ T6068] F2FS-fs (loop0): invalid crc value [pid 6069] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6088 attached [pid 6088] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6088] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 6072] <... write resumed>) = 32394836 [pid 6072] munmap(0x7fedae557000, 32394836 [pid 6081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 126.806495][ T6068] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6072] <... munmap resumed>) = 0 [pid 6088] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6088] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... openat resumed>) = 4 [pid 6072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6072] close(3) = 0 [pid 6072] mkdir("./bus", 0777) = 0 [ 126.879809][ T6072] loop4: detected capacity change from 0 to 63271 [ 126.916237][ T6072] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6072] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6070] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6070] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] exit_group(0 [pid 6088] <... futex resumed>) = ? [pid 6069] <... exit_group resumed>) = ? [pid 6088] +++ exited with 0 +++ [pid 6070] <... futex resumed>) = ? [pid 6070] +++ exited with 0 +++ [pid 6069] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- [pid 5008] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 126.929119][ T6072] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 126.944667][ T6068] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 126.957646][ T6072] F2FS-fs (loop4): invalid crc value [ 126.962176][ T6068] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5008] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6068] <... mount resumed>) = 0 [pid 6068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./bus") = 0 [pid 6068] ioctl(4, LOOP_CLR_FD) = 0 [pid 6068] close(4) = 0 [pid 6068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] <... futex resumed>) = 0 [pid 6067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.992285][ T6072] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 6068] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6068] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6068] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 127.026768][ T26] audit: type=1800 audit(1686875985.466:153): pid=6068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6067] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6067] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6067] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6067] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6095], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6095 [pid 6067] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6067] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6095 attached [pid 6095] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6095] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6072] <... mount resumed>) = 0 [pid 5007] <... umount2 resumed>) = 0 [pid 6072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5007] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6072] <... openat resumed>) = 3 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6072] chdir("./bus" [pid 5007] lstat("./24/bus", [pid 6072] <... chdir resumed>) = 0 [pid 6072] ioctl(4, LOOP_CLR_FD [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6072] <... ioctl resumed>) = 0 [pid 6072] close(4 [pid 5007] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6072] <... close resumed>) = 0 [pid 6072] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6072] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6072] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6071] <... futex resumed>) = 0 [ 127.096502][ T6072] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 127.105651][ T6072] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6071] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... openat resumed>) = 4 [pid 6095] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6095] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6095] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6072] <... open resumed>) = 4 [pid 5007] getdents64(4, [pid 6072] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] getdents64(4, [pid 6072] <... futex resumed>) = 1 [pid 6071] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./24/bus") = 0 [pid 5007] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./24/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./24") = 0 [pid 5007] mkdir("./25", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6096 ./strace-static-x86_64: Process 6096 attached [pid 6096] set_robust_list(0x5555556ed5e0, 24) = 0 [ 127.148535][ T26] audit: type=1800 audit(1686875985.586:154): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6096] chdir("./25") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6096] <... openat resumed>) = 3 [pid 6071] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] write(3, "1000", 4 [pid 6071] <... futex resumed>) = 0 [pid 6096] <... write resumed>) = 4 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6096] close(3) = 0 [pid 6071] <... mmap resumed>) = 0x7fedb041b000 [pid 6096] symlink("/dev/binderfs", "./binderfs" [pid 6071] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6096] <... symlink resumed>) = 0 [pid 6071] <... mprotect resumed>) = 0 [pid 6096] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6096] <... futex resumed>) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6071] <... clone resumed>, parent_tid=[6097], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6097 [pid 6096] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6071] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... mprotect resumed>) = 0 [pid 6071] <... futex resumed>) = 0 [pid 6096] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6071] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6097 attached [pid 6096] <... clone resumed>, parent_tid=[6098], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6098 [pid 6096] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] set_robust_list(0x7fedb043b9e0, 24 [pid 6096] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6098 attached [pid 6097] <... set_robust_list resumed>) = 0 [pid 6096] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6098] set_robust_list(0x7fedb69779e0, 24 [pid 6097] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 6098] <... set_robust_list resumed>) = 0 [pid 6097] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6097] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] memfd_create("syzkaller", 0 [pid 6097] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6098] <... memfd_create resumed>) = 3 [pid 6097] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6072] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6098] <... mmap resumed>) = 0x7fedae557000 [pid 6072] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] exit_group(0) = ? [pid 6097] <... futex resumed>) = ? [pid 6097] +++ exited with 0 +++ [pid 6072] <... futex resumed>) = ? [pid 6072] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6068] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6068] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] exit_group(0 [pid 6095] <... futex resumed>) = ? [pid 6067] <... exit_group resumed>) = ? [pid 6095] +++ exited with 0 +++ [pid 6068] <... futex resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6067] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6078] <... write resumed>) = 32394836 [pid 6078] munmap(0x7fedae557000, 32394836) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] mkdir("./bus", 0777) = 0 [ 127.509085][ T6078] loop3: detected capacity change from 0 to 63271 [ 127.545655][ T6078] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 127.580743][ T6078] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 6078] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6081] <... write resumed>) = 32394836 [pid 6081] munmap(0x7fedae557000, 32394836) = 0 [pid 6081] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6081] close(3) = 0 [pid 6081] mkdir("./bus", 0777) = 0 [ 127.676946][ T6081] loop5: detected capacity change from 0 to 63271 [ 127.715286][ T6078] F2FS-fs (loop3): invalid crc value [pid 6081] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./25/bus") = 0 [pid 5008] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./25/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./25") = 0 [pid 5008] mkdir("./26", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3 [pid 6098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... close resumed>) = 0 [ 127.721015][ T6081] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 127.745086][ T6081] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 127.763960][ T6078] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6102] chdir("./26") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6102] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6104], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6104 [pid 6102] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6104 attached [pid 6104] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6104] memfd_create("syzkaller", 0) = 3 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 127.818169][ T6081] F2FS-fs (loop5): invalid crc value [ 127.851149][ T6081] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6078] <... mount resumed>) = 0 [pid 6078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./bus") = 0 [pid 6078] ioctl(4, LOOP_CLR_FD) = 0 [pid 6078] close(4) = 0 [pid 6078] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [ 127.896395][ T6078] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 127.903469][ T6078] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6078] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6078] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6077] <... futex resumed>) = 0 [pid 6078] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6077] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./25/bus" [pid 6081] <... mount resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 6081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5010] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./25/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./25") = 0 [pid 5010] mkdir("./26", 0777 [pid 6081] <... openat resumed>) = 3 [pid 5010] <... mkdir resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 127.977085][ T6081] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 127.988782][ T6081] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5010] close(3 [pid 6081] chdir("./bus" [pid 6077] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... chdir resumed>) = 0 [pid 6077] <... futex resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 6081] ioctl(4, LOOP_CLR_FD [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6081] <... ioctl resumed>) = 0 [pid 6077] <... mmap resumed>) = 0x7fedb041b000 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6081] close(4 [pid 6077] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6081] <... close resumed>) = 0 [pid 6077] <... mprotect resumed>) = 0 [pid 6081] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6109 [pid 6081] <... futex resumed>) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6081] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6080] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... clone resumed>, parent_tid=[6110], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6110 ./strace-static-x86_64: Process 6109 attached [pid 6081] <... open resumed>) = 4 [pid 6080] <... futex resumed>) = 0 [pid 6077] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] set_robust_list(0x5555556ed5e0, 24 [pid 6081] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] <... futex resumed>) = 0 [pid 6109] <... set_robust_list resumed>) = 0 [pid 6081] <... futex resumed>) = 0 [pid 6080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6077] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] chdir("./26" [pid 6081] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6080] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6110 attached [pid 6109] <... chdir resumed>) = 0 [pid 6080] <... futex resumed>) = 0 [pid 6110] set_robust_list(0x7fedb043b9e0, 24 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6080] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] <... set_robust_list resumed>) = 0 [pid 6109] <... prctl resumed>) = 0 [pid 6110] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 6109] setpgid(0, 0) = 0 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6109] write(3, "1000", 4) = 4 [pid 6109] close(3) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6109] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6109] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6110] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6109] <... mprotect resumed>) = 0 [pid 6110] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6077] <... futex resumed>) = 0 [pid 6110] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... clone resumed>, parent_tid=[6111], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6111 [pid 6109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6111] memfd_create("syzkaller", 0) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5006] <... umount2 resumed>) = 0 [pid 6111] <... mmap resumed>) = 0x7fedae557000 [pid 5006] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4 [pid 6080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6080] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... close resumed>) = 0 [pid 6080] <... futex resumed>) = 0 [pid 5006] rmdir("./25/bus" [pid 6080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5006] <... rmdir resumed>) = 0 [pid 6080] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5006] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6080] <... mprotect resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6080] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] lstat("./25/binderfs", [pid 6080] <... clone resumed>, parent_tid=[6112], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6112 [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 6112 attached [pid 6080] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] unlink("./25/binderfs" [pid 6112] set_robust_list(0x7fedb043b9e0, 24 [pid 6080] <... futex resumed>) = 0 [pid 6112] <... set_robust_list resumed>) = 0 [pid 6080] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... unlink resumed>) = 0 [pid 6112] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./25") = 0 [pid 5006] mkdir("./26", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6113 ./strace-static-x86_64: Process 6113 attached [pid 6113] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6113] chdir("./26") = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6113] setpgid(0, 0) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6112] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6113] <... openat resumed>) = 3 [pid 6112] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] write(3, "1000", 4 [pid 6112] <... futex resumed>) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6113] <... write resumed>) = 4 [pid 6112] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] close(3) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6113] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6113] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6114], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6114 [pid 6113] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6078] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6078] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6077] exit_group(0 [pid 6110] <... futex resumed>) = ? [pid 6078] <... futex resumed>) = ? [pid 6077] <... exit_group resumed>) = ? [pid 6110] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=43 /* 0.43 s */} --- [pid 5009] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6081] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6081] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] exit_group(0 [pid 6112] <... futex resumed>) = ? [pid 6080] <... exit_group resumed>) = ? [pid 6112] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ [pid 6080] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6080, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=47 /* 0.47 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6098] <... write resumed>) = 32394836 [pid 6098] munmap(0x7fedae557000, 32394836) = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6098] close(3) = 0 [pid 6098] mkdir("./bus", 0777) = 0 [ 128.529845][ T6098] loop1: detected capacity change from 0 to 63271 [ 128.547017][ T6098] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 128.569676][ T6098] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 6098] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 128.696657][ T6098] F2FS-fs (loop1): invalid crc value [ 128.724759][ T6098] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6098] <... mount resumed>) = 0 [pid 6098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6098] chdir("./bus") = 0 [pid 6098] ioctl(4, LOOP_CLR_FD) = 0 [pid 6098] close(4) = 0 [pid 6098] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 1 [pid 6096] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6096] <... futex resumed>) = 0 [ 128.877651][ T6098] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 128.887413][ T6098] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6096] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./25/bus") = 0 [pid 5011] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6098] <... open resumed>) = 4 [pid 6098] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6098] <... futex resumed>) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6098] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6096] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./25/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./25") = 0 [pid 5011] mkdir("./26", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6119 ./strace-static-x86_64: Process 6119 attached [pid 6119] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6119] chdir("./26") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 128.935166][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 128.935179][ T26] audit: type=1800 audit(1686875987.366:157): pid=6098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6119] setpgid(0, 0 [pid 6096] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... setpgid resumed>) = 0 [pid 6096] <... futex resumed>) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6119] <... openat resumed>) = 3 [pid 6096] <... mmap resumed>) = 0x7fedb041b000 [pid 6119] write(3, "1000", 4 [pid 6096] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6119] <... write resumed>) = 4 [pid 6096] <... mprotect resumed>) = 0 [pid 6119] close(3) = 0 [pid 6096] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... clone resumed>, parent_tid=[6120], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6120 [pid 6119] <... futex resumed>) = 0 [pid 6096] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6096] <... futex resumed>) = 0 [pid 6119] <... mmap resumed>) = 0x7fedb6957000 [pid 6096] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6119] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6121], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6121 [pid 6119] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6121 attached ./strace-static-x86_64: Process 6120 attached [pid 6121] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6120] set_robust_list(0x7fedb043b9e0, 24 [pid 6121] memfd_create("syzkaller", 0 [pid 6120] <... set_robust_list resumed>) = 0 [pid 6120] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 6121] <... memfd_create resumed>) = 3 [pid 6120] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6120] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... mmap resumed>) = 0x7fedae557000 [pid 6096] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 1 [pid 6120] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] <... write resumed>) = 32394836 [ 129.081034][ T6098] bio_check_eod: 14 callbacks suppressed [ 129.081050][ T6098] syz-executor278: attempt to access beyond end of device [ 129.081050][ T6098] loop1: rw=2049, sector=77824, nr_sectors = 2176 limit=63271 [pid 6104] munmap(0x7fedae557000, 32394836 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./25/bus", [pid 6104] <... munmap resumed>) = 0 [pid 5009] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6104] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 6104] <... openat resumed>) = 4 [pid 5009] rmdir("./25/bus" [pid 6104] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... rmdir resumed>) = 0 [pid 5009] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./25/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./25") = 0 [pid 6104] <... ioctl resumed>) = 0 [pid 6104] close(3) = 0 [pid 6104] mkdir("./bus", 0777) = 0 [pid 6104] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] mkdir("./26", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6122 ./strace-static-x86_64: Process 6122 attached [pid 6122] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6122] chdir("./26") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [ 129.159543][ T6104] loop2: detected capacity change from 0 to 63271 [ 129.170819][ T6098] syz-executor278: attempt to access beyond end of device [ 129.170819][ T6098] loop1: rw=2049, sector=80000, nr_sectors = 1920 limit=63271 [ 129.186514][ T6104] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6122] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6098] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6122] <... mprotect resumed>) = 0 [pid 6098] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6098] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6123 attached [pid 6098] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] set_robust_list(0x7fedb69779e0, 24 [pid 6122] <... clone resumed>, parent_tid=[6123], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6123 [pid 6123] <... set_robust_list resumed>) = 0 [pid 6096] exit_group(0 [pid 6122] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] memfd_create("syzkaller", 0 [pid 6122] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = ? [pid 6098] <... futex resumed>) = ? [pid 6096] <... exit_group resumed>) = ? [pid 6123] <... memfd_create resumed>) = 3 [pid 6122] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6120] +++ exited with 0 +++ [pid 6098] +++ exited with 0 +++ [pid 6096] +++ exited with 0 +++ [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- [pid 5007] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 129.232939][ T6104] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 129.286289][ T6104] F2FS-fs (loop2): invalid crc value [pid 5007] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6111] <... write resumed>) = 32394836 [pid 6111] munmap(0x7fedae557000, 32394836) = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 129.318998][ T6104] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6111] close(3) = 0 [pid 6111] mkdir("./bus", 0777) = 0 [pid 6111] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6114] <... write resumed>) = 32394836 [ 129.374513][ T6111] loop4: detected capacity change from 0 to 63271 [ 129.412559][ T6111] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6114] munmap(0x7fedae557000, 32394836) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6114] close(3) = 0 [pid 6114] mkdir("./bus", 0777) = 0 [pid 6114] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6104] <... mount resumed>) = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6104] chdir("./bus") = 0 [pid 6104] ioctl(4, LOOP_CLR_FD) = 0 [pid 6104] close(4) = 0 [pid 6104] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 129.444890][ T6111] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 129.456343][ T6114] loop0: detected capacity change from 0 to 63271 [ 129.463842][ T6104] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 129.476762][ T6104] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 129.485015][ T6114] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6104] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... futex resumed>) = 0 [pid 6104] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6104] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6104] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6102] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.508927][ T6114] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 129.521522][ T26] audit: type=1800 audit(1686875987.956:158): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6102] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6102] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6134], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6134 [pid 6102] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6134 attached [pid 6134] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6134] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6134] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [ 129.575977][ T6114] F2FS-fs (loop0): invalid crc value [ 129.582103][ T6111] F2FS-fs (loop4): invalid crc value [ 129.603866][ T6111] F2FS-fs (loop4): Found nat_bits in checkpoint [ 129.617771][ T6114] F2FS-fs (loop0): Found nat_bits in checkpoint [ 129.683335][ T6104] syz-executor278: attempt to access beyond end of device [ 129.683335][ T6104] loop2: rw=2049, sector=77824, nr_sectors = 2120 limit=63271 [pid 6134] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... mount resumed>) = 0 [pid 6111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6111] chdir("./bus") = 0 [ 129.738639][ T6111] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 129.752984][ T6114] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 129.764248][ T6111] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 129.764289][ T6114] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6111] ioctl(4, LOOP_CLR_FD) = 0 [pid 6111] close(4) = 0 [pid 6111] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... open resumed>) = 4 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6114] <... mount resumed>) = 0 [pid 6114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6114] chdir("./bus") = 0 [pid 6114] ioctl(4, LOOP_CLR_FD) = 0 [pid 6114] close(4) = 0 [pid 6114] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.791806][ T6104] syz-executor278: attempt to access beyond end of device [ 129.791806][ T6104] loop2: rw=2049, sector=79944, nr_sectors = 1976 limit=63271 [pid 6113] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 1 [pid 6114] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6111] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6109] <... futex resumed>) = 0 [pid 6111] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6109] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... open resumed>) = 4 [pid 6114] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6114] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6113] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.827892][ T26] audit: type=1800 audit(1686875988.266:159): pid=6111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6113] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6109] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6104] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6109] <... mmap resumed>) = 0x7fedb041b000 [pid 6109] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6104] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... mprotect resumed>) = 0 [pid 6109] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6102] exit_group(0 [pid 6109] <... clone resumed>, parent_tid=[6137], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6137 [pid 6134] <... futex resumed>) = ? [pid 6109] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... exit_group resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6109] <... futex resumed>) = 0 [pid 6109] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... futex resumed>) = ? [pid 6113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6113] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6137 attached ) = 0x7fedb041b000 [pid 6104] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ [pid 6137] set_robust_list(0x7fedb043b9e0, 24 [pid 6113] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [pid 6137] <... set_robust_list resumed>) = 0 [pid 6113] <... mprotect resumed>) = 0 [pid 6113] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6137] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6113] <... clone resumed>, parent_tid=[6138], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6138 [pid 5007] <... umount2 resumed>) = 0 [pid 6113] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6113] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... futex resumed>) = 0 [pid 6137] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] fstat(3, ./strace-static-x86_64: Process 6138 attached [pid 5007] lstat("./25/bus", [pid 6138] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6138] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5007] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./25/bus") = 0 [pid 5007] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, [pid 5007] lstat("./25/binderfs", [pid 5008] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] unlink("./25/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./25") = 0 [pid 5007] mkdir("./26", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 6113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6139 ./strace-static-x86_64: Process 6139 attached [pid 6139] set_robust_list(0x5555556ed5e0, 24 [pid 6138] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6121] <... write resumed>) = 32394836 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6138] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] munmap(0x7fedae557000, 32394836 [pid 6139] chdir("./26" [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] <... chdir resumed>) = 0 [pid 6139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6139] setpgid(0, 0) = 0 [pid 6139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6139] write(3, "1000", 4) = 4 [pid 6139] close(3) = 0 [ 129.944414][ T6111] syz-executor278: attempt to access beyond end of device [ 129.944414][ T6111] loop4: rw=2049, sector=77824, nr_sectors = 2752 limit=63271 [ 129.965713][ T26] audit: type=1800 audit(1686875988.306:160): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6139] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] <... munmap resumed>) = 0 [pid 6139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6121] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6139] <... mmap resumed>) = 0x7fedb6957000 [pid 6121] <... openat resumed>) = 4 [pid 6139] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6121] ioctl(4, LOOP_SET_FD, 3 [pid 6139] <... mprotect resumed>) = 0 [pid 6139] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6121] <... ioctl resumed>) = 0 [pid 6121] close(3./strace-static-x86_64: Process 6140 attached [pid 6139] <... clone resumed>, parent_tid=[6140], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6140 [pid 6121] <... close resumed>) = 0 [pid 6111] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6140] set_robust_list(0x7fedb69779e0, 24 [pid 6139] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] mkdir("./bus", 0777 [pid 6111] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... set_robust_list resumed>) = 0 [pid 6139] <... futex resumed>) = 0 [pid 6121] <... mkdir resumed>) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6140] memfd_create("syzkaller", 0 [pid 6139] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6140] <... memfd_create resumed>) = 3 [pid 6121] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6111] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 130.019732][ T6111] syz-executor278: attempt to access beyond end of device [ 130.019732][ T6111] loop4: rw=2049, sector=80576, nr_sectors = 1344 limit=63271 [ 130.038773][ T6121] loop5: detected capacity change from 0 to 63271 [pid 6109] exit_group(0 [pid 6140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6137] <... futex resumed>) = ? [pid 6111] <... futex resumed>) = ? [pid 6109] <... exit_group resumed>) = ? [pid 6140] <... mmap resumed>) = 0x7fedae557000 [pid 6137] +++ exited with 0 +++ [pid 6111] +++ exited with 0 +++ [pid 6109] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5010] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 130.073823][ T6114] syz-executor278: attempt to access beyond end of device [ 130.073823][ T6114] loop0: rw=2049, sector=77824, nr_sectors = 3320 limit=63271 [ 130.088427][ T6121] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 130.127142][ T6121] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 130.156275][ T6121] F2FS-fs (loop5): invalid crc value [ 130.160511][ T6114] syz-executor278: attempt to access beyond end of device [ 130.160511][ T6114] loop0: rw=2049, sector=81144, nr_sectors = 776 limit=63271 [pid 5010] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6113] exit_group(0 [pid 6138] <... futex resumed>) = ? [pid 6113] <... exit_group resumed>) = ? [pid 6138] +++ exited with 0 +++ [pid 6114] <... pwritev2 resumed>) = ? [ 130.201597][ T6121] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6114] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=47 /* 0.47 s */} --- [pid 5006] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6121] <... mount resumed>) = 0 [pid 6121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./bus") = 0 [pid 6121] ioctl(4, LOOP_CLR_FD) = 0 [ 130.366769][ T6121] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 130.373834][ T6121] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6121] close(4) = 0 [pid 6121] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 0 [pid 6121] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6121] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... futex resumed>) = 1 [pid 6121] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6123] <... write resumed>) = 32394836 [pid 6123] munmap(0x7fedae557000, 32394836 [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6119] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6145], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6145 [pid 6119] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.435905][ T26] audit: type=1800 audit(1686875988.876:161): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6119] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6145 attached [pid 6145] set_robust_list(0x7fedb043b9e0, 24 [pid 6123] <... munmap resumed>) = 0 [pid 6145] <... set_robust_list resumed>) = 0 [pid 6145] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 6123] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3 [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6123] <... ioctl resumed>) = 0 [pid 6123] close(3) = 0 [pid 6123] mkdir("./bus", 0777) = 0 [pid 6123] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6145] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6145] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.527343][ T6123] loop3: detected capacity change from 0 to 63271 [ 130.564423][ T6123] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6145] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [ 130.604492][ T6123] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 130.614729][ T6121] syz-executor278: attempt to access beyond end of device [ 130.614729][ T6121] loop5: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./26/bus") = 0 [pid 5008] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./26/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./26") = 0 [pid 5008] mkdir("./27", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6146 ./strace-static-x86_64: Process 6146 attached [ 130.663468][ T6123] F2FS-fs (loop3): invalid crc value [pid 6146] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6146] chdir("./27") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6146] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6146] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6150], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6150 [pid 6146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6150 attached [pid 6140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6150] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6150] memfd_create("syzkaller", 0 [pid 6119] exit_group(0 [pid 6150] <... memfd_create resumed>) = 3 [pid 6145] <... futex resumed>) = ? [pid 6119] <... exit_group resumed>) = ? [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6145] +++ exited with 0 +++ [pid 6150] <... mmap resumed>) = 0x7fedae557000 [ 130.719203][ T6123] F2FS-fs (loop3): Found nat_bits in checkpoint [ 130.738165][ T6121] syz-executor278: attempt to access beyond end of device [ 130.738165][ T6121] loop5: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6121] <... pwritev2 resumed>) = ? [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, [pid 6121] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5010] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5010] close(4 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5010] <... close resumed>) = 0 [pid 5010] rmdir("./26/bus" [pid 6123] <... mount resumed>) = 0 [pid 5011] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... rmdir resumed>) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... openat resumed>) = 3 [pid 5010] lstat("./26/binderfs", [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] getdents64(3, [pid 5010] unlink("./26/binderfs" [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] <... unlink resumed>) = 0 [pid 5011] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 6123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6123] chdir("./bus" [pid 5010] rmdir("./26" [pid 6123] <... chdir resumed>) = 0 [pid 5010] <... rmdir resumed>) = 0 [pid 6123] ioctl(4, LOOP_CLR_FD [pid 5010] mkdir("./27", 0777 [pid 6123] <... ioctl resumed>) = 0 [pid 6123] close(4) = 0 [pid 6123] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... mkdir resumed>) = 0 [pid 6122] <... futex resumed>) = 1 [pid 6122] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6123] <... futex resumed>) = 0 [ 130.846172][ T6123] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 130.853260][ T6123] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6123] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6152 [pid 6123] <... open resumed>) = 4 [pid 6123] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6123] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6122] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6152 attached [pid 6152] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6152] chdir("./27") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6152] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6153], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6153 [pid 6152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6153 attached [pid 6153] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 130.912652][ T26] audit: type=1800 audit(1686875989.346:162): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6122] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6122] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6154], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6154 [pid 6122] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6154 attached [pid 6154] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6154] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./26/bus", [pid 6154] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6154] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 5006] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6154] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./26/bus") = 0 [pid 5006] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./26/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./26") = 0 [pid 5006] mkdir("./27", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6155 ./strace-static-x86_64: Process 6155 attached [pid 6155] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6155] chdir("./27") = 0 [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6155] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6155] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6155] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6156], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6156 [pid 6155] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6156 attached [pid 6156] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6156] memfd_create("syzkaller", 0) = 3 [pid 6156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6123] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6123] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] exit_group(0 [pid 6154] <... futex resumed>) = ? [pid 6123] <... futex resumed>) = ? [pid 6122] <... exit_group resumed>) = ? [pid 6154] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- [pid 5009] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6140] <... write resumed>) = 32394836 [pid 6140] munmap(0x7fedae557000, 32394836) = 0 [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6140] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6140] close(3) = 0 [pid 6140] mkdir("./bus", 0777) = 0 [ 131.377559][ T6140] loop1: detected capacity change from 0 to 63271 [ 131.408383][ T6140] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6140] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... umount2 resumed>) = 0 [ 131.435503][ T6140] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 131.456625][ T6140] F2FS-fs (loop1): invalid crc value [pid 5011] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./26/bus") = 0 [pid 5011] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./26/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./26") = 0 [pid 5011] mkdir("./27", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [ 131.514024][ T6140] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6160 attached [pid 6160] set_robust_list(0x5555556ed5e0, 24 [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6160 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6160] chdir("./27") = 0 [pid 6160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6160] setpgid(0, 0) = 0 [pid 6160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6160] write(3, "1000", 4) = 4 [pid 6160] close(3) = 0 [pid 6160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6160] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6160] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6160] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6162], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6162 [pid 6160] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6162] memfd_create("syzkaller", 0) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6140] <... mount resumed>) = 0 [pid 6140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6140] chdir("./bus") = 0 [pid 6140] ioctl(4, LOOP_CLR_FD) = 0 [ 131.601451][ T6140] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 131.609983][ T6140] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6140] close(4) = 0 [pid 6140] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6140] <... futex resumed>) = 1 [pid 6139] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] <... open resumed>) = 4 [pid 6140] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6140] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6140] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 131.688551][ T26] audit: type=1800 audit(1686875990.126:163): pid=6140 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6139] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6139] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6139] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6139] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6163], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6163 [pid 6139] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6163 attached [pid 6163] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6163] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6163] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6163] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6140] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] exit_group(0 [pid 6163] <... futex resumed>) = ? [pid 6140] <... futex resumed>) = ? [pid 6139] <... exit_group resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 6139] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6139, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6153] <... write resumed>) = 32394836 [pid 6153] munmap(0x7fedae557000, 32394836) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 6153] <... ioctl resumed>) = 0 [pid 5009] getdents64(4, [pid 6153] close(3 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 6153] <... close resumed>) = 0 [pid 6153] mkdir("./bus", 0777 [pid 5009] close(4 [pid 6153] <... mkdir resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 6153] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] rmdir("./26/bus") = 0 [ 132.027909][ T6153] loop4: detected capacity change from 0 to 63271 [pid 5009] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./26/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./26") = 0 [pid 5009] mkdir("./27", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6164 ./strace-static-x86_64: Process 6164 attached [pid 6164] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6164] chdir("./27") = 0 [pid 6164] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6150] <... write resumed>) = 32394836 [pid 6164] <... prctl resumed>) = 0 [pid 6150] munmap(0x7fedae557000, 32394836 [pid 6164] setpgid(0, 0) = 0 [pid 6150] <... munmap resumed>) = 0 [pid 6164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6150] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6164] <... openat resumed>) = 3 [pid 6164] write(3, "1000", 4 [pid 6150] <... openat resumed>) = 4 [pid 6164] <... write resumed>) = 4 [pid 6164] close(3 [pid 6150] ioctl(4, LOOP_SET_FD, 3 [pid 6164] <... close resumed>) = 0 [ 132.069032][ T6153] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 132.100728][ T6153] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 6150] <... ioctl resumed>) = 0 [pid 6164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6164] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] close(3 [pid 6164] <... futex resumed>) = 0 [pid 6164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6164] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6150] <... close resumed>) = 0 [pid 6164] <... mprotect resumed>) = 0 [pid 6150] mkdir("./bus", 0777 [pid 6164] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6165], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6165 [pid 6164] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6150] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6165 attached [pid 6165] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6165] memfd_create("syzkaller", 0 [pid 6150] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6165] <... memfd_create resumed>) = 3 [pid 6165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 132.145689][ T6150] loop2: detected capacity change from 0 to 63271 [ 132.163700][ T6153] F2FS-fs (loop4): invalid crc value [ 132.189591][ T6150] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 132.203046][ T6153] F2FS-fs (loop4): Found nat_bits in checkpoint [ 132.211595][ T6150] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 132.269700][ T6150] F2FS-fs (loop2): invalid crc value [pid 6162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6153] <... mount resumed>) = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./bus") = 0 [pid 6153] ioctl(4, LOOP_CLR_FD) = 0 [pid 6153] close(4) = 0 [pid 6153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [ 132.310075][ T6150] F2FS-fs (loop2): Found nat_bits in checkpoint [ 132.316452][ T6153] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 132.323502][ T6153] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6153] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... open resumed>) = 4 [pid 6153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6153] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 132.390842][ T26] audit: type=1800 audit(1686875990.826:164): pid=6153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6152] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6152] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6152] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6174], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6174 [pid 6152] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6174 attached [pid 6174] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6174] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6150] <... mount resumed>) = 0 [pid 6174] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 6174] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6150] chdir("./bus") = 0 [pid 6150] ioctl(4, LOOP_CLR_FD) = 0 [pid 6150] close(4) = 0 [pid 6150] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 132.461949][ T6150] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 132.497041][ T6150] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6146] <... futex resumed>) = 0 [pid 6150] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... write resumed>) = 32394836 [pid 6150] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6156] munmap(0x7fedae557000, 32394836 [pid 6150] <... open resumed>) = 4 [pid 6150] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6150] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] <... futex resumed>) = 0 [pid 6150] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6146] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... munmap resumed>) = 0 [pid 6156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 132.558390][ T26] audit: type=1800 audit(1686875990.996:165): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6156] ioctl(4, LOOP_SET_FD, 3 [pid 6146] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6146] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6146] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6175], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6175 [pid 6146] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6175 attached [pid 6175] set_robust_list(0x7fedb043b9e0, 24 [pid 5007] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6175] <... set_robust_list resumed>) = 0 [pid 6175] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 6156] <... ioctl resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6156] close(3) = 0 [pid 6156] mkdir("./bus", 0777 [pid 5007] lstat("./26/bus", [pid 6175] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6156] <... mkdir resumed>) = 0 [ 132.617669][ T6156] loop0: detected capacity change from 0 to 63271 [pid 6156] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6175] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6175] <... futex resumed>) = 1 [pid 6153] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] exit_group(0 [pid 6146] <... futex resumed>) = 0 [pid 5007] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6175] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] <... futex resumed>) = ? [pid 6153] <... futex resumed>) = ? [pid 6152] <... exit_group resumed>) = ? [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6174] +++ exited with 0 +++ [pid 6153] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ [pid 5007] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5007] <... openat resumed>) = 4 [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, [pid 5010] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5007] getdents64(4, [pid 5010] <... openat resumed>) = 3 [pid 5010] fstat(3, [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] close(4 [pid 5010] getdents64(3, [pid 5007] <... close resumed>) = 0 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] rmdir("./26/bus" [pid 5010] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5007] <... rmdir resumed>) = 0 [pid 5007] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./26/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./26") = 0 [pid 5007] mkdir("./27", 0777) = 0 [ 132.669626][ T6156] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6176 ./strace-static-x86_64: Process 6176 attached [pid 6176] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6176] chdir("./27") = 0 [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6176] setpgid(0, 0) = 0 [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6176] write(3, "1000", 4) = 4 [pid 6176] close(3) = 0 [pid 6176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6176] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6176] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [ 132.717822][ T6156] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6176] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6177], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6177 [pid 6176] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6177 attached [pid 6177] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6177] memfd_create("syzkaller", 0) = 3 [pid 6177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6150] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6150] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 132.771344][ T6156] F2FS-fs (loop0): invalid crc value [pid 6146] exit_group(0 [pid 6175] <... futex resumed>) = ? [pid 6165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6150] <... futex resumed>) = ? [pid 6146] <... exit_group resumed>) = ? [pid 6175] +++ exited with 0 +++ [pid 6150] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 132.819871][ T6156] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5008] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6156] <... mount resumed>) = 0 [pid 6156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6156] chdir("./bus") = 0 [pid 6156] ioctl(4, LOOP_CLR_FD) = 0 [pid 6156] close(4) = 0 [pid 6156] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [ 132.946202][ T6156] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 132.955225][ T6156] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6155] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6156] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6156] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] <... futex resumed>) = 0 [pid 6156] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 133.017984][ T26] audit: type=1800 audit(1686875991.456:166): pid=6156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6155] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... write resumed>) = 32394836 [pid 6162] munmap(0x7fedae557000, 32394836 [pid 6155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6155] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6155] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6155] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6182], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6182 [pid 6155] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6182 attached [pid 6182] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6182] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6162] <... munmap resumed>) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6182] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6182] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] ioctl(4, LOOP_SET_FD, 3 [pid 6182] <... futex resumed>) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6182] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] <... ioctl resumed>) = 0 [pid 6162] close(3) = 0 [pid 6162] mkdir("./bus", 0777) = 0 [ 133.140974][ T6162] loop5: detected capacity change from 0 to 63271 [pid 6162] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6156] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6156] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.188792][ T6162] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 133.220035][ T6162] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6155] exit_group(0 [pid 6182] <... futex resumed>) = ? [pid 6155] <... exit_group resumed>) = ? [pid 6182] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ [pid 6155] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 133.295143][ T6162] F2FS-fs (loop5): invalid crc value [ 133.337333][ T6162] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 5006] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6165] <... write resumed>) = 32394836 [pid 6165] munmap(0x7fedae557000, 32394836) = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6165] ioctl(4, LOOP_SET_FD, 3 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./27/bus" [pid 6165] <... ioctl resumed>) = 0 [pid 6165] close(3) = 0 [pid 6165] mkdir("./bus", 0777 [pid 5010] <... rmdir resumed>) = 0 [pid 6165] <... mkdir resumed>) = 0 [pid 5010] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6165] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./27/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./27") = 0 [pid 5010] mkdir("./28", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6187 ./strace-static-x86_64: Process 6187 attached [pid 6187] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6187] chdir("./28") = 0 [pid 6187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6187] setpgid(0, 0) = 0 [pid 6187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6187] write(3, "1000", 4) = 4 [pid 6187] close(3) = 0 [pid 6187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] <... mount resumed>) = 0 [pid 6162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] <... openat resumed>) = 3 [pid 6162] chdir("./bus") = 0 [pid 6187] <... futex resumed>) = 0 [pid 6162] ioctl(4, LOOP_CLR_FD) = 0 [pid 6162] close(4 [pid 6187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6187] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6187] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6188], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6188 [pid 6187] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.479355][ T6165] loop3: detected capacity change from 0 to 63271 [ 133.489212][ T6162] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 133.497841][ T6162] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 133.513671][ T6165] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6188 attached [pid 6188] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6188] memfd_create("syzkaller", 0) = 3 [pid 6188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6162] <... close resumed>) = 0 [pid 6162] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6162] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6162] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6160] <... futex resumed>) = 0 [pid 6160] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... mmap resumed>) = 0x7fedae557000 [pid 6162] <... open resumed>) = 4 [pid 6162] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6160] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 133.568513][ T6165] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 6162] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6160] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6160] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6160] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6189], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6189 [pid 6160] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6189 attached [pid 6189] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6189] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6189] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6189] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./27/bus") = 0 [pid 5008] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./27/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./27") = 0 [pid 5008] mkdir("./28", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6162] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] <... openat resumed>) = 3 [pid 6162] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] ioctl(3, LOOP_CLR_FD [pid 6162] <... futex resumed>) = 0 [pid 5008] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6162] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] exit_group(0 [pid 5008] close(3 [pid 6189] <... futex resumed>) = ? [pid 6162] <... futex resumed>) = ? [pid 6160] <... exit_group resumed>) = ? [pid 6189] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ [pid 5008] <... close resumed>) = 0 [pid 6160] +++ exited with 0 +++ [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6160, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=46 /* 0.46 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6192 [pid 5011] <... restart_syscall resumed>) = 0 [pid 5011] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 133.730983][ T6165] F2FS-fs (loop3): invalid crc value ./strace-static-x86_64: Process 6192 attached [pid 6192] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6192] chdir("./28") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6192] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6192] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6194], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6194 [pid 6192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6194 attached [pid 6194] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6194] memfd_create("syzkaller", 0) = 3 [pid 6194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 133.755294][ T6165] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6165] <... mount resumed>) = 0 [pid 6165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6165] chdir("./bus") = 0 [pid 6165] ioctl(4, LOOP_CLR_FD) = 0 [pid 6165] close(4) = 0 [pid 6165] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6164] <... futex resumed>) = 0 [ 133.871939][ T6165] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 133.883578][ T6165] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6165] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6164] <... futex resumed>) = 0 [pid 6165] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6164] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... write resumed>) = 32394836 [pid 6165] <... open resumed>) = 4 [pid 6177] munmap(0x7fedae557000, 32394836 [pid 6165] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6164] <... futex resumed>) = 0 [pid 6165] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6164] <... futex resumed>) = 0 [pid 6165] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6164] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... munmap resumed>) = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 133.940097][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 133.940109][ T26] audit: type=1800 audit(1686875992.376:168): pid=6165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6177] ioctl(4, LOOP_SET_FD, 3 [pid 6164] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6164] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6164] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6164] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6196], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6196 [pid 6164] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... ioctl resumed>) = 0 [pid 6177] close(3) = 0 [pid 6177] mkdir("./bus", 0777) = 0 [pid 6177] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 6196 attached [ 134.020310][ T6177] loop1: detected capacity change from 0 to 63271 [pid 6196] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6196] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6196] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6164] <... futex resumed>) = 0 [ 134.062193][ T6177] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 134.104451][ T6177] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 6196] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.150015][ T6177] F2FS-fs (loop1): invalid crc value [ 134.168064][ T6165] bio_check_eod: 9 callbacks suppressed [ 134.168078][ T6165] syz-executor278: attempt to access beyond end of device [ 134.168078][ T6165] loop3: rw=2049, sector=77824, nr_sectors = 3720 limit=63271 [ 134.189416][ T6177] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./27/bus") = 0 [pid 5006] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./27/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 6164] exit_group(0 [pid 5006] close(3 [pid 6196] <... futex resumed>) = ? [pid 6164] <... exit_group resumed>) = ? [pid 6196] +++ exited with 0 +++ [pid 5006] <... close resumed>) = 0 [pid 5006] rmdir("./27") = 0 [pid 5006] mkdir("./28", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6200 ./strace-static-x86_64: Process 6200 attached [pid 6200] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6200] chdir("./28") = 0 [ 134.239600][ T6165] syz-executor278: attempt to access beyond end of device [ 134.239600][ T6165] loop3: rw=2049, sector=81544, nr_sectors = 376 limit=63271 [pid 6200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6200] setpgid(0, 0) = 0 [pid 6200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6200] write(3, "1000", 4) = 4 [pid 6200] close(3) = 0 [pid 6200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6200] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6200] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6200] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6201], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6201 [pid 6200] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6165] <... pwritev2 resumed>) = ? [pid 6165] +++ exited with 0 +++ [pid 6164] +++ exited with 0 +++ ./strace-static-x86_64: Process 6201 attached [pid 5011] <... umount2 resumed>) = 0 [pid 6201] set_robust_list(0x7fedb69779e0, 24 [pid 5011] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=43 /* 0.43 s */} --- [pid 6201] <... set_robust_list resumed>) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6201] memfd_create("syzkaller", 0 [pid 5011] lstat("./27/bus", [pid 5009] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5011] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] fstat(3, [pid 6201] <... memfd_create resumed>) = 3 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5011] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] getdents64(3, [pid 5011] fstat(4, [pid 6201] <... mmap resumed>) = 0x7fedae557000 [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./27/bus") = 0 [pid 5011] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./27/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./27") = 0 [pid 5011] mkdir("./28", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6203 ./strace-static-x86_64: Process 6203 attached [pid 6203] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6203] chdir("./28") = 0 [pid 6203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6203] setpgid(0, 0) = 0 [pid 6203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6203] write(3, "1000", 4) = 4 [pid 6203] close(3) = 0 [pid 6203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6203] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6203] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6204], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6204 [pid 6203] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6204 attached [pid 6204] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6204] memfd_create("syzkaller", 0) = 3 [pid 6204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6177] <... mount resumed>) = 0 [pid 6177] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6177] chdir("./bus") = 0 [pid 6177] ioctl(4, LOOP_CLR_FD) = 0 [pid 6177] close(4) = 0 [pid 6177] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6177] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6176] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.398447][ T6177] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 134.408062][ T6177] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6176] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... open resumed>) = 4 [pid 6177] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 134.450657][ T26] audit: type=1800 audit(1686875992.886:169): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6177] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6176] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6205], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6205 [pid 6176] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6205 attached [pid 6205] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6205] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6205] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [ 134.666884][ T6177] syz-executor278: attempt to access beyond end of device [ 134.666884][ T6177] loop1: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 6205] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6177] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] exit_group(0) = ? [pid 6205] <... futex resumed>) = ? [pid 6205] +++ exited with 0 +++ [pid 6177] <... futex resumed>) = ? [pid 6177] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- [pid 5007] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6188] <... write resumed>) = 32394836 [pid 6188] munmap(0x7fedae557000, 32394836) = 0 [pid 6188] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6188] close(3) = 0 [pid 6188] mkdir("./bus", 0777) = 0 [ 134.835666][ T6188] loop4: detected capacity change from 0 to 63271 [ 134.867850][ T6188] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 134.882566][ T6188] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 6188] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 134.924782][ T6188] F2FS-fs (loop4): invalid crc value [pid 6204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 134.971915][ T6188] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 6201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6194] <... write resumed>) = 32394836 [pid 6194] munmap(0x7fedae557000, 32394836) = 0 [pid 6194] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6194] close(3) = 0 [pid 6194] mkdir("./bus", 0777) = 0 [ 135.079500][ T6188] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 135.108902][ T6194] loop2: detected capacity change from 0 to 63271 [ 135.118578][ T6188] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6194] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./27/bus") = 0 [pid 5009] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./27/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./27") = 0 [pid 5009] mkdir("./28", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6188] <... mount resumed>) = 0 [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6188] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6188] chdir("./bus") = 0 [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6210 [pid 6188] ioctl(4, LOOP_CLR_FD) = 0 [pid 6188] close(4) = 0 [pid 6188] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6187] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... futex resumed>) = 1 [pid 6188] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000./strace-static-x86_64: Process 6210 attached [pid 6210] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6210] chdir("./28") = 0 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6210] setpgid(0, 0) = 0 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6210] write(3, "1000", 4) = 4 [ 135.128379][ T6194] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 135.152849][ T6194] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 6210] close(3) = 0 [pid 6188] <... open resumed>) = 4 [pid 6188] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6187] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... futex resumed>) = 1 [pid 6188] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6210] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6210] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6210] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6211], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6211 ./strace-static-x86_64: Process 6211 attached [pid 6210] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] set_robust_list(0x7fedb69779e0, 24 [pid 6210] <... futex resumed>) = 0 [pid 6211] <... set_robust_list resumed>) = 0 [pid 6210] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6211] memfd_create("syzkaller", 0) = 3 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6187] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6187] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6187] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6187] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6187] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6215], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6215 [pid 6187] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6215 attached [pid 6215] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 135.206256][ T26] audit: type=1800 audit(1686875993.646:170): pid=6188 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 135.239436][ T6194] F2FS-fs (loop2): invalid crc value [pid 6215] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6215] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6215] <... futex resumed>) = 1 [ 135.287914][ T6194] F2FS-fs (loop2): Found nat_bits in checkpoint [ 135.345140][ T6188] syz-executor278: attempt to access beyond end of device [ 135.345140][ T6188] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 6215] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 135.411894][ T6194] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 135.434338][ T6194] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 135.453092][ T6188] syz-executor278: attempt to access beyond end of device [pid 5007] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, [pid 6187] exit_group(0 [pid 6215] <... futex resumed>) = ? [pid 6187] <... exit_group resumed>) = ? [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6215] +++ exited with 0 +++ [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 6194] <... mount resumed>) = 0 [pid 5007] rmdir("./27/bus" [pid 6194] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6194] chdir("./bus" [pid 5007] <... rmdir resumed>) = 0 [pid 6194] <... chdir resumed>) = 0 [pid 6194] ioctl(4, LOOP_CLR_FD) = 0 [pid 6194] close(4 [pid 5007] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6194] <... close resumed>) = 0 [pid 6194] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] <... futex resumed>) = 1 [pid 6194] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./27/binderfs") = 0 [pid 6194] <... open resumed>) = 4 [pid 5007] getdents64(3, [pid 6194] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] <... futex resumed>) = 1 [pid 6194] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5007] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./27") = 0 [pid 5007] mkdir("./28", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6217 ./strace-static-x86_64: Process 6217 attached [pid 6217] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6217] chdir("./28") = 0 [pid 6217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6217] setpgid(0, 0) = 0 [pid 6217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6217] write(3, "1000", 4 [pid 6192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6192] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6192] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6192] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6217] <... write resumed>) = 4 [pid 6192] <... mprotect resumed>) = 0 [ 135.453092][ T6188] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 135.488553][ T26] audit: type=1800 audit(1686875993.926:171): pid=6194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6192] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6217] close(3./strace-static-x86_64: Process 6218 attached ) = 0 [pid 6192] <... clone resumed>, parent_tid=[6218], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6218 [pid 6218] set_robust_list(0x7fedb043b9e0, 24 [pid 6217] symlink("/dev/binderfs", "./binderfs" [pid 6201] <... write resumed>) = 32394836 [pid 6192] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6218] <... set_robust_list resumed>) = 0 [pid 6217] <... symlink resumed>) = 0 [pid 6218] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 6217] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] munmap(0x7fedae557000, 32394836 [pid 6217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6217] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6217] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6219], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6219 [pid 6217] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6188] <... pwritev2 resumed>) = ? [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6218] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6218] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... munmap resumed>) = 0 [pid 6192] <... futex resumed>) = 0 [pid 6188] +++ exited with 0 +++ [pid 6187] +++ exited with 0 +++ [pid 6218] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6187, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=46 /* 0.46 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, [pid 6204] <... write resumed>) = 32394836 [pid 6204] munmap(0x7fedae557000, 32394836 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 6201] <... openat resumed>) = 4 [pid 6204] <... munmap resumed>) = 0 [pid 5010] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6204] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6204] ioctl(4, LOOP_SET_FD, 3 [pid 6201] close(3) = 0 [pid 6201] mkdir("./bus", 0777) = 0 [pid 6201] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6204] <... ioctl resumed>) = 0 [pid 6204] close(3) = 0 [pid 6204] mkdir("./bus", 0777) = 0 [ 135.625145][ T6201] loop0: detected capacity change from 0 to 63271 [ 135.627881][ T6194] syz-executor278: attempt to access beyond end of device [ 135.627881][ T6194] loop2: rw=2049, sector=77824, nr_sectors = 2504 limit=63271 [ 135.656382][ T6204] loop5: detected capacity change from 0 to 63271 [ 135.664137][ T6201] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 135.674626][ T6204] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 135.684901][ T6201] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 135.705733][ T6204] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6204] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 135.727829][ T6204] F2FS-fs (loop5): invalid crc value [ 135.734904][ T6201] F2FS-fs (loop0): invalid crc value [ 135.735928][ T6194] syz-executor278: attempt to access beyond end of device [ 135.735928][ T6194] loop2: rw=2049, sector=80328, nr_sectors = 1592 limit=63271 [ 135.777448][ T6204] F2FS-fs (loop5): Found nat_bits in checkpoint [ 135.788168][ T6201] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6194] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6194] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] exit_group(0 [pid 6218] <... futex resumed>) = ? [pid 6192] <... exit_group resumed>) = ? [pid 6218] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 6192] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=42 /* 0.42 s */} --- [pid 5008] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 135.877733][ T6204] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 135.884799][ T6204] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 135.917736][ T6201] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [pid 5008] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6204] <... mount resumed>) = 0 [pid 6204] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6204] chdir("./bus") = 0 [pid 6204] ioctl(4, LOOP_CLR_FD) = 0 [pid 6204] close(4 [pid 6201] <... mount resumed>) = 0 [pid 6201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6201] chdir("./bus") = 0 [pid 6201] ioctl(4, LOOP_CLR_FD) = 0 [pid 6201] close(4) = 0 [pid 6201] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6200] <... futex resumed>) = 0 [pid 6204] <... close resumed>) = 0 [pid 6204] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 1 [pid 6204] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6201] <... open resumed>) = 4 [pid 6201] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] <... futex resumed>) = 0 [pid 6201] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... open resumed>) = 4 [pid 6204] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6203] <... futex resumed>) = 0 [pid 6204] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6203] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.933316][ T6201] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 135.958002][ T26] audit: type=1800 audit(1686875994.396:172): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6200] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6200] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6200] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6228], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6228 [pid 6200] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6228 attached [pid 6228] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6228] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6203] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6203] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6203] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6203] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6203] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6229], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6229 [pid 6203] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6229 attached [pid 6229] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6229] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 6228] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6203] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6229] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6229] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.084522][ T26] audit: type=1800 audit(1686875994.426:173): pid=6204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 136.146327][ T6201] syz-executor278: attempt to access beyond end of device [ 136.146327][ T6201] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 136.190384][ T6204] syz-executor278: attempt to access beyond end of device [ 136.190384][ T6204] loop5: rw=2049, sector=77824, nr_sectors = 4040 limit=63271 [pid 6229] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6203] exit_group(0 [pid 6229] <... futex resumed>) = ? [pid 6203] <... exit_group resumed>) = ? [pid 6229] +++ exited with 0 +++ [ 136.252316][ T6204] syz-executor278: attempt to access beyond end of device [ 136.252316][ T6204] loop5: rw=2049, sector=81864, nr_sectors = 56 limit=63271 [pid 6200] exit_group(0 [pid 6228] <... futex resumed>) = ? [pid 6200] <... exit_group resumed>) = ? [pid 6228] +++ exited with 0 +++ [pid 6201] <... pwritev2 resumed>) = ? [pid 6201] +++ exited with 0 +++ [pid 6200] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6200, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6204] <... pwritev2 resumed>) = ? [pid 6204] +++ exited with 0 +++ [pid 6203] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6203, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./28/bus") = 0 [pid 5010] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./28/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./28") = 0 [pid 5010] mkdir("./29", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6230 ./strace-static-x86_64: Process 6230 attached [pid 6230] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6230] chdir("./29") = 0 [pid 6230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6230] setpgid(0, 0) = 0 [pid 6230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6230] write(3, "1000", 4) = 4 [pid 6230] close(3) = 0 [pid 6230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6230] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... write resumed>) = 32394836 [pid 6230] <... futex resumed>) = 0 [pid 6230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6211] munmap(0x7fedae557000, 32394836 [pid 6230] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6230] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6231], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6231 [pid 6230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6231 attached [pid 6231] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6231] memfd_create("syzkaller", 0) = 3 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6211] <... munmap resumed>) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6211] close(3) = 0 [pid 6211] mkdir("./bus", 0777) = 0 [ 136.461575][ T6211] loop3: detected capacity change from 0 to 63271 [ 136.471011][ T6211] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 136.480693][ T6211] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 136.524107][ T6211] F2FS-fs (loop3): invalid crc value [ 136.569112][ T6211] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6211] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6211] <... mount resumed>) = 0 [pid 6211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./bus") = 0 [pid 6211] ioctl(4, LOOP_CLR_FD) = 0 [pid 6211] close(4) = 0 [pid 6211] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6211] <... futex resumed>) = 0 [pid 6210] <... futex resumed>) = 1 [pid 5008] <... openat resumed>) = 4 [pid 6210] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./28/bus") = 0 [pid 5008] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./28/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./28") = 0 [pid 5008] mkdir("./29", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6211] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5008] <... openat resumed>) = 3 [pid 6211] <... open resumed>) = 4 [ 136.675924][ T6211] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 136.694450][ T6211] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6236 [pid 6211] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6211] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC./strace-static-x86_64: Process 6236 attached [pid 6236] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6236] chdir("./29") = 0 [pid 6236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] setpgid(0, 0 [pid 6219] <... write resumed>) = 32394836 [pid 6236] <... setpgid resumed>) = 0 [pid 6219] munmap(0x7fedae557000, 32394836 [ 136.727633][ T26] audit: type=1800 audit(1686875995.166:174): pid=6211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6236] write(3, "1000", 4) = 4 [pid 6236] close(3) = 0 [pid 6236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6236] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6236] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6236] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6237], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6237 [pid 6236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6219] <... munmap resumed>) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 ./strace-static-x86_64: Process 6237 attached [pid 6219] ioctl(4, LOOP_SET_FD, 3 [pid 6210] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6210] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6210] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6237] set_robust_list(0x7fedb69779e0, 24 [pid 6219] <... ioctl resumed>) = 0 [pid 6210] <... mprotect resumed>) = 0 [pid 6210] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6238], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6238 [pid 6210] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... set_robust_list resumed>) = 0 [pid 6219] close(3 [pid 6210] <... futex resumed>) = 0 [pid 6237] memfd_create("syzkaller", 0 [pid 6219] <... close resumed>) = 0 [pid 6210] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... memfd_create resumed>) = 3 [pid 6219] mkdir("./bus", 0777 [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6219] <... mkdir resumed>) = 0 [pid 6237] <... mmap resumed>) = 0x7fedae557000 [pid 6219] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 6238 attached [pid 6238] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6238] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6238] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] <... futex resumed>) = 0 [ 136.806526][ T6219] loop1: detected capacity change from 0 to 63271 [ 136.836168][ T6219] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 136.844629][ T6219] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 136.894278][ T6219] F2FS-fs (loop1): invalid crc value [ 136.932515][ T6219] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6238] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6211] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] exit_group(0 [pid 6238] <... futex resumed>) = ? [pid 6211] <... futex resumed>) = ? [pid 6210] <... exit_group resumed>) = ? [pid 6238] +++ exited with 0 +++ [pid 6211] +++ exited with 0 +++ [pid 6210] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=38 /* 0.38 s */} --- [pid 5009] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6219] <... mount resumed>) = 0 [pid 6219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6219] chdir("./bus") = 0 [pid 6219] ioctl(4, LOOP_CLR_FD) = 0 [pid 6219] close(4) = 0 [pid 5011] <... umount2 resumed>) = 0 [pid 6219] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 137.033135][ T6219] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 137.052079][ T6219] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6219] <... futex resumed>) = 1 [pid 6217] <... futex resumed>) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6219] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] lstat("./28/bus", [pid 6219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] <... futex resumed>) = 0 [pid 6219] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6217] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6219] <... open resumed>) = 4 [pid 5011] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6219] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6217] <... futex resumed>) = 0 [pid 5011] <... openat resumed>) = 4 [pid 6219] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] fstat(4, [pid 6219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] <... futex resumed>) = 0 [pid 6219] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6217] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./28/bus") = 0 [pid 5011] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./28/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./28") = 0 [pid 5011] mkdir("./29", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6243 ./strace-static-x86_64: Process 6243 attached [pid 6243] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6243] chdir("./29") = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] setpgid(0, 0) = 0 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6243] write(3, "1000", 4) = 4 [pid 6243] close(3) = 0 [pid 6243] symlink("/dev/binderfs", "./binderfs") = 0 [ 137.120881][ T26] audit: type=1800 audit(1686875995.556:175): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6243] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6243] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6217] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6243] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6217] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] <... clone resumed>, parent_tid=[6244], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6244 [pid 6217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6243] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... mmap resumed>) = 0x7fedb041b000 [pid 6243] <... futex resumed>) = 0 [pid 6217] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6243] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] <... mprotect resumed>) = 0 [pid 6217] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6245], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6245 [pid 6217] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6244 attached [pid 6244] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6244] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6245 attached [pid 6245] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6245] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 6244] <... memfd_create resumed>) = 3 [pid 6245] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6245] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = 0 [pid 6245] <... futex resumed>) = 1 [pid 6245] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6219] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6219] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] exit_group(0 [pid 6245] <... futex resumed>) = ? [pid 6219] <... futex resumed>) = ? [pid 6217] <... exit_group resumed>) = ? [pid 6245] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ [pid 6217] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6217, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=39 /* 0.39 s */} --- [pid 5007] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./28/bus") = 0 [pid 5006] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./28/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./28") = 0 [pid 5006] mkdir("./29", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6246 ./strace-static-x86_64: Process 6246 attached [pid 6246] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6246] chdir("./29") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6246] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6247], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6247 [pid 6246] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6247 attached [pid 6247] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6247] memfd_create("syzkaller", 0) = 3 [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6231] <... write resumed>) = 32394836 [pid 6231] munmap(0x7fedae557000, 32394836) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6231] close(3) = 0 [pid 6231] mkdir("./bus", 0777) = 0 [pid 6231] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6237] <... write resumed>) = 32394836 [pid 6237] munmap(0x7fedae557000, 32394836) = 0 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 137.798366][ T6231] loop4: detected capacity change from 0 to 63271 [ 137.829944][ T6231] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5009] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./28/bus") = 0 [pid 5009] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./28/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./28") = 0 [pid 5009] mkdir("./29", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3 [pid 6237] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6237] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... close resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6248 ./strace-static-x86_64: Process 6248 attached [pid 6248] set_robust_list(0x5555556ed5e0, 24 [pid 6237] <... ioctl resumed>) = 0 [pid 6248] <... set_robust_list resumed>) = 0 [pid 6237] close(3) = 0 [pid 6237] mkdir("./bus", 0777 [pid 6248] chdir("./29") = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6237] <... mkdir resumed>) = 0 [pid 6237] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6248] setpgid(0, 0) = 0 [ 137.870183][ T6231] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 137.905367][ T6237] loop2: detected capacity change from 0 to 63271 [ 137.912318][ T6231] F2FS-fs (loop4): invalid crc value [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6248] write(3, "1000", 4) = 4 [pid 6248] close(3) = 0 [pid 6248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6248] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6248] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6250], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6250 [pid 6248] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6250 attached [pid 6250] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6250] memfd_create("syzkaller", 0) = 3 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 137.930101][ T6237] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 137.954255][ T6237] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 137.963403][ T6231] F2FS-fs (loop4): Found nat_bits in checkpoint [ 138.015705][ T6237] F2FS-fs (loop2): invalid crc value [pid 6247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6231] <... mount resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5007] lstat("./28/bus", [pid 6231] chdir("./bus") = 0 [pid 5007] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6231] ioctl(4, LOOP_CLR_FD [pid 5007] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6231] <... ioctl resumed>) = 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6231] close(4 [pid 5007] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6231] <... close resumed>) = 0 [ 138.054027][ T6237] F2FS-fs (loop2): Found nat_bits in checkpoint [ 138.083278][ T6231] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 138.095553][ T6231] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... openat resumed>) = 4 [pid 6231] <... futex resumed>) = 1 [pid 6230] <... futex resumed>) = 0 [pid 5007] fstat(4, [pid 6231] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6230] <... futex resumed>) = 0 [pid 5007] getdents64(4, [pid 6230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 6231] <... open resumed>) = 4 [pid 5007] getdents64(4, [pid 6231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 6231] <... futex resumed>) = 1 [pid 6230] <... futex resumed>) = 0 [pid 5007] close(4 [pid 6231] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6230] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... close resumed>) = 0 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] rmdir("./28/bus") = 0 [pid 5007] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./28/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./28") = 0 [pid 5007] mkdir("./29", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6258 ./strace-static-x86_64: Process 6258 attached [ 138.138690][ T26] audit: type=1800 audit(1686875996.576:176): pid=6231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6258] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6258] chdir("./29") = 0 [pid 6258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6258] setpgid(0, 0) = 0 [pid 6230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6230] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] <... openat resumed>) = 3 [pid 6230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6258] write(3, "1000", 4) = 4 [pid 6230] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6258] close(3) = 0 [pid 6230] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6230] <... clone resumed>, parent_tid=[6259], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6259 [pid 6258] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6230] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6259 attached [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6230] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] set_robust_list(0x7fedb043b9e0, 24 [pid 6258] <... mmap resumed>) = 0x7fedb6957000 [pid 6237] <... mount resumed>) = 0 [pid 6259] <... set_robust_list resumed>) = 0 [pid 6258] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6259] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 6258] <... mprotect resumed>) = 0 [pid 6237] <... openat resumed>) = 3 [pid 6258] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6259] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6237] chdir("./bus" [pid 6259] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... clone resumed>, parent_tid=[6260], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6260 [pid 6237] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6260 attached [pid 6260] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6258] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] ioctl(4, LOOP_CLR_FD [pid 6230] <... futex resumed>) = 0 [ 138.186707][ T6237] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 138.193782][ T6237] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6259] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6258] <... futex resumed>) = 0 [pid 6237] <... ioctl resumed>) = 0 [pid 6258] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6237] close(4) = 0 [pid 6260] memfd_create("syzkaller", 0) = 3 [pid 6260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] <... futex resumed>) = 0 [pid 6237] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6236] <... futex resumed>) = 0 [pid 6237] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... open resumed>) = 4 [pid 6237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] <... futex resumed>) = 0 [pid 6237] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6236] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6236] <... futex resumed>) = 0 [pid 6237] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 138.262472][ T26] audit: type=1800 audit(1686875996.696:177): pid=6237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6236] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6231] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6231] <... futex resumed>) = 0 [pid 6230] exit_group(0 [pid 6259] <... futex resumed>) = ? [pid 6236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6230] <... exit_group resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6236] <... mmap resumed>) = 0x7fedb041b000 [pid 6231] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ [pid 6236] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6230, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- [pid 6236] <... mprotect resumed>) = 0 [pid 5010] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6236] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] <... openat resumed>) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6236] <... clone resumed>, parent_tid=[6261], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6261 [pid 5010] getdents64(3, [pid 6236] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6261 attached [pid 6261] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6261] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6244] <... write resumed>) = 32394836 [pid 6244] munmap(0x7fedae557000, 32394836 [pid 6261] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6261] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] <... munmap resumed>) = 0 [pid 6237] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6244] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6237] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] exit_group(0 [pid 6237] <... futex resumed>) = ? [pid 6261] <... futex resumed>) = ? [pid 6236] <... exit_group resumed>) = ? [pid 6244] <... openat resumed>) = 4 [pid 6261] +++ exited with 0 +++ [pid 6237] +++ exited with 0 +++ [pid 6244] ioctl(4, LOOP_SET_FD, 3 [pid 6236] +++ exited with 0 +++ [pid 6244] <... ioctl resumed>) = 0 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6236, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=32 /* 0.32 s */} --- [pid 5008] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6244] close(3) = 0 [pid 6244] mkdir("./bus", 0777) = 0 [ 138.456039][ T6244] loop5: detected capacity change from 0 to 63271 [ 138.477532][ T6244] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6244] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6247] <... write resumed>) = 32394836 [pid 6247] munmap(0x7fedae557000, 32394836) = 0 [ 138.515024][ T6244] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6247] <... openat resumed>) = 4 [pid 6247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6247] close(3) = 0 [pid 6247] mkdir("./bus", 0777) = 0 [ 138.570153][ T6244] F2FS-fs (loop5): invalid crc value [ 138.576900][ T6247] loop0: detected capacity change from 0 to 63271 [ 138.603050][ T6247] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 138.621247][ T6244] F2FS-fs (loop5): Found nat_bits in checkpoint [ 138.637298][ T6247] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6247] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6244] <... mount resumed>) = 0 [pid 6244] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./bus") = 0 [pid 6244] ioctl(4, LOOP_CLR_FD) = 0 [ 138.713682][ T6244] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 138.741377][ T6244] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6244] close(4) = 0 [pid 6244] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 0 [pid 6244] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6244] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6244] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6243] <... futex resumed>) = 0 [pid 6244] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 138.780908][ T6247] F2FS-fs (loop0): invalid crc value [pid 6243] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6243] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6243] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6243] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6269], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6269 [pid 6243] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6269 attached [pid 6269] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6269] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6269] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [ 138.831355][ T6247] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6269] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6244] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6244] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] exit_group(0 [pid 6269] <... futex resumed>) = ? [pid 6243] <... exit_group resumed>) = ? [pid 6269] +++ exited with 0 +++ [pid 6244] <... futex resumed>) = ? [pid 6244] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=36 /* 0.36 s */} --- [pid 6247] <... mount resumed>) = 0 [pid 5011] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6247] <... openat resumed>) = 3 [pid 5011] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6247] chdir("./bus" [pid 5011] <... openat resumed>) = 3 [pid 6247] <... chdir resumed>) = 0 [pid 5011] fstat(3, [pid 6247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6247] close(4 [pid 5011] getdents64(3, [pid 6247] <... close resumed>) = 0 [pid 6247] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 6247] <... futex resumed>) = 1 [pid 6246] <... futex resumed>) = 0 [pid 5011] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 138.970201][ T6247] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 138.995523][ T6247] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6247] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6247] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6247] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6246] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6247] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6246] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6246] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6246] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6246] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6246] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6271], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6271 [ 139.021578][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 139.021591][ T26] audit: type=1800 audit(1686875997.456:179): pid=6247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6246] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6271 attached [pid 6271] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6271] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 5010] <... umount2 resumed>) = 0 [pid 6271] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 5010] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./29/bus", [pid 6271] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6246] <... futex resumed>) = 0 [pid 6271] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./29/bus") = 0 [pid 5010] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./29/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./29") = 0 [pid 5010] mkdir("./30", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6272 ./strace-static-x86_64: Process 6272 attached [pid 6272] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6272] chdir("./30" [pid 6247] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6272] <... chdir resumed>) = 0 [pid 6247] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6247] <... futex resumed>) = 0 [pid 6272] <... prctl resumed>) = 0 [pid 6246] exit_group(0 [pid 6272] setpgid(0, 0) = 0 [pid 6271] <... futex resumed>) = ? [pid 6246] <... exit_group resumed>) = ? [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6271] +++ exited with 0 +++ [pid 6272] <... openat resumed>) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6247] +++ exited with 0 +++ [pid 6246] +++ exited with 0 +++ [pid 6272] close(3) = 0 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=43 /* 0.43 s */} --- [pid 6272] symlink("/dev/binderfs", "./binderfs" [pid 5006] restart_syscall(<... resuming interrupted clone ...> [pid 6272] <... symlink resumed>) = 0 [pid 5008] <... umount2 resumed>) = 0 [pid 5006] <... restart_syscall resumed>) = 0 [pid 6272] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] <... futex resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5008] lstat("./29/bus", [pid 5006] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] <... mmap resumed>) = 0x7fedb6957000 [pid 5008] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6272] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5008] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6272] <... mprotect resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] <... openat resumed>) = 3 [pid 6272] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5008] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5006] fstat(3, [pid 5008] <... openat resumed>) = 4 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6272] <... clone resumed>, parent_tid=[6273], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6273 [pid 6272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] fstat(4, [pid 5006] getdents64(3, [pid 6272] <... futex resumed>) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 6272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./29/bus") = 0 [pid 5008] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./29/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./29") = 0 [pid 5008] mkdir("./30", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6274 ./strace-static-x86_64: Process 6273 attached [pid 6273] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 ./strace-static-x86_64: Process 6274 attached [pid 6274] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6274] chdir("./30") = 0 [pid 6274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6274] setpgid(0, 0) = 0 [pid 6274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6274] write(3, "1000", 4) = 4 [pid 6250] <... write resumed>) = 32394836 [pid 6274] close(3) = 0 [pid 6274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6274] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6274] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6274] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6275], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6275 [pid 6274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6275 attached [pid 6275] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6275] memfd_create("syzkaller", 0) = 3 [pid 6275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6250] munmap(0x7fedae557000, 32394836) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6250] close(3) = 0 [pid 6250] mkdir("./bus", 0777) = 0 [ 139.323270][ T6250] loop3: detected capacity change from 0 to 63271 [ 139.359233][ T6250] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 139.398883][ T6250] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 139.452062][ T6250] F2FS-fs (loop3): invalid crc value [pid 6250] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6260] <... write resumed>) = 32394836 [pid 6260] munmap(0x7fedae557000, 32394836) = 0 [pid 6260] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 139.499760][ T6250] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6260] close(3) = 0 [pid 6260] mkdir("./bus", 0777) = 0 [ 139.549623][ T6260] loop1: detected capacity change from 0 to 63271 [ 139.563796][ T6260] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 139.597127][ T6260] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 139.612842][ T6260] F2FS-fs (loop1): invalid crc value [ 139.624577][ T6250] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 6260] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6250] <... mount resumed>) = 0 [pid 6250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6250] chdir("./bus") = 0 [pid 6250] ioctl(4, LOOP_CLR_FD) = 0 [pid 6250] close(4) = 0 [pid 6250] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... futex resumed>) = 1 [ 139.644942][ T6250] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 139.657099][ T6260] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6250] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6250] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] <... futex resumed>) = 1 [pid 6250] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6248] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6248] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6248] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6283], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6283 [pid 6248] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 139.711006][ T26] audit: type=1800 audit(1686875998.146:180): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6248] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 6283 attached [pid 6283] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6283] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6283] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] <... futex resumed>) = 0 [pid 6283] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./29/bus", [pid 6275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5011] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 139.794912][ T6260] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./29/bus") = 0 [pid 5011] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./29/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./29") = 0 [pid 5011] mkdir("./30", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6285 [pid 6260] <... mount resumed>) = 0 [ 139.835981][ T6250] bio_check_eod: 13 callbacks suppressed [ 139.835993][ T6250] syz-executor278: attempt to access beyond end of device [ 139.835993][ T6250] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 139.836330][ T6260] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 139.861017][ T6250] syz-executor278: attempt to access beyond end of device [ 139.861017][ T6250] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5006] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6285 attached [pid 6260] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5006] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6285] set_robust_list(0x5555556ed5e0, 24 [pid 6260] <... openat resumed>) = 3 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6285] <... set_robust_list resumed>) = 0 [pid 6260] chdir("./bus" [pid 5006] lstat("./29/bus", [pid 6285] chdir("./30" [pid 6260] <... chdir resumed>) = 0 [pid 6285] <... chdir resumed>) = 0 [pid 6260] ioctl(4, LOOP_CLR_FD [pid 6285] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6285] <... prctl resumed>) = 0 [pid 6285] setpgid(0, 0) = 0 [pid 6260] <... ioctl resumed>) = 0 [pid 6250] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5006] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6260] close(4 [pid 6250] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] exit_group(0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6285] <... openat resumed>) = 3 [pid 6260] <... close resumed>) = 0 [pid 6285] write(3, "1000", 4) = 4 [pid 6285] close(3) = 0 [pid 6285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6285] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6285] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6286], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6286 [pid 6285] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6250] <... futex resumed>) = ? [pid 6283] <... futex resumed>) = ? [pid 6260] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... exit_group resumed>) = ? [pid 5006] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6283] +++ exited with 0 +++ [pid 6260] <... futex resumed>) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] +++ exited with 0 +++ [pid 6260] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6248] +++ exited with 0 +++ [pid 5006] <... openat resumed>) = 4 [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6248, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=44 /* 0.44 s */} --- [pid 5006] fstat(4, ./strace-static-x86_64: Process 6286 attached [pid 6260] <... open resumed>) = 4 [pid 5009] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6286] set_robust_list(0x7fedb69779e0, 24 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6286] <... set_robust_list resumed>) = 0 [pid 5009] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6286] memfd_create("syzkaller", 0 [pid 5009] <... openat resumed>) = 3 [pid 6286] <... memfd_create resumed>) = 3 [pid 5009] fstat(3, [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6286] <... mmap resumed>) = 0x7fedae557000 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6260] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6260] <... futex resumed>) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6260] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6258] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] getdents64(4, [pid 6260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6258] <... futex resumed>) = 0 [pid 6260] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6258] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./29/bus") = 0 [pid 5006] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./29/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./29") = 0 [pid 5006] mkdir("./30", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6287 ./strace-static-x86_64: Process 6287 attached [pid 6287] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6287] chdir("./30") = 0 [ 139.949179][ T26] audit: type=1800 audit(1686875998.386:181): pid=6260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6287] setpgid(0, 0) = 0 [pid 6287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6287] write(3, "1000", 4 [pid 6258] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6287] <... write resumed>) = 4 [pid 6258] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] close(3 [pid 6258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6287] <... close resumed>) = 0 [pid 6258] <... mmap resumed>) = 0x7fedb041b000 [pid 6287] symlink("/dev/binderfs", "./binderfs" [pid 6258] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6287] <... symlink resumed>) = 0 [pid 6258] <... mprotect resumed>) = 0 [pid 6287] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6287] <... futex resumed>) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6258] <... clone resumed>, parent_tid=[6288], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6288 [pid 6287] <... mmap resumed>) = 0x7fedb6957000 [pid 6258] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6258] <... futex resumed>) = 0 [pid 6258] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6288 attached [pid 6287] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6288] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6287] <... clone resumed>, parent_tid=[6289], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6289 [pid 6288] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 6287] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6288] <... futex resumed>) = 1 [pid 6258] <... futex resumed>) = 0 [pid 6288] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6289 attached [pid 6289] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6289] memfd_create("syzkaller", 0) = 3 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 140.067875][ T6260] syz-executor278: attempt to access beyond end of device [ 140.067875][ T6260] loop1: rw=2049, sector=77824, nr_sectors = 2056 limit=63271 [ 140.093393][ T6260] syz-executor278: attempt to access beyond end of device [ 140.093393][ T6260] loop1: rw=2049, sector=79880, nr_sectors = 2040 limit=63271 [pid 6260] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6260] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] exit_group(0) = ? [pid 6288] <... futex resumed>) = ? [pid 6288] +++ exited with 0 +++ [pid 6260] +++ exited with 0 +++ [pid 6258] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6258, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=41 /* 0.41 s */} --- [pid 5007] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6273] <... write resumed>) = 32394836 [pid 6273] munmap(0x7fedae557000, 32394836) = 0 [pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6273] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3 [pid 6286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6273] <... ioctl resumed>) = 0 [pid 6273] close(3) = 0 [pid 6273] mkdir("./bus", 0777) = 0 [ 140.564844][ T6273] loop4: detected capacity change from 0 to 63271 [pid 6273] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] <... umount2 resumed>) = 0 [ 140.609540][ T6273] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 140.635479][ T6273] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5009] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, [pid 6275] <... write resumed>) = 32394836 [pid 5009] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [ 140.666149][ T6273] F2FS-fs (loop4): invalid crc value [pid 6275] munmap(0x7fedae557000, 32394836 [pid 5009] rmdir("./29/bus") = 0 [pid 5009] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./29/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./29") = 0 [pid 5009] mkdir("./30", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 6275] <... munmap resumed>) = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6275] ioctl(4, LOOP_SET_FD, 3 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6293 ./strace-static-x86_64: Process 6293 attached [pid 6293] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6293] chdir("./30") = 0 [pid 6293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6293] setpgid(0, 0) = 0 [pid 6293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6293] write(3, "1000", 4) = 4 [pid 6293] close(3) = 0 [pid 6293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6293] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6275] <... ioctl resumed>) = 0 [pid 6293] <... mmap resumed>) = 0x7fedb6957000 [pid 6275] close(3 [pid 6293] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6275] <... close resumed>) = 0 [pid 6293] <... mprotect resumed>) = 0 [pid 6275] mkdir("./bus", 0777 [pid 6293] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6275] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6294 attached [ 140.687053][ T6273] F2FS-fs (loop4): Found nat_bits in checkpoint [ 140.723732][ T6275] loop2: detected capacity change from 0 to 63271 [pid 6275] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6294] set_robust_list(0x7fedb69779e0, 24 [pid 6293] <... clone resumed>, parent_tid=[6294], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6294 [pid 6293] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... set_robust_list resumed>) = 0 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6294] memfd_create("syzkaller", 0) = 3 [pid 6294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6273] <... mount resumed>) = 0 [pid 6273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6273] chdir("./bus") = 0 [pid 6273] ioctl(4, LOOP_CLR_FD) = 0 [ 140.766396][ T6275] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 140.774852][ T6275] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 140.797894][ T6273] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 140.804943][ T6273] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6273] close(4) = 0 [pid 6273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6273] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... open resumed>) = 4 [pid 6273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6272] <... futex resumed>) = 0 [ 140.850733][ T6275] F2FS-fs (loop2): invalid crc value [ 140.864385][ T26] audit: type=1800 audit(1686875999.296:182): pid=6273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6272] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... umount2 resumed>) = 0 [pid 6272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6272] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6272] <... mmap resumed>) = 0x7fedb041b000 [pid 5007] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5007] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6272] <... mprotect resumed>) = 0 [pid 5007] <... openat resumed>) = 4 [pid 6272] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4 [pid 6272] <... clone resumed>, parent_tid=[6299], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6299 [pid 5007] <... close resumed>) = 0 [pid 5007] rmdir("./29/bus" [pid 6272] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... rmdir resumed>) = 0 [pid 5007] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6272] <... futex resumed>) = 0 [pid 5007] unlink("./29/binderfs") = 0 [pid 6272] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./29") = 0 [pid 5007] mkdir("./30", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6300 ./strace-static-x86_64: Process 6300 attached [pid 6300] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6300] chdir("./30") = 0 [ 140.921976][ T6275] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 6299 attached [pid 6300] setpgid(0, 0) = 0 [pid 6299] set_robust_list(0x7fedb043b9e0, 24 [pid 6300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6299] <... set_robust_list resumed>) = 0 [pid 6300] <... openat resumed>) = 3 [pid 6299] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 6300] write(3, "1000", 4) = 4 [pid 6299] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6300] close(3 [pid 6299] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... close resumed>) = 0 [pid 6299] <... futex resumed>) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6300] symlink("/dev/binderfs", "./binderfs" [pid 6299] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] <... symlink resumed>) = 0 [pid 6300] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6300] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6301], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6301 [pid 6300] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6301 attached [pid 6301] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6301] memfd_create("syzkaller", 0) = 3 [pid 6301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 141.020966][ T6273] syz-executor278: attempt to access beyond end of device [ 141.020966][ T6273] loop4: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 141.051670][ T6275] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 6289] <... write resumed>) = 32394836 [pid 6289] munmap(0x7fedae557000, 32394836 [pid 6275] <... mount resumed>) = 0 [pid 6275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6273] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6275] chdir("./bus" [pid 6273] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... chdir resumed>) = 0 [pid 6273] <... futex resumed>) = 0 [pid 6275] ioctl(4, LOOP_CLR_FD [pid 6272] exit_group(0 [pid 6275] <... ioctl resumed>) = 0 [pid 6272] <... exit_group resumed>) = ? [pid 6299] <... futex resumed>) = ? [pid 6275] close(4 [pid 6299] +++ exited with 0 +++ [pid 6275] <... close resumed>) = 0 [pid 6275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [ 141.077924][ T6275] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6275] <... futex resumed>) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6275] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... munmap resumed>) = 0 [pid 6275] <... open resumed>) = 4 [pid 6273] +++ exited with 0 +++ [pid 6272] +++ exited with 0 +++ [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=38 /* 0.38 s */} --- [pid 6289] <... openat resumed>) = 4 [pid 6275] <... futex resumed>) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6289] ioctl(4, LOOP_SET_FD, 3 [pid 6275] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5010] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6275] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6289] <... ioctl resumed>) = 0 [pid 6274] <... futex resumed>) = 0 [pid 5010] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6289] close(3 [pid 6274] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... openat resumed>) = 3 [pid 6289] <... close resumed>) = 0 [pid 5010] fstat(3, [pid 6289] mkdir("./bus", 0777 [pid 5010] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6289] <... mkdir resumed>) = 0 [pid 5010] getdents64(3, [pid 6289] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5010] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [ 141.142605][ T26] audit: type=1800 audit(1686875999.576:183): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 141.176983][ T6289] loop0: detected capacity change from 0 to 63271 [pid 5010] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6274] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6274] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6274] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6303], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6303 [pid 6274] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6303 attached [ 141.198414][ T6289] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 141.220647][ T6289] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6303] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6303] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6303] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [ 141.266536][ T6289] F2FS-fs (loop0): invalid crc value [pid 6303] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] <... write resumed>) = 32394836 [ 141.300292][ T6275] syz-executor278: attempt to access beyond end of device [ 141.300292][ T6275] loop2: rw=2049, sector=77824, nr_sectors = 3640 limit=63271 [ 141.328184][ T6289] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6286] munmap(0x7fedae557000, 32394836) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 141.359262][ T6275] syz-executor278: attempt to access beyond end of device [ 141.359262][ T6275] loop2: rw=2049, sector=81464, nr_sectors = 456 limit=63271 [ 141.387918][ T6286] loop5: detected capacity change from 0 to 63271 [pid 6286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6286] close(3) = 0 [pid 6286] mkdir("./bus", 0777) = 0 [pid 6286] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6275] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6275] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6274] exit_group(0 [pid 6303] <... futex resumed>) = ? [pid 6275] <... futex resumed>) = ? [pid 6274] <... exit_group resumed>) = ? [pid 6303] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ [pid 6274] +++ exited with 0 +++ [pid 6289] <... mount resumed>) = 0 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6274, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=44 /* 0.44 s */} --- [ 141.415124][ T6289] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 141.423263][ T6286] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 141.434662][ T6289] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6289] chdir("./bus") = 0 [pid 6289] ioctl(4, LOOP_CLR_FD) = 0 [pid 6289] close(4 [pid 5008] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6289] <... close resumed>) = 0 [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6289] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6289] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6287] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... open resumed>) = 4 [ 141.466427][ T6286] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6289] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6289] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6287] <... futex resumed>) = 0 [ 141.498551][ T26] audit: type=1800 audit(1686875999.936:184): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6287] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6287] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6287] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6287] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6287] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6308], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6308 [pid 6287] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6308 attached [pid 6308] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6308] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6308] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] <... futex resumed>) = 0 [ 141.606934][ T6286] F2FS-fs (loop5): invalid crc value [ 141.649608][ T6286] F2FS-fs (loop5): Found nat_bits in checkpoint [ 141.686897][ T6289] syz-executor278: attempt to access beyond end of device [ 141.686897][ T6289] loop0: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 6301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6294] <... write resumed>) = 32394836 [pid 6294] munmap(0x7fedae557000, 32394836) = 0 [pid 6289] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6286] <... mount resumed>) = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6289] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] <... openat resumed>) = 4 [pid 6289] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6294] ioctl(4, LOOP_SET_FD, 3 [pid 6286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6287] exit_group(0 [pid 6308] <... futex resumed>) = ? [pid 6287] <... exit_group resumed>) = ? [pid 6308] +++ exited with 0 +++ [pid 6289] <... futex resumed>) = ? [pid 6286] <... openat resumed>) = 3 [pid 6289] +++ exited with 0 +++ [pid 6287] +++ exited with 0 +++ [pid 6286] chdir("./bus") = 0 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6287, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=39 /* 0.39 s */} --- [pid 6286] ioctl(4, LOOP_CLR_FD [pid 5006] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6286] <... ioctl resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6286] close(4 [pid 5006] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, [pid 6286] <... close resumed>) = 0 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6294] <... ioctl resumed>) = 0 [pid 6286] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] getdents64(3, [pid 6294] close(3 [pid 6286] <... futex resumed>) = 1 [pid 6285] <... futex resumed>) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 6294] <... close resumed>) = 0 [pid 6286] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6294] mkdir("./bus", 0777 [pid 6286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6285] <... futex resumed>) = 0 [pid 6286] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6285] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... mkdir resumed>) = 0 [ 141.770704][ T6286] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 141.782486][ T6286] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 141.809249][ T6294] loop3: detected capacity change from 0 to 63271 [pid 6294] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6286] <... open resumed>) = 4 [pid 6286] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6285] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.848443][ T6294] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 141.857987][ T26] audit: type=1800 audit(1686876000.296:185): pid=6286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6285] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6285] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6285] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6313], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6313 [pid 6285] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6313 attached [pid 6313] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6313] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6313] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [ 141.901442][ T6294] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 141.932763][ T6294] F2FS-fs (loop3): invalid crc value [pid 6313] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [ 141.984283][ T6286] syz-executor278: attempt to access beyond end of device [ 141.984283][ T6286] loop5: rw=2049, sector=77824, nr_sectors = 2280 limit=63271 [ 142.011804][ T6294] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 5010] rmdir("./30/bus") = 0 [pid 5010] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./30/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./30") = 0 [pid 5010] mkdir("./31", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6317 ./strace-static-x86_64: Process 6317 attached [pid 6317] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6317] chdir("./31") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [ 142.063078][ T6286] syz-executor278: attempt to access beyond end of device [ 142.063078][ T6286] loop5: rw=2049, sector=80104, nr_sectors = 1816 limit=63271 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6317] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6317] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6319], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6319 [pid 6317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6319 attached [pid 6319] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6319] memfd_create("syzkaller", 0) = 3 [pid 6319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6285] exit_group(0 [pid 6313] <... futex resumed>) = ? [pid 6285] <... exit_group resumed>) = ? [pid 6313] +++ exited with 0 +++ [pid 6294] <... mount resumed>) = 0 [pid 6294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6286] <... pwritev2 resumed>) = ? [pid 6294] <... openat resumed>) = 3 [pid 6286] +++ exited with 0 +++ [pid 6294] chdir("./bus" [pid 6285] +++ exited with 0 +++ [pid 6294] <... chdir resumed>) = 0 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6285, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- [pid 6294] ioctl(4, LOOP_CLR_FD [pid 5011] restart_syscall(<... resuming interrupted clone ...> [pid 6294] <... ioctl resumed>) = 0 [ 142.110277][ T6294] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 142.123530][ T6294] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 5011] <... restart_syscall resumed>) = 0 [pid 6294] close(4) = 0 [pid 5011] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6294] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... open resumed>) = 4 [pid 6294] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6294] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6293] <... futex resumed>) = 0 [pid 6294] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 142.188444][ T26] audit: type=1800 audit(1686876000.626:186): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6293] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6293] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 5008] <... umount2 resumed>) = 0 [pid 6301] <... write resumed>) = 32394836 [pid 6301] munmap(0x7fedae557000, 32394836 [pid 6293] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6320], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6320 [pid 6293] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 6320 attached [pid 6320] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6320] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6301] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6320] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... openat resumed>) = 4 [pid 6320] <... futex resumed>) = 1 [pid 6301] ioctl(4, LOOP_SET_FD, 3 [pid 6293] <... futex resumed>) = 0 [pid 6320] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./30/bus") = 0 [pid 5008] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./30/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./30" [pid 6301] <... ioctl resumed>) = 0 [pid 5008] <... rmdir resumed>) = 0 [pid 6301] close(3) = 0 [pid 5008] mkdir("./31", 0777 [pid 6301] mkdir("./bus", 0777 [pid 6294] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5008] <... mkdir resumed>) = 0 [pid 6301] <... mkdir resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6301] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6294] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... openat resumed>) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [ 142.320331][ T6301] loop1: detected capacity change from 0 to 63271 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6321 ./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6321] chdir("./31") = 0 [pid 6321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6321] setpgid(0, 0) = 0 [pid 6321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6321] write(3, "1000", 4) = 4 [pid 6321] close(3) = 0 [pid 6321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6321] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6321] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6321] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6322], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6322 [pid 6321] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 0 [pid 6293] exit_group(0) = ? [pid 6320] <... futex resumed>) = ? [pid 6294] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ [pid 6293] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6293, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=36 /* 0.36 s */} --- ./strace-static-x86_64: Process 6322 attached [pid 6322] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5009] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6322] memfd_create("syzkaller", 0 [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] <... memfd_create resumed>) = 3 [pid 5009] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5009] <... openat resumed>) = 3 [pid 6322] <... mmap resumed>) = 0x7fedae557000 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 142.368224][ T6301] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [ 142.392154][ T6301] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 142.541066][ T6301] F2FS-fs (loop1): invalid crc value [ 142.598288][ T6301] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5009] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./30/bus") = 0 [pid 5006] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./30/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./30") = 0 [pid 5006] mkdir("./31", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6327 [pid 6301] <... mount resumed>) = 0 [pid 6301] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6327 attached ) = 3 [pid 6327] set_robust_list(0x5555556ed5e0, 24 [pid 6301] chdir("./bus" [pid 6327] <... set_robust_list resumed>) = 0 [pid 6301] <... chdir resumed>) = 0 [pid 6327] chdir("./31" [pid 6301] ioctl(4, LOOP_CLR_FD [pid 6327] <... chdir resumed>) = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6301] <... ioctl resumed>) = 0 [pid 6327] <... prctl resumed>) = 0 [pid 6327] setpgid(0, 0) = 0 [ 142.678718][ T6301] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 142.698646][ T6301] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6327] write(3, "1000", 4) = 4 [pid 6327] close(3 [pid 6301] close(4 [pid 6327] <... close resumed>) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs" [pid 6301] <... close resumed>) = 0 [pid 6327] <... symlink resumed>) = 0 [pid 6327] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6327] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6328], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6328 [pid 6327] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6301] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6300] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... open resumed>) = 4 [pid 6319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6301] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] <... futex resumed>) = 0 [pid 6301] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6300] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6300] <... futex resumed>) = 0 [pid 6301] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6300] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 6328 attached [ 142.778402][ T26] audit: type=1800 audit(1686876001.216:187): pid=6301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6328] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6328] memfd_create("syzkaller", 0) = 3 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6300] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6300] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6329], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6329 [pid 6300] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6329 attached [pid 6329] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6329] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus" [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./30/bus", [pid 6329] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6329] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6329] <... futex resumed>) = 1 [pid 6300] <... futex resumed>) = 0 [pid 5011] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6329] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./30/bus") = 0 [pid 5011] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./30/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./30") = 0 [pid 5011] mkdir("./31", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6330 ./strace-static-x86_64: Process 6330 attached [pid 6330] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6330] chdir("./31") = 0 [pid 6330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6330] setpgid(0, 0) = 0 [pid 6330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6330] write(3, "1000", 4) = 4 [pid 6330] close(3) = 0 [pid 6330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6330] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6330] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6331], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6331 [pid 6330] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6331 attached [pid 6331] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6331] memfd_create("syzkaller", 0) = 3 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6301] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6301] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] exit_group(0 [pid 6329] <... futex resumed>) = ? [pid 6301] <... futex resumed>) = ? [pid 6300] <... exit_group resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6301] +++ exited with 0 +++ [pid 6300] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6300, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=38 /* 0.38 s */} --- [pid 5007] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./30/bus") = 0 [pid 5009] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./30/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./30") = 0 [pid 5009] mkdir("./31", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6332 [pid 6328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 6332 attached [pid 6332] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6332] chdir("./31") = 0 [pid 6332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6332] setpgid(0, 0) = 0 [pid 6332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6332] write(3, "1000", 4) = 4 [pid 6332] close(3) = 0 [pid 6332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6332] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6332] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6333], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6333 [pid 6332] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6333 attached [pid 6333] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6333] memfd_create("syzkaller", 0) = 3 [pid 6333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6322] <... write resumed>) = 32394836 [pid 6322] munmap(0x7fedae557000, 32394836) = 0 [pid 6322] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6322] close(3) = 0 [pid 6322] mkdir("./bus", 0777) = 0 [ 143.398415][ T6322] loop2: detected capacity change from 0 to 63271 [ 143.418269][ T6322] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 143.451596][ T6322] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 143.476571][ T6322] F2FS-fs (loop2): invalid crc value [pid 6322] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6319] <... write resumed>) = 32394836 [pid 6319] munmap(0x7fedae557000, 32394836) = 0 [pid 6319] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 143.509857][ T6322] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6319] close(3) = 0 [pid 6319] mkdir("./bus", 0777) = 0 [ 143.565872][ T6319] loop4: detected capacity change from 0 to 63271 [ 143.599550][ T6319] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 143.605772][ T6322] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 6319] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6322] <... mount resumed>) = 0 [pid 6322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6322] chdir("./bus") = 0 [pid 6322] ioctl(4, LOOP_CLR_FD) = 0 [pid 6322] close(4) = 0 [pid 6322] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6322] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 143.615659][ T6322] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 143.635037][ T6319] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 6321] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... open resumed>) = 4 [pid 6322] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6322] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 143.679973][ T26] audit: type=1800 audit(1686876002.116:188): pid=6322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 143.717011][ T6319] F2FS-fs (loop4): invalid crc value [pid 6321] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6321] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6321] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6321] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6341], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6341 [pid 6321] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6341 attached [pid 6341] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6341] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6341] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6341] <... futex resumed>) = 1 [pid 6333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [ 143.753496][ T6319] F2FS-fs (loop4): Found nat_bits in checkpoint [pid 6341] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = 0 [pid 6328] <... write resumed>) = 32394836 [pid 6328] munmap(0x7fedae557000, 32394836 [pid 5007] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./30/bus") = 0 [pid 5007] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./30/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./30") = 0 [pid 5007] mkdir("./31", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6343 ./strace-static-x86_64: Process 6343 attached [pid 6328] <... munmap resumed>) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6328] ioctl(4, LOOP_SET_FD, 3 [pid 6343] chdir("./31") = 0 [pid 6343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6343] setpgid(0, 0) = 0 [pid 6343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6343] write(3, "1000", 4) = 4 [pid 6343] close(3) = 0 [pid 6343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6343] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6343] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6343] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6344], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6344 [pid 6343] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6344 attached [pid 6344] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6344] memfd_create("syzkaller", 0) = 3 [pid 6344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6328] <... ioctl resumed>) = 0 [pid 6328] close(3) = 0 [pid 6328] mkdir("./bus", 0777 [pid 6319] <... mount resumed>) = 0 [pid 6328] <... mkdir resumed>) = 0 [pid 6328] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6319] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6319] chdir("./bus") = 0 [ 143.872972][ T6319] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 143.883872][ T6328] loop0: detected capacity change from 0 to 63271 [ 143.894215][ T6319] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 6319] ioctl(4, LOOP_CLR_FD) = 0 [pid 6319] close(4) = 0 [pid 6319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6319] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6319] <... open resumed>) = 4 [pid 6322] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] exit_group(0 [pid 6319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = ? [pid 6321] <... exit_group resumed>) = ? [pid 6319] <... futex resumed>) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6341] +++ exited with 0 +++ [pid 6319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... futex resumed>) = ? [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6319] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6317] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6321, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5008] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 143.920133][ T6328] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 143.959834][ T6328] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5008] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6317] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6346], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6346 [pid 6317] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6346 attached [ 144.002439][ T6328] F2FS-fs (loop0): invalid crc value [pid 6346] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6346] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6346] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [ 144.068081][ T6328] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6346] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6319] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] exit_group(0 [pid 6346] <... futex resumed>) = ? [pid 6319] <... futex resumed>) = ? [pid 6317] <... exit_group resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6319] +++ exited with 0 +++ [pid 6317] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=38 /* 0.38 s */} --- [pid 5010] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6328] <... mount resumed>) = 0 [pid 6328] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6328] chdir("./bus") = 0 [pid 6328] ioctl(4, LOOP_CLR_FD) = 0 [ 144.187589][ T6328] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 144.226324][ T6328] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6328] close(4) = 0 [pid 6328] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... open resumed>) = 4 [pid 6328] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6328] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 144.280819][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 144.280832][ T26] audit: type=1800 audit(1686876002.716:190): pid=6328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6327] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6327] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6327] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6350], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6350 [pid 6327] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6350 attached [pid 6350] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6350] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6350] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6350] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6331] <... write resumed>) = 32394836 [pid 6331] munmap(0x7fedae557000, 32394836) = 0 [pid 6331] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6331] close(3) = 0 [pid 6331] mkdir("./bus", 0777) = 0 [pid 6331] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6328] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6328] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] exit_group(0) = ? [pid 6350] <... futex resumed>) = ? [pid 6350] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [pid 6327] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=43 /* 0.43 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6333] <... write resumed>) = 32394836 [ 144.506941][ T6331] loop5: detected capacity change from 0 to 63271 [ 144.532321][ T6331] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6333] munmap(0x7fedae557000, 32394836) = 0 [pid 6333] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6333] close(3) = 0 [pid 6333] mkdir("./bus", 0777) = 0 [ 144.575132][ T6331] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 144.605064][ T6333] loop3: detected capacity change from 0 to 63271 [ 144.617969][ T6331] F2FS-fs (loop5): invalid crc value [ 144.632962][ T6333] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 144.657778][ T6333] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 144.669466][ T6331] F2FS-fs (loop5): Found nat_bits in checkpoint [ 144.704884][ T6333] F2FS-fs (loop3): invalid crc value [pid 6333] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./31/bus") = 0 [pid 5008] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./31/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./31") = 0 [pid 5008] mkdir("./32", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 144.755032][ T6333] F2FS-fs (loop3): Found nat_bits in checkpoint [ 144.781637][ T6331] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6358 ./strace-static-x86_64: Process 6358 attached [pid 6358] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6358] chdir("./32") = 0 [pid 6358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6358] setpgid(0, 0) = 0 [pid 6358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6331] <... mount resumed>) = 0 [pid 6331] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6358] write(3, "1000", 4 [pid 6331] <... openat resumed>) = 3 [pid 6358] <... write resumed>) = 4 [pid 6358] close(3) = 0 [pid 6358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6331] chdir("./bus") = 0 [pid 6331] ioctl(4, LOOP_CLR_FD) = 0 [ 144.807309][ T6331] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6331] close(4) = 0 [pid 6358] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6331] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... mmap resumed>) = 0x7fedb6957000 [pid 6358] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] <... futex resumed>) = 0 [pid 6358] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6330] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6358] <... clone resumed>, parent_tid=[6359], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6359 [pid 6331] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6331] <... open resumed>) = 4 [pid 6331] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6359 attached [pid 6330] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6359] memfd_create("syzkaller", 0 [pid 6331] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = 1 [pid 6331] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6330] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6359] <... memfd_create resumed>) = 3 [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5010] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./31/bus") = 0 [pid 5010] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.882599][ T26] audit: type=1800 audit(1686876003.316:191): pid=6331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 5010] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./31/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./31") = 0 [pid 5010] mkdir("./32", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5010] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6361 [pid 6330] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6330] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6330] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6362], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6362 [pid 6330] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6330] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6361] chdir("./32") = 0 [pid 6361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6361] setpgid(0, 0) = 0 [pid 6361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6361] write(3, "1000", 4./strace-static-x86_64: Process 6362 attached [pid 6362] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6362] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 6361] <... write resumed>) = 4 [pid 6361] close(3) = 0 [pid 6361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6361] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6361] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6333] <... mount resumed>) = 0 [pid 6361] <... clone resumed>, parent_tid=[6363], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6363 [pid 6361] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6333] chdir("./bus") = 0 [pid 6333] ioctl(4, LOOP_CLR_FD) = 0 [ 144.931169][ T6333] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 144.958020][ T6333] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6333] close(4) = 0 [pid 6361] <... futex resumed>) = 0 [pid 6330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6333] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6333] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6332] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6333] <... open resumed>) = 4 [pid 6333] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] <... futex resumed>) = 0 [pid 6333] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6332] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6362] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] memfd_create("syzkaller", 0) = 3 [pid 6363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 145.030023][ T26] audit: type=1800 audit(1686876003.466:192): pid=6333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6332] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6332] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6332] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5006] <... umount2 resumed>) = 0 [pid 6332] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6332] <... clone resumed>, parent_tid=[6364], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6364 [pid 6332] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6364 attached [pid 6364] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6364] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 6364] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6364] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] <... futex resumed>) = 0 [pid 6364] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] close(4) = 0 [pid 5006] rmdir("./31/bus") = 0 [pid 5006] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./31/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./31") = 0 [ 145.091705][ T6331] bio_check_eod: 9 callbacks suppressed [ 145.091720][ T6331] syz-executor278: attempt to access beyond end of device [ 145.091720][ T6331] loop5: rw=2049, sector=77824, nr_sectors = 3688 limit=63271 [pid 5006] mkdir("./32", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6365 ./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6344] <... write resumed>) = 32394836 [pid 6365] chdir("./32") = 0 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6365] setpgid(0, 0) = 0 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6365] write(3, "1000", 4) = 4 [pid 6365] close(3) = 0 [pid 6365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6365] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6365] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6366], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6366 [pid 6365] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6344] munmap(0x7fedae557000, 32394836./strace-static-x86_64: Process 6366 attached [pid 6366] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6366] memfd_create("syzkaller", 0) = 3 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6344] <... munmap resumed>) = 0 [pid 6344] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 145.194892][ T6333] syz-executor278: attempt to access beyond end of device [ 145.194892][ T6333] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 145.205687][ T6331] syz-executor278: attempt to access beyond end of device [ 145.205687][ T6331] loop5: rw=2049, sector=81512, nr_sectors = 408 limit=63271 [pid 6344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6344] close(3) = 0 [pid 6344] mkdir("./bus", 0777) = 0 [ 145.257176][ T6344] loop1: detected capacity change from 0 to 63271 [ 145.258992][ T6333] syz-executor278: attempt to access beyond end of device [ 145.258992][ T6333] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 145.293019][ T6344] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6344] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6333] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6333] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] exit_group(0) = ? [pid 6364] <... futex resumed>) = ? [pid 6364] +++ exited with 0 +++ [pid 6333] <... futex resumed>) = ? [pid 6333] +++ exited with 0 +++ [pid 6332] +++ exited with 0 +++ [pid 6331] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6332, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=52 /* 0.52 s */} --- [pid 6331] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6330] exit_group(0 [pid 6362] <... futex resumed>) = ? [pid 6331] <... futex resumed>) = ? [pid 6330] <... exit_group resumed>) = ? [pid 6331] +++ exited with 0 +++ [pid 6362] +++ exited with 0 +++ [pid 6330] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6330, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=37 /* 0.37 s */} --- [pid 5009] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... openat resumed>) = 3 [pid 5011] <... openat resumed>) = 3 [pid 5009] fstat(3, [pid 5011] fstat(3, [pid 5009] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, [pid 5011] getdents64(3, [pid 5009] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] <... getdents64 resumed>0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 145.337183][ T6344] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 145.364675][ T6344] F2FS-fs (loop1): invalid crc value [ 145.410166][ T6344] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5011] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6344] <... mount resumed>) = 0 [pid 6344] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6344] chdir("./bus") = 0 [pid 6344] ioctl(4, LOOP_CLR_FD) = 0 [pid 6344] close(4) = 0 [pid 6344] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6343] <... futex resumed>) = 0 [pid 6344] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6343] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6343] <... futex resumed>) = 0 [pid 6344] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 145.520045][ T6344] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 145.544555][ T6344] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6343] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... open resumed>) = 4 [pid 6344] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6343] <... futex resumed>) = 0 [pid 6344] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6343] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6343] <... futex resumed>) = 0 [pid 6344] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 145.601558][ T26] audit: type=1800 audit(1686876004.036:193): pid=6344 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6343] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6343] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6343] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6343] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6371], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6371 [pid 6343] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6371 attached [pid 6371] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6371] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6371] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6371] <... futex resumed>) = 1 [pid 6371] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 145.709786][ T6344] syz-executor278: attempt to access beyond end of device [ 145.709786][ T6344] loop1: rw=2049, sector=77824, nr_sectors = 2152 limit=63271 [ 145.816241][ T6344] syz-executor278: attempt to access beyond end of device [ 145.816241][ T6344] loop1: rw=2049, sector=79976, nr_sectors = 1944 limit=63271 [pid 6366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6343] exit_group(0 [pid 6371] <... futex resumed>) = ? [pid 6343] <... exit_group resumed>) = ? [pid 6371] +++ exited with 0 +++ [pid 6344] <... pwritev2 resumed>) = ? [pid 6344] +++ exited with 0 +++ [pid 6343] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6343, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5007] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5007] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6363] <... write resumed>) = 32394836 [pid 6363] munmap(0x7fedae557000, 32394836 [pid 6359] <... write resumed>) = 32394836 [pid 6359] munmap(0x7fedae557000, 32394836 [pid 6363] <... munmap resumed>) = 0 [pid 6363] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6363] ioctl(4, LOOP_SET_FD, 3 [pid 6359] <... munmap resumed>) = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6359] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 6363] <... ioctl resumed>) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./31/bus" [pid 6363] close(3) = 0 [pid 5009] <... rmdir resumed>) = 0 [pid 5009] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./31/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./31" [pid 6363] mkdir("./bus", 0777 [pid 5009] <... rmdir resumed>) = 0 [pid 5009] mkdir("./32", 0777 [pid 6363] <... mkdir resumed>) = 0 [pid 5009] <... mkdir resumed>) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6372 ./strace-static-x86_64: Process 6372 attached [pid 6372] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6372] chdir("./32" [pid 6363] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6372] <... chdir resumed>) = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] setpgid(0, 0) = 0 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6372] write(3, "1000", 4) = 4 [ 146.151505][ T6363] loop4: detected capacity change from 0 to 63271 [ 146.164799][ T6359] loop2: detected capacity change from 0 to 63271 [pid 6372] close(3) = 0 [pid 6372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6372] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6372] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6373], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6373 [pid 6372] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6359] <... ioctl resumed>) = 0 [pid 6359] close(3) = 0 [pid 6359] mkdir("./bus", 0777./strace-static-x86_64: Process 6373 attached [pid 6373] set_robust_list(0x7fedb69779e0, 24 [pid 6359] <... mkdir resumed>) = 0 [pid 6373] <... set_robust_list resumed>) = 0 [pid 6373] memfd_create("syzkaller", 0 [pid 6359] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6373] <... memfd_create resumed>) = 3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 146.202714][ T6363] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 146.218975][ T6359] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 146.236837][ T6363] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./31/bus") = 0 [pid 5011] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./31/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./31") = 0 [ 146.252572][ T6359] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 146.267299][ T6363] F2FS-fs (loop4): invalid crc value [pid 5011] mkdir("./32", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6375 ./strace-static-x86_64: Process 6375 attached [pid 6375] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6375] chdir("./32") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6375] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6375] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6379], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6379 [pid 6375] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.294168][ T6359] F2FS-fs (loop2): invalid crc value [pid 6375] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6379 attached [pid 6379] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6379] memfd_create("syzkaller", 0) = 3 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6366] <... write resumed>) = 32394836 [ 146.334921][ T6363] F2FS-fs (loop4): Found nat_bits in checkpoint [ 146.356688][ T6359] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6366] munmap(0x7fedae557000, 32394836) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] mkdir("./bus", 0777) = 0 [ 146.429183][ T6366] loop0: detected capacity change from 0 to 63271 [ 146.445738][ T6366] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 146.454632][ T6363] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 146.463314][ T6363] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 146.472463][ T6359] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 6366] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6359] <... mount resumed>) = 0 [pid 6359] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6359] chdir("./bus") = 0 [pid 6359] ioctl(4, LOOP_CLR_FD) = 0 [pid 6359] close(4 [pid 6363] <... mount resumed>) = 0 [pid 6363] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6363] chdir("./bus") = 0 [pid 6363] ioctl(4, LOOP_CLR_FD) = 0 [pid 6363] close(4) = 0 [pid 6363] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6363] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6361] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... close resumed>) = 0 [pid 6359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] <... futex resumed>) = 0 [ 146.482922][ T6359] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 146.491641][ T6366] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6363] <... open resumed>) = 4 [pid 6359] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = 0 [pid 6363] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6359] <... open resumed>) = 4 [pid 6359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.522331][ T26] audit: type=1800 audit(1686876004.956:194): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [pid 6359] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6361] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6361] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6387], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6387 [pid 6361] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6387 attached [ 146.576490][ T6366] F2FS-fs (loop0): invalid crc value [pid 6358] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6358] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6358] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6358] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6388], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6388 [pid 6358] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6387] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus"./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6388] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 6387] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6387] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] <... futex resumed>) = 0 [ 146.615326][ T6366] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6387] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 146.651389][ T26] audit: type=1800 audit(1686876005.006:195): pid=6359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 146.699998][ T6363] syz-executor278: attempt to access beyond end of device [ 146.699998][ T6363] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 6388] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6388] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./31/bus") = 0 [pid 5007] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./31/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./31") = 0 [pid 5007] mkdir("./32", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6389 ./strace-static-x86_64: Process 6389 attached [pid 6389] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6389] chdir("./32") = 0 [pid 6389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6389] setpgid(0, 0) = 0 [pid 6389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6389] write(3, "1000", 4) = 4 [pid 6389] close(3) = 0 [pid 6389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6389] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6389] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6389] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6390], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6390 [pid 6389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6390 attached [pid 6390] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6390] memfd_create("syzkaller", 0) = 3 [pid 6390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 146.713713][ T6359] syz-executor278: attempt to access beyond end of device [ 146.713713][ T6359] loop2: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 6366] <... mount resumed>) = 0 [pid 6366] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./bus") = 0 [pid 6366] ioctl(4, LOOP_CLR_FD) = 0 [pid 6366] close(4) = 0 [pid 6373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6366] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.768543][ T6366] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 146.785716][ T6366] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6365] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.817180][ T6363] syz-executor278: attempt to access beyond end of device [ 146.817180][ T6363] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 146.834587][ T26] audit: type=1800 audit(1686876005.276:196): pid=6366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [ 146.838732][ T6359] syz-executor278: attempt to access beyond end of device [pid 6366] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6365] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6392], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6392 [pid 6365] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6392 attached [pid 6392] set_robust_list(0x7fedb043b9e0, 24) = 0 [ 146.838732][ T6359] loop2: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 6392] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] <... futex resumed>) = 0 [pid 6365] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6359] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6359] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6358] exit_group(0 [pid 6388] <... futex resumed>) = ? [pid 6358] <... exit_group resumed>) = ? [pid 6388] +++ exited with 0 +++ [pid 6363] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6359] <... futex resumed>) = ? [pid 6363] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] exit_group(0 [pid 6359] +++ exited with 0 +++ [pid 6358] +++ exited with 0 +++ [pid 6363] <... futex resumed>) = 230 [pid 6387] <... futex resumed>) = ? [pid 6361] <... exit_group resumed>) = ? [pid 6363] +++ exited with 0 +++ [pid 6387] +++ exited with 0 +++ [pid 6361] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6358, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6361, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] <... openat resumed>) = 3 [pid 5010] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6366] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6366] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6392] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] exit_group(0 [pid 6392] <... futex resumed>) = ? [pid 6366] <... futex resumed>) = ? [pid 6365] <... exit_group resumed>) = ? [pid 6366] +++ exited with 0 +++ [pid 6392] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6365, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6379] <... write resumed>) = 32394836 [pid 6379] munmap(0x7fedae557000, 32394836) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6373] <... write resumed>) = 32394836 [pid 6379] <... openat resumed>) = 4 [pid 6373] munmap(0x7fedae557000, 32394836 [pid 6379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6379] close(3) = 0 [pid 6379] mkdir("./bus", 0777) = 0 [pid 6373] <... munmap resumed>) = 0 [pid 6379] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6373] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6373] close(3) = 0 [pid 6373] mkdir("./bus", 0777) = 0 [ 147.535891][ T6379] loop5: detected capacity change from 0 to 63271 [ 147.560636][ T6373] loop3: detected capacity change from 0 to 63271 [ 147.567159][ T6379] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6373] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [ 147.590742][ T6373] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 147.605596][ T6379] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 147.619615][ T6373] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 147.629250][ T6379] F2FS-fs (loop5): invalid crc value [pid 5008] close(4) = 0 [pid 5008] rmdir("./32/bus") = 0 [pid 5008] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./32/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./32") = 0 [pid 5008] mkdir("./33", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6397 ./strace-static-x86_64: Process 6397 attached [pid 6397] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6397] chdir("./33") = 0 [pid 6397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6397] setpgid(0, 0) = 0 [pid 6397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6397] write(3, "1000", 4) = 4 [pid 6397] close(3) = 0 [pid 6397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6397] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6397] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6400], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6400 [ 147.641452][ T6373] F2FS-fs (loop3): invalid crc value [ 147.656604][ T6379] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6400 attached [pid 6400] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6400] memfd_create("syzkaller", 0) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 147.703917][ T6373] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6379] <... mount resumed>) = 0 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6379] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6379] chdir("./bus") = 0 [pid 6379] ioctl(4, LOOP_CLR_FD [pid 5010] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./32/bus", [pid 6379] <... ioctl resumed>) = 0 [pid 5010] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6379] close(4 [pid 5010] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 147.774898][ T6379] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 147.798684][ T6379] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 5010] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [pid 5010] rmdir("./32/bus") = 0 [pid 5010] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./32/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./32") = 0 [pid 5010] mkdir("./33", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6403 ./strace-static-x86_64: Process 6403 attached [pid 6403] set_robust_list(0x5555556ed5e0, 24 [pid 6379] <... close resumed>) = 0 [pid 6403] <... set_robust_list resumed>) = 0 [pid 6379] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] chdir("./33" [pid 6379] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6403] <... chdir resumed>) = 0 [pid 6379] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6375] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6375] <... futex resumed>) = 0 [pid 6403] <... prctl resumed>) = 0 [ 147.835029][ T6373] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 6375] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] setpgid(0, 0 [pid 6379] <... open resumed>) = 4 [pid 6403] <... setpgid resumed>) = 0 [pid 6403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6379] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] write(3, "1000", 4 [pid 6379] <... futex resumed>) = 1 [pid 6403] <... write resumed>) = 4 [pid 6375] <... futex resumed>) = 0 [pid 6379] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] close(3 [pid 6379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... close resumed>) = 0 [pid 6379] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6375] <... futex resumed>) = 0 [pid 6403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6403] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6403] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6404], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6404 [pid 6403] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6404 attached [pid 6404] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6404] memfd_create("syzkaller", 0) = 3 [pid 6404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 147.878607][ T26] audit: type=1800 audit(1686876006.316:197): pid=6379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 147.885494][ T6373] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6390] <... write resumed>) = 32394836 [pid 6375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6390] munmap(0x7fedae557000, 32394836 [pid 6375] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6375] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6405], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6405 [pid 6375] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./32/bus") = 0 [pid 6390] <... munmap resumed>) = 0 [pid 5006] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6405 attached ) = -1 EINVAL (Invalid argument) [pid 6405] set_robust_list(0x7fedb043b9e0, 24 [pid 5006] lstat("./32/binderfs", [pid 6405] <... set_robust_list resumed>) = 0 [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6405] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus" [pid 5006] unlink("./32/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./32") = 0 [pid 5006] mkdir("./33", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 6405] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6390] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5006] <... close resumed>) = 0 [pid 6405] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... openat resumed>) = 4 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6405] <... futex resumed>) = 1 [pid 6390] ioctl(4, LOOP_SET_FD, 3 [pid 6375] <... futex resumed>) = 0 [pid 6405] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6373] <... mount resumed>) = 0 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6406 [pid 6373] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6373] chdir("./bus") = 0 [pid 6373] ioctl(4, LOOP_CLR_FD) = 0 [pid 6373] close(4 [pid 6390] <... ioctl resumed>) = 0 [pid 6373] <... close resumed>) = 0 [pid 6390] close(3 [pid 6373] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6390] <... close resumed>) = 0 [pid 6373] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6372] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] mkdir("./bus", 0777 [pid 6372] <... futex resumed>) = 0 [pid 6373] <... open resumed>) = 4 [pid 6372] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6406 attached [pid 6390] <... mkdir resumed>) = 0 [pid 6373] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] set_robust_list(0x5555556ed5e0, 24 [pid 6390] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6373] <... futex resumed>) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6406] <... set_robust_list resumed>) = 0 [pid 6373] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6372] <... futex resumed>) = 0 [pid 6373] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6372] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] chdir("./33") = 0 [ 148.017443][ T6390] loop1: detected capacity change from 0 to 63271 [ 148.030155][ T26] audit: type=1800 audit(1686876006.466:198): pid=6373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 148.059258][ T6390] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6406] setpgid(0, 0) = 0 [pid 6406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6406] write(3, "1000", 4) = 4 [pid 6406] close(3) = 0 [pid 6406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6406] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6406] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6407], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6407 [pid 6406] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6407 attached [pid 6407] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6407] memfd_create("syzkaller", 0) = 3 [pid 6407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 148.078573][ T6390] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [pid 6372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6372] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6372] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6408], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6408 [pid 6372] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6379] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6408 attached [pid 6408] set_robust_list(0x7fedb043b9e0, 24 [pid 6379] <... futex resumed>) = 0 [pid 6379] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] exit_group(0 [pid 6405] <... futex resumed>) = ? [pid 6379] <... futex resumed>) = ? [pid 6375] <... exit_group resumed>) = ? [pid 6405] +++ exited with 0 +++ [pid 6379] +++ exited with 0 +++ [pid 6408] <... set_robust_list resumed>) = 0 [pid 6408] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6408] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] +++ exited with 0 +++ [pid 6408] <... futex resumed>) = 1 [pid 6372] <... futex resumed>) = 0 [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=30 /* 0.30 s */} --- [pid 6408] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 148.124330][ T6390] F2FS-fs (loop1): invalid crc value [ 148.207254][ T6390] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 5011] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6373] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6373] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] exit_group(0 [pid 6408] <... futex resumed>) = ? [pid 6373] <... futex resumed>) = ? [pid 6372] <... exit_group resumed>) = ? [pid 6408] +++ exited with 0 +++ [pid 6373] +++ exited with 0 +++ [pid 6372] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=42 /* 0.42 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6390] <... mount resumed>) = 0 [pid 6390] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6390] chdir("./bus") = 0 [pid 6390] ioctl(4, LOOP_CLR_FD) = 0 [pid 6390] close(4) = 0 [ 148.333444][ T6390] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 148.344319][ T6390] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6390] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6389] <... futex resumed>) = 0 [pid 6390] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6390] <... open resumed>) = 4 [pid 6390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6390] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6389] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6389] <... futex resumed>) = 0 [ 148.410033][ T26] audit: type=1800 audit(1686876006.846:199): pid=6390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [pid 6389] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6389] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6389] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6389] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6413], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6413 [pid 6389] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 6413 attached [pid 6413] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6413] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6413] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6413] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6390] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] exit_group(0 [pid 6413] <... futex resumed>) = ? [pid 6389] <... exit_group resumed>) = ? [pid 6413] +++ exited with 0 +++ [pid 6407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6390] +++ exited with 0 +++ [pid 6389] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6389, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5007] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./32/bus") = 0 [pid 5011] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./32/binderfs") = 0 [pid 6400] <... write resumed>) = 32394836 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./32") = 0 [pid 5011] mkdir("./33", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6414 [pid 6400] munmap(0x7fedae557000, 32394836./strace-static-x86_64: Process 6414 attached [pid 6414] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6414] chdir("./33") = 0 [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6414] setpgid(0, 0) = 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6414] write(3, "1000", 4) = 4 [pid 6414] close(3) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6414] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6414] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6415], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6415 [pid 6414] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6415 attached [pid 6415] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6415] memfd_create("syzkaller", 0) = 3 [pid 6400] <... munmap resumed>) = 0 [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6400] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] close(3) = 0 [pid 6400] mkdir("./bus", 0777) = 0 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6400] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./32/bus") = 0 [pid 5009] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./32/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./32") = 0 [pid 5009] mkdir("./33", 0777) = 0 [pid 6404] <... write resumed>) = 32394836 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6404] munmap(0x7fedae557000, 32394836 [pid 5009] <... openat resumed>) = 3 [pid 6404] <... munmap resumed>) = 0 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [ 149.058366][ T6400] loop2: detected capacity change from 0 to 63271 [ 149.095633][ T6400] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6416 [pid 6404] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 ./strace-static-x86_64: Process 6416 attached [pid 6404] ioctl(4, LOOP_SET_FD, 3 [pid 6416] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6416] chdir("./33") = 0 [pid 6416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6416] setpgid(0, 0) = 0 [pid 6416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6416] write(3, "1000", 4) = 4 [pid 6416] close(3) = 0 [pid 6416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6404] <... ioctl resumed>) = 0 [pid 6416] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] close(3 [pid 6416] <... futex resumed>) = 0 [pid 6404] <... close resumed>) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6404] mkdir("./bus", 0777 [pid 6416] <... mmap resumed>) = 0x7fedb6957000 [pid 6416] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6416] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6404] <... mkdir resumed>) = 0 [pid 6416] <... clone resumed>, parent_tid=[6417], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6417 [pid 6404] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6416] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6417 attached [pid 6417] set_robust_list(0x7fedb69779e0, 24) = 0 [ 149.138312][ T6400] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 149.152825][ T6404] loop4: detected capacity change from 0 to 63271 [ 149.174593][ T6404] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6417] memfd_create("syzkaller", 0) = 3 [pid 6417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6407] <... write resumed>) = 32394836 [ 149.191917][ T6400] F2FS-fs (loop2): invalid crc value [ 149.197479][ T6404] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 149.222590][ T6400] F2FS-fs (loop2): Found nat_bits in checkpoint [ 149.229551][ T6404] F2FS-fs (loop4): invalid crc value [pid 6407] munmap(0x7fedae557000, 32394836) = 0 [pid 6407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6407] close(3) = 0 [pid 6407] mkdir("./bus", 0777) = 0 [ 149.277898][ T6407] loop0: detected capacity change from 0 to 63271 [ 149.289598][ T6404] F2FS-fs (loop4): Found nat_bits in checkpoint [ 149.296740][ T6407] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 149.325391][ T6407] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 149.338343][ T6407] F2FS-fs (loop0): invalid crc value [ 149.354164][ T6400] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 6407] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6400] <... mount resumed>) = 0 [pid 6400] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./bus") = 0 [pid 6400] ioctl(4, LOOP_CLR_FD) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6400] <... futex resumed>) = 1 [pid 6400] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 149.371183][ T6400] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 149.387947][ T6407] F2FS-fs (loop0): Found nat_bits in checkpoint [ 149.403908][ T6404] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [pid 6397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... open resumed>) = 4 [pid 6400] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6400] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6400] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6397] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... umount2 resumed>) = 0 [pid 5007] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5007] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5007] close(4) = 0 [pid 5007] rmdir("./32/bus") = 0 [pid 5007] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5007] unlink("./32/binderfs") = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [pid 5007] rmdir("./32") = 0 [pid 5007] mkdir("./33", 0777) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5007] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5007] close(3) = 0 [ 149.439938][ T26] audit: type=1800 audit(1686876007.876:200): pid=6400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 149.440584][ T6404] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6429 ./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6429] chdir("./33") = 0 [pid 6397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6397] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6429] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6397] <... mmap resumed>) = 0x7fedb041b000 [pid 6397] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6397] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6429] <... prctl resumed>) = 0 [pid 6429] setpgid(0, 0 [pid 6397] <... clone resumed>, parent_tid=[6430], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6430 [pid 6429] <... setpgid resumed>) = 0 [pid 6429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6397] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... openat resumed>) = 3 [pid 6397] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6430 attached [pid 6429] write(3, "1000", 4 [pid 6397] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] set_robust_list(0x7fedb043b9e0, 24 [pid 6429] <... write resumed>) = 4 [pid 6430] <... set_robust_list resumed>) = 0 [pid 6404] <... mount resumed>) = 0 [pid 6430] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus" [pid 6429] close(3) = 0 [pid 6429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6429] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6404] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6429] <... mmap resumed>) = 0x7fedb6957000 [pid 6404] <... openat resumed>) = 3 [pid 6429] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6404] chdir("./bus" [pid 6429] <... mprotect resumed>) = 0 [pid 6404] <... chdir resumed>) = 0 [pid 6429] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6404] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] <... clone resumed>, parent_tid=[6432], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6432 [pid 6429] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] close(4 [pid 6430] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6429] <... futex resumed>) = 0 [pid 6404] <... close resumed>) = 0 [pid 6429] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6404] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] <... futex resumed>) = 0 [pid 6404] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6403] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6430] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6404] <... open resumed>) = 4 [pid 6404] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] <... futex resumed>) = 0 [pid 6404] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6403] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6432 attached [pid 6432] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6432] memfd_create("syzkaller", 0) = 3 [pid 6432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6403] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6403] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... mount resumed>) = 0 [pid 6403] <... futex resumed>) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6407] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6403] <... mmap resumed>) = 0x7fedb041b000 [pid 6403] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 6407] <... openat resumed>) = 3 [pid 6403] <... mprotect resumed>) = 0 [pid 6407] chdir("./bus" [pid 6403] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6407] <... chdir resumed>) = 0 [pid 6407] ioctl(4, LOOP_CLR_FD [pid 6403] <... clone resumed>, parent_tid=[6433], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6433 [pid 6407] <... ioctl resumed>) = 0 [ 149.563019][ T26] audit: type=1800 audit(1686876007.996:201): pid=6404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 149.585242][ T6407] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 149.599306][ T6407] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6403] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] close(4 [pid 6403] <... futex resumed>) = 0 [pid 6407] <... close resumed>) = 0 [pid 6403] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6433 attached ) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6433] set_robust_list(0x7fedb043b9e0, 24 [pid 6407] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... set_robust_list resumed>) = 0 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6406] <... futex resumed>) = 0 [pid 6433] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 6407] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6406] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... open resumed>) = 4 [pid 6415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6407] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6407] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6406] <... futex resumed>) = 0 [pid 6407] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6406] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6433] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6433] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6400] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6400] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] exit_group(0 [pid 6430] <... futex resumed>) = ? [pid 6397] <... exit_group resumed>) = ? [pid 6430] +++ exited with 0 +++ [ 149.670239][ T26] audit: type=1800 audit(1686876008.106:202): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6400] +++ exited with 0 +++ [pid 6397] +++ exited with 0 +++ [pid 6417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6397, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6406] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6406] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6406] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6434], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6434 [pid 6406] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6434 attached [pid 6406] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6434] set_robust_list(0x7fedb043b9e0, 24 [pid 6407] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6434] <... set_robust_list resumed>) = 0 [pid 6407] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus" [pid 6407] <... futex resumed>) = 0 [pid 6434] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6407] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6434] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6434] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] exit_group(0 [pid 6434] <... futex resumed>) = ? [pid 6407] <... futex resumed>) = ? [pid 6406] <... exit_group resumed>) = ? [pid 6434] +++ exited with 0 +++ [pid 6407] +++ exited with 0 +++ [pid 6406] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6406, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=35 /* 0.35 s */} --- [pid 5006] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6404] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6404] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] exit_group(0 [pid 6433] <... futex resumed>) = ? [pid 6404] <... futex resumed>) = ? [pid 6403] <... exit_group resumed>) = ? [pid 6433] +++ exited with 0 +++ [pid 6404] +++ exited with 0 +++ [pid 6403] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6403, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=43 /* 0.43 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6415] <... write resumed>) = 32394836 [pid 6415] munmap(0x7fedae557000, 32394836) = 0 [pid 6415] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6415] ioctl(4, LOOP_SET_FD, 3 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4 [pid 6415] <... ioctl resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5008] rmdir("./33/bus" [pid 6415] close(3) = 0 [pid 6415] mkdir("./bus", 0777 [pid 5008] <... rmdir resumed>) = 0 [pid 5008] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./33/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./33" [pid 6415] <... mkdir resumed>) = 0 [pid 6415] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5008] <... rmdir resumed>) = 0 [pid 5008] mkdir("./34", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [ 150.425343][ T6415] loop5: detected capacity change from 0 to 63271 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6435 attached [pid 6417] <... write resumed>) = 32394836 [pid 5008] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6435 [pid 6435] set_robust_list(0x5555556ed5e0, 24 [pid 6417] munmap(0x7fedae557000, 32394836 [pid 6435] <... set_robust_list resumed>) = 0 [pid 6417] <... munmap resumed>) = 0 [pid 5006] <... umount2 resumed>) = 0 [pid 6435] chdir("./34" [pid 5006] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6435] <... chdir resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5006] lstat("./33/bus", [pid 6435] <... prctl resumed>) = 0 [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6435] setpgid(0, 0 [pid 5006] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6435] <... setpgid resumed>) = 0 [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5006] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6435] <... openat resumed>) = 3 [pid 5006] <... openat resumed>) = 4 [pid 6435] write(3, "1000", 4 [pid 5006] fstat(4, [pid 6435] <... write resumed>) = 4 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, [pid 6435] close(3) = 0 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 6435] symlink("/dev/binderfs", "./binderfs" [pid 5006] getdents64(4, [pid 6435] <... symlink resumed>) = 0 [pid 5006] <... getdents64 resumed>0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 6435] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] close(4 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5006] <... close resumed>) = 0 [pid 6435] <... mmap resumed>) = 0x7fedb6957000 [pid 5006] rmdir("./33/bus" [pid 6417] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6435] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 6417] <... openat resumed>) = 4 [pid 5006] <... rmdir resumed>) = 0 [pid 6435] <... mprotect resumed>) = 0 [pid 6417] ioctl(4, LOOP_SET_FD, 3 [pid 5006] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6435] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./33/binderfs", [pid 6435] <... clone resumed>, parent_tid=[6437], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6437 [pid 6435] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6435] <... futex resumed>) = 0 [pid 5006] unlink("./33/binderfs" [ 150.466850][ T6415] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 150.475446][ T6415] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6435] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5006] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6437 attached [pid 5006] getdents64(3, [pid 6437] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 5006] <... getdents64 resumed>0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 6437] memfd_create("syzkaller", 0 [pid 5006] rmdir("./33") = 0 [pid 6437] <... memfd_create resumed>) = 3 [pid 5006] mkdir("./34", 0777 [pid 6437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5006] <... mkdir resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD [pid 6437] <... mmap resumed>) = 0x7fedae557000 [pid 5006] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6417] <... ioctl resumed>) = 0 [pid 6417] close(3) = 0 [pid 6417] mkdir("./bus", 0777 [pid 5006] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6439 [pid 6417] <... mkdir resumed>) = 0 [pid 6417] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 6439 attached [pid 6439] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6439] chdir("./34") = 0 [pid 6439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6439] setpgid(0, 0) = 0 [pid 6439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6439] write(3, "1000", 4) = 4 [pid 6439] close(3) = 0 [pid 6439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6439] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6439] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6439] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6441], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6441 [pid 6439] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 150.516347][ T6415] F2FS-fs (loop5): invalid crc value [ 150.523092][ T6417] loop3: detected capacity change from 0 to 63271 [ 150.550644][ T6417] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 150.560341][ T6415] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6439] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6441 attached [pid 6441] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6441] memfd_create("syzkaller", 0) = 3 [pid 6441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 150.592395][ T6417] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 150.629325][ T6417] F2FS-fs (loop3): invalid crc value [pid 6432] <... write resumed>) = 32394836 [pid 6432] munmap(0x7fedae557000, 32394836 [pid 5010] <... umount2 resumed>) = 0 [pid 5010] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5010] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6432] <... munmap resumed>) = 0 [pid 5010] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5010] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5010] close(4) = 0 [ 150.662154][ T6417] F2FS-fs (loop3): Found nat_bits in checkpoint [ 150.674037][ T6415] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 6432] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5010] rmdir("./33/bus" [pid 6432] <... openat resumed>) = 4 [pid 6432] ioctl(4, LOOP_SET_FD, 3 [pid 5010] <... rmdir resumed>) = 0 [pid 5010] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5010] unlink("./33/binderfs") = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5010] close(3) = 0 [pid 5010] rmdir("./33") = 0 [pid 5010] mkdir("./34", 0777) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5010] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5010] close(3) = 0 [pid 5010] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6446 ./strace-static-x86_64: Process 6446 attached [pid 6446] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6446] chdir("./34") = 0 [pid 6446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6446] setpgid(0, 0) = 0 [pid 6446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6446] write(3, "1000", 4) = 4 [pid 6446] close(3) = 0 [pid 6446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6446] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6446] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6415] <... mount resumed>) = 0 [pid 6446] <... clone resumed>, parent_tid=[6447], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6447 [pid 6446] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6415] chdir("./bus") = 0 [pid 6415] ioctl(4, LOOP_CLR_FD) = 0 [pid 6415] close(4) = 0 [pid 6415] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] <... futex resumed>) = 0 [pid 6415] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6414] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6447 attached [pid 6447] set_robust_list(0x7fedb69779e0, 24 [pid 6415] <... open resumed>) = 4 [pid 6415] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] <... futex resumed>) = 0 [pid 6415] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6414] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... set_robust_list resumed>) = 0 [pid 6447] memfd_create("syzkaller", 0) = 3 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 150.708493][ T6415] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 150.718828][ T6432] loop1: detected capacity change from 0 to 63271 [pid 6432] <... ioctl resumed>) = 0 [pid 6432] close(3) = 0 [pid 6432] mkdir("./bus", 0777) = 0 [pid 6432] mount("/dev/loop1", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6414] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6414] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6414] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6448], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6448 ./strace-static-x86_64: Process 6448 attached [pid 6414] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] set_robust_list(0x7fedb043b9e0, 24 [pid 6414] <... futex resumed>) = 0 [ 150.746907][ T26] audit: type=1800 audit(1686876009.186:203): pid=6415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 150.782396][ T6432] F2FS-fs (loop1): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6414] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... set_robust_list resumed>) = 0 [pid 6448] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6448] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] <... futex resumed>) = 0 [ 150.825480][ T6432] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 150.837307][ T6432] F2FS-fs (loop1): invalid crc value [ 150.865950][ T6417] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 150.872990][ T6417] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 150.882349][ T6432] F2FS-fs (loop1): Found nat_bits in checkpoint [pid 6417] <... mount resumed>) = 0 [pid 6417] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6417] chdir("./bus") = 0 [pid 6417] ioctl(4, LOOP_CLR_FD) = 0 [pid 6417] close(4) = 0 [pid 6417] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6416] <... futex resumed>) = 1 [ 150.916463][ T6415] bio_check_eod: 13 callbacks suppressed [ 150.916480][ T6415] syz-executor278: attempt to access beyond end of device [ 150.916480][ T6415] loop5: rw=2049, sector=77824, nr_sectors = 3264 limit=63271 [pid 6417] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6416] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] <... open resumed>) = 4 [pid 6417] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] <... futex resumed>) = 0 [pid 6417] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6416] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] <... mount resumed>) = 0 [pid 6432] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6432] <... openat resumed>) = 3 [pid 6432] chdir("./bus") = 0 [pid 6432] ioctl(4, LOOP_CLR_FD) = 0 [pid 6432] close(4) = 0 [ 150.973927][ T26] audit: type=1800 audit(1686876009.406:204): pid=6417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 150.999916][ T6432] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 151.016134][ T6432] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [pid 6432] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6432] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] <... futex resumed>) = 0 [pid 6432] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6429] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6432] <... open resumed>) = 4 [pid 6432] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6432] <... futex resumed>) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6416] <... futex resumed>) = 0 [pid 6432] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6429] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6429] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] <... mmap resumed>) = 0x7fedb041b000 [pid 6416] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6416] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6454], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6454 [pid 6416] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6454 attached [pid 6454] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6454] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6454] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] <... futex resumed>) = 0 [ 151.076007][ T26] audit: type=1800 audit(1686876009.516:205): pid=6432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop1" ino=4 res=0 errno=0 [ 151.081152][ T6415] syz-executor278: attempt to access beyond end of device [ 151.081152][ T6415] loop5: rw=2049, sector=81088, nr_sectors = 832 limit=63271 [pid 6454] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6429] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6429] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6455], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6455 [pid 6429] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6455 attached [pid 6455] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6455] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop1", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6455] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6455] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] exit_group(0) = ? [pid 6448] <... futex resumed>) = ? [pid 6448] +++ exited with 0 +++ [ 151.175402][ T6417] syz-executor278: attempt to access beyond end of device [ 151.175402][ T6417] loop3: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 6417] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6417] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] exit_group(0 [pid 6454] <... futex resumed>) = ? [pid 6417] <... futex resumed>) = ? [pid 6416] <... exit_group resumed>) = ? [pid 6454] +++ exited with 0 +++ [pid 6417] +++ exited with 0 +++ [pid 6416] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6416, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [pid 5009] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6415] <... pwritev2 resumed>) = ? [pid 6415] +++ exited with 0 +++ [pid 6414] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6414, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=35 /* 0.35 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 151.267146][ T6432] syz-executor278: attempt to access beyond end of device [ 151.267146][ T6432] loop1: rw=2049, sector=77824, nr_sectors = 3744 limit=63271 [pid 5011] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6429] exit_group(0 [pid 6455] <... futex resumed>) = ? [pid 6429] <... exit_group resumed>) = ? [pid 6455] +++ exited with 0 +++ [ 151.354579][ T6432] syz-executor278: attempt to access beyond end of device [ 151.354579][ T6432] loop1: rw=2049, sector=81568, nr_sectors = 352 limit=63271 [pid 6432] <... pwritev2 resumed>) = ? [ 151.483030][ T6432] [ 151.485391][ T6432] ====================================================== [ 151.492401][ T6432] WARNING: possible circular locking dependency detected [ 151.499428][ T6432] 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 Not tainted [ 151.506444][ T6432] ------------------------------------------------------ [ 151.513465][ T6432] syz-executor278/6432 is trying to acquire lock: [ 151.519878][ T6432] ffff888065251300 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}, at: f2fs_release_file+0xca/0x100 [ 151.530277][ T6432] [ 151.530277][ T6432] but task is already holding lock: [ 151.537632][ T6432] ffff88807b2f8448 (&sbi->node_write){++++}-{3:3}, at: f2fs_write_single_data_page+0x166e/0x19d0 [ 151.548166][ T6432] [ 151.548166][ T6432] which lock already depends on the new lock. [ 151.548166][ T6432] [ 151.558572][ T6432] [ 151.558572][ T6432] the existing dependency chain (in reverse order) is: [ 151.567598][ T6432] [ 151.567598][ T6432] -> #2 (&sbi->node_write){++++}-{3:3}: [ 151.575315][ T6432] lock_release+0x33c/0x670 [ 151.580335][ T6432] up_write+0x2a/0x520 [ 151.584911][ T6432] block_operations+0xca4/0xe80 [ 151.590299][ T6432] f2fs_write_checkpoint+0x5fa/0x4b40 [ 151.596226][ T6432] __checkpoint_and_complete_reqs+0xea/0x350 [ 151.602721][ T6432] issue_checkpoint_thread+0xe3/0x250 [ 151.608611][ T6432] kthread+0x344/0x440 [ 151.613192][ T6432] ret_from_fork+0x1f/0x30 [ 151.618130][ T6432] [ 151.618130][ T6432] -> #1 (&sbi->cp_rwsem){++++}-{3:3}: [ 151.625677][ T6432] down_read+0x9c/0x480 [ 151.630408][ T6432] f2fs_convert_inline_inode+0x47b/0x8e0 [ 151.636556][ T6432] f2fs_file_write_iter+0x1a1f/0x24d0 [ 151.642436][ T6432] do_iter_readv_writev+0x20b/0x3b0 [ 151.648147][ T6432] do_iter_write+0x185/0x7e0 [ 151.653250][ T6432] vfs_writev+0x1aa/0x670 [ 151.658093][ T6432] do_pwritev+0x1b6/0x270 [ 151.662933][ T6432] __x64_sys_pwritev2+0xef/0x150 [ 151.668385][ T6432] do_syscall_64+0x39/0xb0 [ 151.673315][ T6432] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.679721][ T6432] [ 151.679721][ T6432] -> #0 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}: [ 151.688429][ T6432] __lock_acquire+0x2fcd/0x5f30 [ 151.693796][ T6432] lock_acquire+0x1b1/0x520 [ 151.698898][ T6432] down_write+0x92/0x200 [ 151.703649][ T6432] f2fs_release_file+0xca/0x100 [ 151.709179][ T6432] __fput+0x27c/0xa90 [ 151.713671][ T6432] task_work_run+0x16f/0x270 [ 151.718764][ T6432] do_exit+0xaa3/0x29b0 [ 151.723423][ T6432] do_group_exit+0xd4/0x2a0 [ 151.728431][ T6432] get_signal+0x2318/0x25b0 [ 151.733444][ T6432] arch_do_signal_or_restart+0x79/0x5c0 [ 151.739592][ T6432] exit_to_user_mode_prepare+0x11f/0x240 [ 151.745741][ T6432] syscall_exit_to_user_mode+0x1d/0x50 [ 151.751704][ T6432] do_syscall_64+0x46/0xb0 [ 151.756718][ T6432] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 151.763228][ T6432] [ 151.763228][ T6432] other info that might help us debug this: [ 151.763228][ T6432] [ 151.773439][ T6432] Chain exists of: [ 151.773439][ T6432] &sb->s_type->i_mutex_key#15 --> &sbi->cp_rwsem --> &sbi->node_write [ 151.773439][ T6432] [ 151.787508][ T6432] Possible unsafe locking scenario: [ 151.787508][ T6432] [ 151.794935][ T6432] CPU0 CPU1 [ 151.800298][ T6432] ---- ---- [ 151.805663][ T6432] rlock(&sbi->node_write); [ 151.810237][ T6432] lock(&sbi->cp_rwsem); [ 151.817064][ T6432] lock(&sbi->node_write); [ 151.824065][ T6432] lock(&sb->s_type->i_mutex_key#15); [ 151.829509][ T6432] [ 151.829509][ T6432] *** DEADLOCK *** [ 151.829509][ T6432] [ 151.837631][ T6432] 1 lock held by syz-executor278/6432: [ 151.843065][ T6432] #0: ffff88807b2f8448 (&sbi->node_write){++++}-{3:3}, at: f2fs_write_single_data_page+0x166e/0x19d0 [ 151.854024][ T6432] [ 151.854024][ T6432] stack backtrace: [ 151.859894][ T6432] CPU: 1 PID: 6432 Comm: syz-executor278 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 151.870316][ T6432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 151.880372][ T6432] Call Trace: [ 151.883634][ T6432] [ 151.886552][ T6432] dump_stack_lvl+0xd9/0x150 [ 151.891136][ T6432] check_noncircular+0x25f/0x2e0 [ 151.896085][ T6432] ? print_circular_bug+0x730/0x730 [ 151.901395][ T6432] ? mark_lock.part.0+0x55/0x1970 [ 151.906412][ T6432] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 151.912391][ T6432] __lock_acquire+0x2fcd/0x5f30 [ 151.917326][ T6432] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 151.923293][ T6432] ? find_held_lock+0x2d/0x110 [ 151.928044][ T6432] lock_acquire+0x1b1/0x520 [ 151.932622][ T6432] ? f2fs_release_file+0xca/0x100 [ 151.937633][ T6432] ? lock_sync+0x190/0x190 [ 151.942039][ T6432] down_write+0x92/0x200 [ 151.946276][ T6432] ? f2fs_release_file+0xca/0x100 [ 151.951288][ T6432] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 151.957267][ T6432] f2fs_release_file+0xca/0x100 [ 151.962189][ T6432] __fput+0x27c/0xa90 [ 151.966157][ T6432] ? f2fs_buffered_write_iter+0x1b0/0x1b0 [ 151.971862][ T6432] task_work_run+0x16f/0x270 [ 151.976437][ T6432] ? task_work_cancel+0x30/0x30 [ 151.981272][ T6432] ? do_raw_spin_unlock+0x175/0x230 [ 151.986501][ T6432] do_exit+0xaa3/0x29b0 [ 151.990642][ T6432] ? find_held_lock+0x2d/0x110 [ 151.995389][ T6432] ? get_signal+0x89d/0x25b0 [ 151.999990][ T6432] ? mm_update_next_owner+0x7b0/0x7b0 [ 152.005363][ T6432] do_group_exit+0xd4/0x2a0 [ 152.009859][ T6432] get_signal+0x2318/0x25b0 [ 152.014354][ T6432] ? print_usage_bug.part.0+0x660/0x660 [ 152.019891][ T6432] ? exit_signals+0x910/0x910 [ 152.024571][ T6432] ? from_kuid+0xc0/0xc0 [ 152.028801][ T6432] ? find_held_lock+0x2d/0x110 [ 152.033574][ T6432] arch_do_signal_or_restart+0x79/0x5c0 [ 152.039117][ T6432] ? get_sigframe_size+0x10/0x10 [ 152.044047][ T6432] ? lock_downgrade+0x690/0x690 [ 152.048889][ T6432] ? mark_held_locks+0x9f/0xe0 [ 152.053644][ T6432] exit_to_user_mode_prepare+0x11f/0x240 [ 152.059359][ T6432] syscall_exit_to_user_mode+0x1d/0x50 [ 152.064806][ T6432] do_syscall_64+0x46/0xb0 [ 152.069226][ T6432] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 152.075115][ T6432] RIP: 0033:0x7fedb69cb649 [ 152.079517][ T6432] Code: Unable to access opcode bytes at 0x7fedb69cb61f. [ 152.086523][ T6432] RSP: 002b:00007fedb6977308 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 152.094926][ T6432] RAX: fffffffffffffffb RBX: 00007fedb6a587a8 RCX: 00007fedb69cb649 [ 152.102879][ T6432] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004 [ 152.110833][ T6432] RBP: 00007fedb6a587a0 R08: 0000000000000000 R09: 0000000000000003 [ 152.118791][ T6432] R10: 0000000000001400 R11: 0000000000000246 R12: 6f6f6c2f7665642f [ 152.126770][ T6432] R13: 00007fffd688275f R14: 00007fedb6977400 R15: 0000000000022000 [ 152.134746][ T6432] [pid 6441] <... write resumed>) = 32394836 [pid 6441] munmap(0x7fedae557000, 32394836 [pid 6437] <... write resumed>) = 32394836 [pid 6437] munmap(0x7fedae557000, 32394836 [pid 6441] <... munmap resumed>) = 0 [pid 6441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6441] ioctl(4, LOOP_SET_FD, 3 [pid 6437] <... munmap resumed>) = 0 [pid 6437] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6437] ioctl(4, LOOP_SET_FD, 3 [pid 6441] <... ioctl resumed>) = 0 [pid 6441] close(3) = 0 [pid 6441] mkdir("./bus", 0777 [pid 6437] <... ioctl resumed>) = 0 [pid 6437] close(3) = 0 [pid 6437] mkdir("./bus", 0777 [pid 6441] <... mkdir resumed>) = 0 [pid 6437] <... mkdir resumed>) = 0 [pid 6437] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6441] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6432] +++ exited with 0 +++ [pid 6429] +++ exited with 0 +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6429, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=34 /* 0.34 s */} --- [ 152.195070][ T6441] loop0: detected capacity change from 0 to 63271 [ 152.200444][ T6437] loop2: detected capacity change from 0 to 63271 [ 152.211427][ T6437] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 152.220695][ T6441] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 152.220953][ T6437] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 152.235460][ T6441] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5007] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5007] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5007] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5007] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6447] <... write resumed>) = 32394836 [pid 6447] munmap(0x7fedae557000, 32394836) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6447] close(3) = 0 [pid 6447] mkdir("./bus", 0777) = 0 [ 152.290170][ T6447] loop4: detected capacity change from 0 to 63271 [ 152.312129][ T6447] F2FS-fs (loop4): Mismatch start address, segment0(512) cp_blkaddr(605) [ 152.335541][ T6447] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [pid 6447] mount("/dev/loop4", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] <... umount2 resumed>) = 0 [ 152.366769][ T6437] F2FS-fs (loop2): invalid crc value [ 152.366962][ T6447] F2FS-fs (loop4): invalid crc value [ 152.377827][ T6441] F2FS-fs (loop0): invalid crc value [ 152.394825][ T6437] F2FS-fs (loop2): Found nat_bits in checkpoint [ 152.407209][ T6441] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5009] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./33/bus") = 0 [pid 5009] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./33/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./33") = 0 [pid 5009] mkdir("./34", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6465 [ 152.415477][ T6447] F2FS-fs (loop4): Found nat_bits in checkpoint ./strace-static-x86_64: Process 6465 attached [pid 6465] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6465] chdir("./34") = 0 [pid 6465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6465] setpgid(0, 0) = 0 [pid 6465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6465] write(3, "1000", 4) = 4 [pid 6465] close(3) = 0 [pid 6465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6465] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6467], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6467 [pid 6465] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6467 attached [pid 6467] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6467] memfd_create("syzkaller", 0 [pid 6437] <... mount resumed>) = 0 [pid 6437] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6437] chdir("./bus") = 0 [pid 6437] ioctl(4, LOOP_CLR_FD) = 0 [pid 6437] close(4) = 0 [pid 6437] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... futex resumed>) = 0 [pid 6435] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... memfd_create resumed>) = 3 [pid 6437] <... futex resumed>) = 0 [pid 6435] <... futex resumed>) = 1 [pid 6467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6437] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6435] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] <... mmap resumed>) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6437] <... open resumed>) = 4 [pid 6437] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6435] <... futex resumed>) = 0 [pid 6437] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6435] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./33/bus") = 0 [pid 5011] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./33/binderfs") = 0 [ 152.479256][ T6437] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 152.487229][ T6437] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 152.510379][ T6441] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./33") = 0 [pid 5011] mkdir("./34", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6469 ./strace-static-x86_64: Process 6469 attached [pid 6469] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6469] chdir("./34") = 0 [pid 6469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6469] setpgid(0, 0) = 0 [pid 6469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6469] write(3, "1000", 4) = 4 [pid 6469] close(3) = 0 [pid 6469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6469] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6469] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6469] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6471], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6471 [pid 6469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6471] memfd_create("syzkaller", 0) = 3 [pid 6471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6441] <... mount resumed>) = 0 [pid 6441] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6435] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6435] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6435] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6435] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6472], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6472 [pid 6435] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] <... openat resumed>) = 3 [pid 6441] chdir("./bus" [pid 6435] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... chdir resumed>) = 0 [pid 6441] ioctl(4, LOOP_CLR_FD) = 0 [pid 6441] close(4) = 0 [pid 6441] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] <... futex resumed>) = 0 [ 152.518526][ T26] audit: type=1800 audit(1686876010.956:206): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 152.555359][ T6447] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 152.565702][ T6441] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6447] <... mount resumed>) = 0 [pid 6441] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6439] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6439] <... futex resumed>) = 0 [pid 6447] chdir("./bus" [pid 6439] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... chdir resumed>) = 0 [pid 6441] <... open resumed>) = 4 [pid 6447] ioctl(4, LOOP_CLR_FD [pid 6441] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... ioctl resumed>) = 0 [pid 6441] <... futex resumed>) = 1 [pid 6439] <... futex resumed>) = 0 [pid 6447] close(4 [pid 6441] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6447] <... close resumed>) = 0 [pid 6439] <... futex resumed>) = 0 [pid 6441] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6447] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6472 attached [pid 6472] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6472] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6472] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = 0 [pid 6472] <... futex resumed>) = 1 [pid 6472] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... futex resumed>) = 1 [pid 6447] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6446] <... futex resumed>) = 1 [pid 6447] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6446] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... open resumed>) = 4 [pid 6447] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6447] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6446] <... futex resumed>) = 1 [pid 6447] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 152.586477][ T6447] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 152.587517][ T6437] syz-executor278: attempt to access beyond end of device [ 152.587517][ T6437] loop2: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 6446] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6439] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6439] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6439] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6473], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6473 [pid 6439] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6446] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6446] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6474], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6474 [pid 6446] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6473] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus"./strace-static-x86_64: Process 6474 attached [pid 6474] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6474] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop4", 0 /* QFMT_VFS_??? */, "./bus" [pid 6473] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6473] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] <... futex resumed>) = 0 [pid 6473] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6437] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] exit_group(0 [pid 6472] <... futex resumed>) = ? [pid 6435] <... exit_group resumed>) = ? [pid 6474] <... quotactl resumed>) = -1 ESRCH (No such process) [ 152.645848][ T26] audit: type=1800 audit(1686876011.056:207): pid=6441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6472] +++ exited with 0 +++ [pid 6437] +++ exited with 0 +++ [pid 6435] +++ exited with 0 +++ [pid 6474] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6435, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 6474] <... futex resumed>) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6474] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 152.701716][ T6441] syz-executor278: attempt to access beyond end of device [ 152.701716][ T6441] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 152.722447][ T6447] syz-executor278: attempt to access beyond end of device [ 152.722447][ T6447] loop4: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 152.750940][ T26] audit: type=1800 audit(1686876011.056:208): pid=6447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop4" ino=4 res=0 errno=0 [ 152.790913][ T6441] syz-executor278: attempt to access beyond end of device [pid 5008] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6446] exit_group(0 [pid 6474] <... futex resumed>) = ? [pid 6446] <... exit_group resumed>) = ? [pid 6474] +++ exited with 0 +++ [pid 6441] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6441] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] exit_group(0 [pid 6473] <... futex resumed>) = ? [pid 6441] <... futex resumed>) = ? [pid 6439] <... exit_group resumed>) = ? [pid 6473] +++ exited with 0 +++ [pid 6441] +++ exited with 0 +++ [pid 6439] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6439, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=33 /* 0.33 s */} --- [pid 5006] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 152.790913][ T6441] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 152.811800][ T6447] syz-executor278: attempt to access beyond end of device [ 152.811800][ T6447] loop4: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 5006] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6447] <... pwritev2 resumed>) = ? [pid 6447] +++ exited with 0 +++ [pid 6446] +++ exited with 0 +++ [pid 5010] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6446, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=26 /* 0.26 s */} --- [pid 5010] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5010] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5010] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5010] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5010] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5010] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./34/bus") = 0 [pid 5008] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./34/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./34") = 0 [pid 5008] mkdir("./35", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6475 [pid 6467] <... write resumed>) = 32394836 ./strace-static-x86_64: Process 6475 attached [pid 6467] munmap(0x7fedae557000, 32394836 [pid 6475] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6475] chdir("./35") = 0 [pid 6475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6475] setpgid(0, 0) = 0 [pid 6475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6475] write(3, "1000", 4) = 4 [pid 6475] close(3) = 0 [pid 6475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6475] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6475] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6475] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6467] <... munmap resumed>) = 0 [pid 6467] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6475] <... clone resumed>, parent_tid=[6476], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6476 [pid 6467] ioctl(4, LOOP_SET_FD, 3 [pid 6475] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6475] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6476 attached [pid 6476] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6476] memfd_create("syzkaller", 0) = 3 [pid 6476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6467] <... ioctl resumed>) = 0 [pid 6467] close(3) = 0 [pid 6467] mkdir("./bus", 0777) = 0 [ 153.125073][ T6467] loop3: detected capacity change from 0 to 63271 [ 153.148380][ T6467] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6467] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6471] <... write resumed>) = 32394836 [pid 6471] munmap(0x7fedae557000, 32394836) = 0 [pid 6471] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6471] close(3) = 0 [pid 6471] mkdir("./bus", 0777) = 0 [ 153.168142][ T6467] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 153.182956][ T6471] loop5: detected capacity change from 0 to 63271 [ 153.190306][ T6467] F2FS-fs (loop3): invalid crc value [ 153.198837][ T6471] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 153.217473][ T6471] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6471] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./34/bus") = 0 [pid 5006] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./34/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./34") = 0 [pid 5006] mkdir("./35", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 153.226575][ T6467] F2FS-fs (loop3): Found nat_bits in checkpoint [ 153.253545][ T6471] F2FS-fs (loop5): invalid crc value [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6483 ./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6483] chdir("./35") = 0 [pid 6483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6483] setpgid(0, 0) = 0 [pid 6483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6483] write(3, "1000", 4) = 4 [pid 6483] close(3) = 0 [pid 6483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6483] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6483] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6485], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6485 [pid 6483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836./strace-static-x86_64: Process 6485 attached [pid 6485] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6485] memfd_create("syzkaller", 0) = 3 [pid 6485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6467] <... mount resumed>) = 0 [pid 6467] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6467] chdir("./bus") = 0 [pid 6467] ioctl(4, LOOP_CLR_FD) = 0 [pid 6467] close(4) = 0 [pid 6467] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 153.295405][ T6471] F2FS-fs (loop5): Found nat_bits in checkpoint [ 153.316064][ T6467] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 153.329132][ T6467] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6467] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6467] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 153.358198][ T26] audit: type=1800 audit(1686876011.796:209): pid=6467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 153.392155][ T6471] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [pid 6467] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6471] <... mount resumed>) = 0 [pid 6471] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6471] chdir("./bus") = 0 [pid 6471] ioctl(4, LOOP_CLR_FD) = 0 [pid 6471] close(4) = 0 [pid 6471] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6471] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6465] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6465] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6465] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6487], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6487 [pid 6471] <... futex resumed>) = 1 [pid 6469] <... futex resumed>) = 0 [pid 6465] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6469] <... futex resumed>) = 0 [pid 6469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC./strace-static-x86_64: Process 6487 attached [pid 6487] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6487] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6487] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6487] <... futex resumed>) = 1 [ 153.401957][ T6471] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6487] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6467] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] exit_group(0) = ? [pid 6467] <... futex resumed>) = ? [pid 6487] <... futex resumed>) = ? [pid 6487] +++ exited with 0 +++ [pid 6467] +++ exited with 0 +++ [pid 6465] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6465, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6469] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6469] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6469] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6469] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6488], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6488 [pid 6469] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6488 attached [pid 6488] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6488] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6488] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = 0 [pid 6488] <... futex resumed>) = 1 [pid 6488] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6471] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6469] exit_group(0) = ? [pid 6488] <... futex resumed>) = ? [pid 6488] +++ exited with 0 +++ [pid 6471] <... futex resumed>) = ? [pid 6471] +++ exited with 0 +++ [pid 6469] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6469, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=30 /* 0.30 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6485] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6476] <... write resumed>) = 32394836 [pid 6476] munmap(0x7fedae557000, 32394836) = 0 [pid 6476] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6476] close(3) = 0 [pid 6476] mkdir("./bus", 0777) = 0 [ 153.634261][ T6476] loop2: detected capacity change from 0 to 63271 [ 153.674273][ T6476] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 153.692206][ T6476] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 153.726461][ T6476] F2FS-fs (loop2): invalid crc value [pid 6476] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6485] <... write resumed>) = 32394836 [pid 6485] munmap(0x7fedae557000, 32394836) = 0 [pid 6485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 153.752006][ T6476] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6485] ioctl(4, LOOP_SET_FD, 3 [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6485] <... ioctl resumed>) = 0 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./34/bus") = 0 [pid 5009] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./34/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./34") = 0 [pid 5009] mkdir("./35", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6485] close(3 [pid 5009] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6493 ./strace-static-x86_64: Process 6493 attached [pid 6493] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6493] chdir("./35") = 0 [pid 6493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6493] setpgid(0, 0 [pid 6485] <... close resumed>) = 0 [pid 6485] mkdir("./bus", 0777 [pid 6493] <... setpgid resumed>) = 0 [pid 6485] <... mkdir resumed>) = 0 [pid 6485] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6476] <... mount resumed>) = 0 [pid 6493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6493] write(3, "1000", 4) = 4 [pid 6493] close(3) = 0 [pid 6493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6493] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6493] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6493] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6494], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6494 [pid 6493] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6494 attached [pid 6494] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6494] memfd_create("syzkaller", 0) = 3 [pid 6494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6476] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6476] chdir("./bus") = 0 [pid 6476] ioctl(4, LOOP_CLR_FD) = 0 [pid 6476] close(4) = 0 [pid 6476] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6476] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6475] <... futex resumed>) = 0 [pid 6475] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = 0 [pid 6475] <... futex resumed>) = 1 [pid 6476] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 153.799850][ T6485] loop0: detected capacity change from 0 to 63271 [ 153.810617][ T6476] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 153.817816][ T6476] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 153.833637][ T6485] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6475] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] <... open resumed>) = 4 [pid 6476] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] <... futex resumed>) = 0 [pid 6475] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6475] <... futex resumed>) = 0 [ 153.853642][ T6485] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6475] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4 [pid 6475] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5011] <... close resumed>) = 0 [pid 5011] rmdir("./34/bus" [pid 6475] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] <... rmdir resumed>) = 0 [pid 6475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5011] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./34/binderfs", [pid 6475] <... mmap resumed>) = 0x7fedb041b000 [pid 5011] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6475] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE [pid 5011] unlink("./34/binderfs" [pid 6475] <... mprotect resumed>) = 0 [pid 6475] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] <... unlink resumed>) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 6475] <... clone resumed>, parent_tid=[6496], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6496 [pid 5011] rmdir("./34" [pid 6475] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] <... rmdir resumed>) = 0 [pid 6475] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] mkdir("./35", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6498 ./strace-static-x86_64: Process 6496 attached [pid 6496] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6496] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6496] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6498 attached [pid 6496] <... futex resumed>) = 1 [pid 6496] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6498] chdir("./35") = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6498] write(3, "1000", 4) = 4 [pid 6498] close(3) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6498] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6500], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6500 [pid 6498] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 153.895804][ T6485] F2FS-fs (loop0): invalid crc value [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6500 attached [pid 6476] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6500] set_robust_list(0x7fedb69779e0, 24 [pid 6476] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] exit_group(0 [pid 6500] <... set_robust_list resumed>) = 0 [pid 6496] <... futex resumed>) = ? [pid 6476] <... futex resumed>) = ? [pid 6475] <... exit_group resumed>) = ? [pid 6500] memfd_create("syzkaller", 0 [pid 6496] +++ exited with 0 +++ [pid 6500] <... memfd_create resumed>) = 3 [pid 6500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6476] +++ exited with 0 +++ [pid 6475] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6475, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=28 /* 0.28 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 153.941235][ T6485] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5008] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6485] <... mount resumed>) = 0 [pid 6485] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6485] chdir("./bus") = 0 [pid 6485] ioctl(4, LOOP_CLR_FD) = 0 [pid 6485] close(4) = 0 [pid 6485] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6485] <... futex resumed>) = 0 [pid 6485] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6485] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 154.010635][ T6485] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 154.022849][ T6485] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6485] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6483] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6483] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6483] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6483] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6502], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6502 [pid 6483] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6502 attached [pid 6502] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6502] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6502] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6502] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6485] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6485] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] exit_group(0) = ? [pid 6502] <... futex resumed>) = ? [pid 6485] <... futex resumed>) = ? [pid 6485] +++ exited with 0 +++ [pid 6502] +++ exited with 0 +++ [pid 6483] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6483, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./35/bus") = 0 [pid 5008] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./35/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./35") = 0 [pid 5008] mkdir("./36", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6503 ./strace-static-x86_64: Process 6503 attached [pid 6503] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6503] chdir("./36") = 0 [pid 6503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6503] setpgid(0, 0) = 0 [pid 6503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6494] <... write resumed>) = 32394836 [pid 6494] munmap(0x7fedae557000, 32394836 [pid 6503] write(3, "1000", 4) = 4 [pid 6503] close(3) = 0 [pid 6503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6503] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6503] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6503] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6504], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6504 [pid 6503] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6494] <... munmap resumed>) = 0 [pid 6494] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6494] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6504 attached [pid 6504] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6504] memfd_create("syzkaller", 0) = 3 [pid 6504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6494] <... ioctl resumed>) = 0 [pid 6494] close(3) = 0 [pid 6494] mkdir("./bus", 0777 [pid 6500] <... write resumed>) = 32394836 [pid 6494] <... mkdir resumed>) = 0 [pid 6494] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6500] munmap(0x7fedae557000, 32394836) = 0 [pid 6500] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 154.394052][ T6494] loop3: detected capacity change from 0 to 63271 [ 154.417749][ T6494] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6500] ioctl(4, LOOP_SET_FD, 3 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./35/bus", [pid 6500] <... ioctl resumed>) = 0 [pid 6500] close(3 [pid 5006] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./35/bus" [pid 6500] <... close resumed>) = 0 [pid 6500] mkdir("./bus", 0777 [pid 5006] <... rmdir resumed>) = 0 [pid 5006] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./35/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 6500] <... mkdir resumed>) = 0 [pid 6500] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] rmdir("./35") = 0 [pid 5006] mkdir("./36", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6506 [ 154.439700][ T6500] loop5: detected capacity change from 0 to 63271 [ 154.447376][ T6494] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 154.466225][ T6494] F2FS-fs (loop3): invalid crc value [ 154.476556][ T6500] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) ./strace-static-x86_64: Process 6506 attached [pid 6506] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6506] chdir("./36") = 0 [pid 6506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6506] setpgid(0, 0) = 0 [pid 6506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6506] write(3, "1000", 4) = 4 [pid 6506] close(3) = 0 [pid 6506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6506] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6506] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6509], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6509 [pid 6506] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6509 attached [pid 6509] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6509] memfd_create("syzkaller", 0) = 3 [pid 6509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 154.492046][ T6500] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 154.500995][ T6494] F2FS-fs (loop3): Found nat_bits in checkpoint [ 154.523492][ T6500] F2FS-fs (loop5): invalid crc value [pid 6504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6494] <... mount resumed>) = 0 [pid 6494] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6494] chdir("./bus") = 0 [pid 6494] ioctl(4, LOOP_CLR_FD) = 0 [pid 6494] close(4) = 0 [pid 6494] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6494] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6493] <... futex resumed>) = 0 [pid 6494] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 154.555553][ T6500] F2FS-fs (loop5): Found nat_bits in checkpoint [ 154.586096][ T6494] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 154.598272][ T6494] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6493] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] <... open resumed>) = 4 [pid 6494] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6494] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6493] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6493] <... futex resumed>) = 0 [pid 6494] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 154.626275][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 154.626286][ T26] audit: type=1800 audit(1686876013.066:213): pid=6494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6493] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6493] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6493] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6493] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6515], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6515 [pid 6493] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6515 attached [pid 6515] set_robust_list(0x7fedb043b9e0, 24 [pid 6500] <... mount resumed>) = 0 [pid 6500] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6500] chdir("./bus") = 0 [pid 6500] ioctl(4, LOOP_CLR_FD) = 0 [pid 6500] close(4 [pid 6515] <... set_robust_list resumed>) = 0 [pid 6500] <... close resumed>) = 0 [pid 6494] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6500] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] <... futex resumed>) = 1 [pid 6500] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6515] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus" [pid 6494] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6515] <... quotactl resumed>) = -1 ESRCH (No such process) [pid 6494] <... futex resumed>) = 0 [pid 6515] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] <... futex resumed>) = 1 [pid 6493] <... futex resumed>) = 0 [pid 6493] exit_group(0 [pid 6515] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6494] <... futex resumed>) = ? [pid 6493] <... exit_group resumed>) = ? [ 154.685673][ T6500] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 154.695554][ T6500] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6494] +++ exited with 0 +++ [pid 6515] +++ exited with 0 +++ [pid 6493] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6493, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5009] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6500] <... open resumed>) = 4 [pid 6500] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] <... futex resumed>) = 1 [pid 6500] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6498] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6498] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6498] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6498] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6516], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6516 [pid 6498] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6516 attached [pid 6504] <... write resumed>) = 32394836 [pid 6504] munmap(0x7fedae557000, 32394836 [pid 6516] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6504] <... munmap resumed>) = 0 [ 154.730645][ T26] audit: type=1800 audit(1686876013.166:214): pid=6500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6516] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6504] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6516] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6504] <... openat resumed>) = 4 [pid 6516] <... futex resumed>) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6516] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6504] close(3) = 0 [pid 6504] mkdir("./bus", 0777) = 0 [pid 6504] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6500] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6500] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] exit_group(0) = ? [pid 6500] <... futex resumed>) = ? [pid 6516] <... futex resumed>) = ? [pid 6516] +++ exited with 0 +++ [pid 6500] +++ exited with 0 +++ [pid 6498] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6498, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=30 /* 0.30 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 154.796934][ T6504] loop2: detected capacity change from 0 to 63271 [ 154.811957][ T6504] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 154.827564][ T6504] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 154.840229][ T6504] F2FS-fs (loop2): invalid crc value [pid 5011] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 154.872149][ T6504] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6504] <... mount resumed>) = 0 [pid 6504] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6504] chdir("./bus") = 0 [pid 6504] ioctl(4, LOOP_CLR_FD) = 0 [pid 6504] close(4) = 0 [pid 6504] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6503] <... futex resumed>) = 0 [pid 6503] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] <... futex resumed>) = 0 [pid 6503] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 154.938228][ T6504] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 154.945290][ T6504] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6504] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6504] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6504] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6503] <... futex resumed>) = 0 [pid 6503] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6504] <... futex resumed>) = 0 [pid 6503] <... futex resumed>) = 1 [pid 6504] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6503] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] <... write resumed>) = 32394836 [pid 6509] munmap(0x7fedae557000, 32394836) = 0 [pid 6509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 154.995980][ T26] audit: type=1800 audit(1686876013.436:215): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6509] ioctl(4, LOOP_SET_FD, 3 [pid 6503] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6503] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6503] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6503] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6521], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6521 [pid 6503] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] <... ioctl resumed>) = 0 [pid 6509] close(3) = 0 [pid 6509] mkdir("./bus", 0777) = 0 [pid 6509] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, ""./strace-static-x86_64: Process 6521 attached [pid 6521] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6521] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6521] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6521] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6504] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6504] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6503] exit_group(0 [pid 6504] <... futex resumed>) = ? [pid 6503] <... exit_group resumed>) = ? [pid 6504] +++ exited with 0 +++ [pid 6521] <... futex resumed>) = ? [pid 6521] +++ exited with 0 +++ [pid 6503] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6503, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 155.051345][ T6509] loop0: detected capacity change from 0 to 63271 [ 155.071085][ T6509] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 155.081767][ T6509] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5008] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./35/bus") = 0 [pid 5009] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./35/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./35") = 0 [pid 5009] mkdir("./36", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6523 ./strace-static-x86_64: Process 6523 attached [pid 6523] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6523] chdir("./36") = 0 [pid 6523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6523] setpgid(0, 0) = 0 [pid 6523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6523] write(3, "1000", 4) = 4 [pid 6523] close(3) = 0 [pid 6523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6523] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6523] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6523] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6524], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6524 [pid 6523] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6524 attached [pid 6524] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6524] memfd_create("syzkaller", 0) = 3 [pid 6524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 155.102068][ T6509] F2FS-fs (loop0): invalid crc value [ 155.151554][ T6509] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 6509] <... mount resumed>) = 0 [pid 6509] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6509] chdir("./bus") = 0 [pid 6509] ioctl(4, LOOP_CLR_FD) = 0 [pid 6509] close(4) = 0 [pid 6509] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] <... futex resumed>) = 1 [ 155.215475][ T6509] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 155.227758][ T6509] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6509] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6509] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 6506] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6506] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6506] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6528], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6528 [pid 6506] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] rmdir("./35/bus") = 0 ./strace-static-x86_64: Process 6528 attached [pid 6528] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6528] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 5011] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6528] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6528] <... futex resumed>) = 1 [pid 6528] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./35/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./35") = 0 [pid 5011] mkdir("./36", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 155.253384][ T26] audit: type=1800 audit(1686876013.686:216): pid=6509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6529 ./strace-static-x86_64: Process 6529 attached [pid 6529] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6529] chdir("./36") = 0 [pid 6529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6529] setpgid(0, 0) = 0 [pid 6529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6529] write(3, "1000", 4) = 4 [pid 6529] close(3) = 0 [pid 6529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6529] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6529] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6529] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6530], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6530 [pid 6529] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6530 attached [pid 6530] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6530] memfd_create("syzkaller", 0) = 3 [pid 6530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6509] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6509] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6506] exit_group(0 [pid 6528] <... futex resumed>) = ? [pid 6506] <... exit_group resumed>) = ? [pid 6528] +++ exited with 0 +++ [pid 6509] <... futex resumed>) = ? [pid 6509] +++ exited with 0 +++ [pid 6506] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6506, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=31 /* 0.31 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./36/bus") = 0 [pid 5008] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./36/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./36") = 0 [pid 5008] mkdir("./37", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6531 ./strace-static-x86_64: Process 6531 attached [pid 6531] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6531] chdir("./37") = 0 [pid 6531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6531] setpgid(0, 0) = 0 [pid 6531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6531] write(3, "1000", 4) = 4 [pid 6531] close(3) = 0 [pid 6531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6531] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6531] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6531] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6532], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6532 [pid 6531] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6532 attached [pid 6532] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6532] memfd_create("syzkaller", 0) = 3 [pid 6532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6524] <... write resumed>) = 32394836 [pid 6524] munmap(0x7fedae557000, 32394836) = 0 [pid 6524] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6524] close(3) = 0 [pid 6524] mkdir("./bus", 0777) = 0 [pid 6524] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./36/bus") = 0 [pid 5006] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 155.691430][ T6524] loop3: detected capacity change from 0 to 63271 [ 155.708257][ T6524] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 155.724513][ T6524] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 5006] unlink("./36/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./36") = 0 [pid 5006] mkdir("./37", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6535 ./strace-static-x86_64: Process 6535 attached [pid 6535] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6535] chdir("./37") = 0 [pid 6535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6535] setpgid(0, 0) = 0 [pid 6535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6535] write(3, "1000", 4) = 4 [pid 6535] close(3) = 0 [pid 6535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6535] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6535] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6535] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6537], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6537 [pid 6535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.746009][ T6524] F2FS-fs (loop3): invalid crc value [pid 6535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6537 attached [pid 6537] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6537] memfd_create("syzkaller", 0) = 3 [pid 6537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6530] <... write resumed>) = 32394836 [pid 6530] munmap(0x7fedae557000, 32394836) = 0 [pid 6530] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 155.774809][ T6524] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6530] close(3) = 0 [pid 6530] mkdir("./bus", 0777) = 0 [ 155.826506][ T6530] loop5: detected capacity change from 0 to 63271 [ 155.836460][ T6530] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 155.845354][ T6530] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 155.855051][ T6530] F2FS-fs (loop5): invalid crc value [ 155.866649][ T6524] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 6530] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6524] <... mount resumed>) = 0 [pid 6524] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6524] chdir("./bus") = 0 [pid 6524] ioctl(4, LOOP_CLR_FD) = 0 [pid 6524] close(4) = 0 [pid 6524] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] <... futex resumed>) = 0 [pid 6524] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6523] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6523] <... futex resumed>) = 0 [pid 6524] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6523] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6524] <... open resumed>) = 4 [pid 6524] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] <... futex resumed>) = 0 [pid 6524] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6523] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6523] <... futex resumed>) = 0 [pid 6524] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 155.873701][ T6524] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 155.889962][ T6530] F2FS-fs (loop5): Found nat_bits in checkpoint [ 155.905980][ T26] audit: type=1800 audit(1686876014.346:217): pid=6524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [pid 6523] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6523] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6523] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6523] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6543], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6543 [pid 6523] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6523] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6543 attached [pid 6543] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6543] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6543] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6523] <... futex resumed>) = 0 [pid 6543] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6532] <... write resumed>) = 32394836 [ 155.971934][ T6524] bio_check_eod: 13 callbacks suppressed [ 155.971948][ T6524] syz-executor278: attempt to access beyond end of device [ 155.971948][ T6524] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 156.000907][ T6530] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 156.009279][ T6530] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6532] munmap(0x7fedae557000, 32394836 [pid 6530] <... mount resumed>) = 0 [pid 6530] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6530] chdir("./bus") = 0 [pid 6530] ioctl(4, LOOP_CLR_FD) = 0 [pid 6530] close(4) = 0 [pid 6530] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6529] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6530] <... futex resumed>) = 1 [pid 6530] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6530] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6529] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6530] <... futex resumed>) = 1 [pid 6530] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6532] <... munmap resumed>) = 0 [pid 6532] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 156.029160][ T6524] syz-executor278: attempt to access beyond end of device [ 156.029160][ T6524] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 156.050315][ T26] audit: type=1800 audit(1686876014.466:218): pid=6530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6532] close(3) = 0 [pid 6532] mkdir("./bus", 0777) = 0 [pid 6532] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6529] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6529] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6529] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6529] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6544], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6544 [pid 6529] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6529] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6544 attached [pid 6544] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6544] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6544] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] <... futex resumed>) = 0 [pid 6544] <... futex resumed>) = 1 [pid 6544] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6524] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6524] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6523] exit_group(0 [pid 6543] <... futex resumed>) = ? [pid 6524] <... futex resumed>) = ? [pid 6523] <... exit_group resumed>) = ? [pid 6543] +++ exited with 0 +++ [pid 6524] +++ exited with 0 +++ [pid 6523] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6523, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 156.075932][ T6532] loop2: detected capacity change from 0 to 63271 [ 156.086397][ T6532] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 156.099472][ T6532] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 156.111308][ T6532] F2FS-fs (loop2): invalid crc value [pid 6537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6530] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6530] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6529] exit_group(0 [pid 6544] <... futex resumed>) = ? [pid 6530] <... futex resumed>) = ? [pid 6529] <... exit_group resumed>) = ? [pid 6544] +++ exited with 0 +++ [pid 6530] +++ exited with 0 +++ [pid 6529] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6529, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 156.123441][ T6530] syz-executor278: attempt to access beyond end of device [ 156.123441][ T6530] loop5: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 156.148944][ T6532] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5011] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6532] <... mount resumed>) = 0 [pid 6532] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6532] chdir("./bus") = 0 [pid 6532] ioctl(4, LOOP_CLR_FD) = 0 [pid 6532] close(4) = 0 [pid 6532] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] <... futex resumed>) = 0 [pid 6532] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 156.203538][ T6532] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 156.213354][ T6532] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6531] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6532] <... open resumed>) = 4 [pid 6532] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6532] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] <... futex resumed>) = 0 [pid 6532] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 156.248631][ T26] audit: type=1800 audit(1686876014.686:219): pid=6532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6531] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6531] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6531] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6531] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6549], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6549 [pid 6531] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6549 attached [pid 6549] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6549] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6549] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6549] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... write resumed>) = 32394836 [pid 6537] munmap(0x7fedae557000, 32394836) = 0 [pid 6537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6537] close(3) = 0 [pid 6537] mkdir("./bus", 0777) = 0 [ 156.367057][ T6532] syz-executor278: attempt to access beyond end of device [ 156.367057][ T6532] loop2: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 156.378498][ T6537] loop0: detected capacity change from 0 to 63271 [ 156.400741][ T6537] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6537] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6532] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6532] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6532] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6531] exit_group(0 [pid 6549] <... futex resumed>) = ? [pid 6532] <... futex resumed>) = ? [pid 6531] <... exit_group resumed>) = ? [pid 6549] +++ exited with 0 +++ [pid 6532] +++ exited with 0 +++ [pid 6531] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6531, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=25 /* 0.25 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./36/bus") = 0 [ 156.409760][ T6537] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 156.419355][ T6537] F2FS-fs (loop0): invalid crc value [ 156.448753][ T6537] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5009] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./36/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./36") = 0 [pid 5009] mkdir("./37", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6553 ./strace-static-x86_64: Process 6553 attached [pid 6553] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6553] chdir("./37") = 0 [pid 6553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6553] setpgid(0, 0) = 0 [pid 6553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6553] write(3, "1000", 4) = 4 [pid 6553] close(3) = 0 [pid 6553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6553] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6553] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6553] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6555], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6555 [pid 6553] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6555 attached [pid 6555] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6555] memfd_create("syzkaller", 0 [pid 5011] <... umount2 resumed>) = 0 [pid 6555] <... memfd_create resumed>) = 3 [pid 5011] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6537] <... mount resumed>) = 0 [pid 6537] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6537] chdir("./bus") = 0 [pid 6537] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6537] close(4 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./36/bus") = 0 [pid 5011] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./36/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3 [pid 6537] <... close resumed>) = 0 [pid 6537] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... futex resumed>) = 0 [pid 5011] <... close resumed>) = 0 [pid 6535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = 0 [pid 6535] <... futex resumed>) = 1 [pid 5011] rmdir("./36" [pid 6535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5011] <... rmdir resumed>) = 0 [ 156.537056][ T6537] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 156.545847][ T6537] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 5011] mkdir("./37", 0777 [pid 6537] <... open resumed>) = 4 [pid 5011] <... mkdir resumed>) = 0 [pid 6537] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... futex resumed>) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6535] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = 0 [pid 6535] <... futex resumed>) = 1 [pid 5011] <... openat resumed>) = 3 [pid 6535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] ioctl(3, LOOP_CLR_FD [pid 6537] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 5011] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6556 ./strace-static-x86_64: Process 6556 attached [pid 6556] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6556] chdir("./37") = 0 [pid 6556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6556] setpgid(0, 0) = 0 [pid 6556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6556] write(3, "1000", 4) = 4 [pid 6556] close(3) = 0 [pid 6556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6556] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6557], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6557 [pid 6556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6557 attached [pid 6557] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6557] memfd_create("syzkaller", 0) = 3 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 156.584284][ T26] audit: type=1800 audit(1686876015.016:220): pid=6537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop0" ino=4 res=0 errno=0 [pid 6535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6535] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6535] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6535] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6535] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6558], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6558 [pid 6535] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6558 attached [pid 6558] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6558] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6558] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6535] <... futex resumed>) = 0 [pid 6558] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 156.698633][ T6537] syz-executor278: attempt to access beyond end of device [ 156.698633][ T6537] loop0: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [pid 6555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./37/bus") = 0 [pid 5008] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./37/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./37") = 0 [pid 5008] mkdir("./38", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6559 ./strace-static-x86_64: Process 6559 attached [pid 6559] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6559] chdir("./38") = 0 [pid 6559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6559] setpgid(0, 0) = 0 [pid 6559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 156.772182][ T6537] syz-executor278: attempt to access beyond end of device [ 156.772182][ T6537] loop0: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [pid 6559] write(3, "1000", 4) = 4 [pid 6559] close(3) = 0 [pid 6559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6559] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6559] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6560], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6560 [pid 6559] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6535] exit_group(0) = ? [pid 6558] <... futex resumed>) = ? [pid 6558] +++ exited with 0 +++ ./strace-static-x86_64: Process 6560 attached [pid 6537] <... pwritev2 resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6535] +++ exited with 0 +++ [pid 6560] set_robust_list(0x7fedb69779e0, 24 [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6535, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- [pid 5006] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, [pid 6560] <... set_robust_list resumed>) = 0 [pid 5006] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6560] memfd_create("syzkaller", 0) = 3 [pid 6560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6555] <... write resumed>) = 32394836 [pid 6555] munmap(0x7fedae557000, 32394836) = 0 [pid 6555] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6555] close(3) = 0 [pid 6555] mkdir("./bus", 0777) = 0 [ 156.951982][ T6555] loop3: detected capacity change from 0 to 63271 [ 156.968058][ T6555] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 156.985465][ T6555] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [pid 6555] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [ 157.034553][ T6555] F2FS-fs (loop3): invalid crc value [ 157.069585][ T6555] F2FS-fs (loop3): Found nat_bits in checkpoint [pid 6560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6555] <... mount resumed>) = 0 [pid 6555] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6555] chdir("./bus") = 0 [pid 6555] ioctl(4, LOOP_CLR_FD) = 0 [pid 6555] close(4) = 0 [pid 6557] <... write resumed>) = 32394836 [pid 6557] munmap(0x7fedae557000, 32394836 [pid 6555] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6553] <... futex resumed>) = 0 [pid 6553] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6553] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.135675][ T6555] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 157.142733][ T6555] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6555] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6557] <... munmap resumed>) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6557] ioctl(4, LOOP_SET_FD, 3 [pid 6555] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6553] <... futex resumed>) = 0 [pid 6555] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6553] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6553] <... futex resumed>) = 0 [ 157.176851][ T26] audit: type=1800 audit(1686876015.616:221): pid=6555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 157.185305][ T6557] loop5: detected capacity change from 0 to 63271 [pid 6553] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] <... ioctl resumed>) = 0 [pid 6557] close(3) = 0 [pid 6557] mkdir("./bus", 0777) = 0 [pid 6557] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./37/bus") = 0 [pid 5006] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./37/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./37") = 0 [pid 5006] mkdir("./38", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6565 ./strace-static-x86_64: Process 6565 attached [pid 6553] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6565] set_robust_list(0x5555556ed5e0, 24 [pid 6553] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... set_robust_list resumed>) = 0 [pid 6553] <... futex resumed>) = 0 [pid 6553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6565] chdir("./38" [pid 6553] <... mmap resumed>) = 0x7fedb041b000 [pid 6565] <... chdir resumed>) = 0 [pid 6565] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6553] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] <... prctl resumed>) = 0 [pid 6565] setpgid(0, 0 [pid 6553] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6565] <... setpgid resumed>) = 0 [pid 6565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6553] <... clone resumed>, parent_tid=[6566], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6566 [pid 6565] <... openat resumed>) = 3 [pid 6553] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] write(3, "1000", 4 [pid 6553] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] <... write resumed>) = 4 [pid 6565] close(3) = 0 [pid 6565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6565] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6565] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6566 attached , parent_tid=[6567], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6567 [pid 6566] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6566] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6566] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] <... futex resumed>) = 0 [pid 6565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6566] <... futex resumed>) = 1 [pid 6566] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6567 attached [pid 6555] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6567] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6555] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] memfd_create("syzkaller", 0) = 3 [pid 6567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 157.228171][ T6555] syz-executor278: attempt to access beyond end of device [ 157.228171][ T6555] loop3: rw=2049, sector=77824, nr_sectors = 2048 limit=63271 [ 157.244079][ T6557] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 157.249149][ T6555] syz-executor278: attempt to access beyond end of device [ 157.249149][ T6555] loop3: rw=2049, sector=79872, nr_sectors = 2048 limit=63271 [ 157.265251][ T6557] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [pid 6553] exit_group(0) = ? [pid 6566] <... futex resumed>) = ? [pid 6566] +++ exited with 0 +++ [pid 6555] <... futex resumed>) = ? [pid 6555] +++ exited with 0 +++ [pid 6553] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6553, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=27 /* 0.27 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6567] <... mmap resumed>) = 0x7fedae557000 [ 157.294378][ T6557] F2FS-fs (loop5): invalid crc value [pid 6560] <... write resumed>) = 32394836 [pid 6560] munmap(0x7fedae557000, 32394836) = 0 [pid 6560] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 157.326158][ T6557] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6560] close(3) = 0 [pid 6560] mkdir("./bus", 0777) = 0 [ 157.368454][ T6560] loop2: detected capacity change from 0 to 63271 [ 157.385954][ T6560] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 157.394389][ T6560] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 6560] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6557] <... mount resumed>) = 0 [pid 6557] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6557] chdir("./bus") = 0 [pid 6557] ioctl(4, LOOP_CLR_FD) = 0 [pid 6557] close(4) = 0 [pid 6557] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.423326][ T6557] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 157.435903][ T6557] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6557] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6557] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6557] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 157.478876][ T26] audit: type=1800 audit(1686876015.916:222): pid=6557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6557] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6556] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6556] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6572], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6572 [pid 6556] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6572 attached [pid 6572] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6572] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6572] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6572] <... futex resumed>) = 1 [pid 6572] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... pwritev2 resumed>) = -1 EIO (Input/output error) [ 157.528844][ T6557] syz-executor278: attempt to access beyond end of device [ 157.528844][ T6557] loop5: rw=2049, sector=77824, nr_sectors = 3496 limit=63271 [ 157.544560][ T6560] F2FS-fs (loop2): invalid crc value [ 157.562779][ T6557] syz-executor278: attempt to access beyond end of device [ 157.562779][ T6557] loop5: rw=2049, sector=81320, nr_sectors = 600 limit=63271 [pid 6557] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] exit_group(0 [pid 6572] <... futex resumed>) = ? [pid 6556] <... exit_group resumed>) = ? [pid 6572] +++ exited with 0 +++ [pid 6557] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6556, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=27 /* 0.27 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 157.586779][ T6560] F2FS-fs (loop2): Found nat_bits in checkpoint [ 157.625880][ T6560] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [pid 5011] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6567] <... write resumed>) = 32394836 [pid 6567] munmap(0x7fedae557000, 32394836) = 0 [pid 6567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6567] ioctl(4, LOOP_SET_FD, 3 [pid 6560] <... mount resumed>) = 0 [pid 6560] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6560] chdir("./bus") = 0 [pid 6560] ioctl(4, LOOP_CLR_FD) = 0 [pid 6560] close(4) = 0 [pid 6560] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6559] <... futex resumed>) = 0 [pid 6559] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6560] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6560] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6567] <... ioctl resumed>) = 0 [pid 6567] close(3) = 0 [pid 6567] mkdir("./bus", 0777 [pid 6560] <... futex resumed>) = 1 [pid 6559] <... futex resumed>) = 0 [pid 6560] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6559] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6560] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6567] <... mkdir resumed>) = 0 [ 157.635553][ T6560] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 157.654359][ T6567] loop0: detected capacity change from 0 to 63271 [ 157.673493][ T6567] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6567] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 5009] <... umount2 resumed>) = 0 [pid 6559] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6559] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6559] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6559] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6559] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6577], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6577 [pid 6559] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6577 attached [pid 6577] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6577] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6577] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... futex resumed>) = 0 [pid 6577] <... futex resumed>) = 1 [pid 6577] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./37/bus") = 0 [pid 5009] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./37/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./37") = 0 [pid 5009] mkdir("./38", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6578 [pid 6560] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6560] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6578 attached [pid 6578] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6578] chdir("./38" [pid 6559] exit_group(0 [pid 6578] <... chdir resumed>) = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs" [pid 6577] <... futex resumed>) = ? [pid 6559] <... exit_group resumed>) = ? [pid 6577] +++ exited with 0 +++ [pid 6560] <... futex resumed>) = ? [pid 6578] <... symlink resumed>) = 0 [pid 6578] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.695624][ T6567] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6560] +++ exited with 0 +++ [pid 6559] +++ exited with 0 +++ [pid 6578] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6559, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=23 /* 0.23 s */} --- [pid 6578] <... mprotect resumed>) = 0 [pid 5008] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6578] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5008] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6578] <... clone resumed>, parent_tid=[6580], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6580 [pid 5008] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6578] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] <... openat resumed>) = 3 [pid 6578] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6580 attached [pid 6580] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6580] memfd_create("syzkaller", 0) = 3 [pid 6580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [ 157.755604][ T6567] F2FS-fs (loop0): invalid crc value [ 157.790292][ T6567] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./37/bus") = 0 [pid 5011] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6567] <... mount resumed>) = 0 [pid 5011] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./37/binderfs", [pid 6567] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5011] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6567] <... openat resumed>) = 3 [pid 5011] unlink("./37/binderfs") = 0 [pid 6567] chdir("./bus" [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 6567] <... chdir resumed>) = 0 [pid 5011] close(3 [pid 6567] ioctl(4, LOOP_CLR_FD [pid 5011] <... close resumed>) = 0 [pid 5011] rmdir("./37" [pid 6567] <... ioctl resumed>) = 0 [pid 5011] <... rmdir resumed>) = 0 [pid 6567] close(4 [pid 5011] mkdir("./38", 0777) = 0 [pid 6567] <... close resumed>) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6567] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] <... futex resumed>) = 0 [pid 5011] <... openat resumed>) = 3 [pid 6567] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] ioctl(3, LOOP_CLR_FD [pid 6567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] <... futex resumed>) = 0 [pid 6567] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6567] <... open resumed>) = 4 [pid 5011] <... clone resumed>, child_tidptr=0x5555556ed5d0) = 6584 [pid 6567] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] <... futex resumed>) = 0 [pid 6567] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] <... futex resumed>) = 0 [pid 6567] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6565] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6584 attached [pid 6584] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6584] chdir("./38") = 0 [pid 6584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6584] setpgid(0, 0) = 0 [pid 6584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6584] write(3, "1000", 4) = 4 [pid 6584] close(3) = 0 [pid 6584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6584] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6584] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6584] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6585], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6585 [pid 6584] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.871366][ T6567] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 157.878790][ T6567] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6584] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6585 attached [pid 6585] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6585] memfd_create("syzkaller", 0) = 3 [pid 6585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6565] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6565] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6565] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6586], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6586 [pid 6565] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6586 attached [pid 6586] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6586] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6586] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] <... futex resumed>) = 0 [pid 6586] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6567] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6567] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] exit_group(0) = ? [pid 6586] <... futex resumed>) = ? [pid 6586] +++ exited with 0 +++ [pid 6567] <... futex resumed>) = ? [pid 6567] +++ exited with 0 +++ [pid 6565] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6565, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./38/bus") = 0 [pid 5008] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./38/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./38") = 0 [pid 5008] mkdir("./39", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6587 ./strace-static-x86_64: Process 6587 attached [pid 6587] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6587] chdir("./39") = 0 [pid 6587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6587] setpgid(0, 0) = 0 [pid 6587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6587] write(3, "1000", 4) = 4 [pid 6587] close(3) = 0 [pid 6587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6587] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6587] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6587] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6588], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6588 [pid 6587] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6588 attached [pid 6588] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6588] memfd_create("syzkaller", 0) = 3 [pid 6588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... umount2 resumed>) = 0 [pid 5006] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5006] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5006] close(4) = 0 [pid 5006] rmdir("./38/bus") = 0 [pid 5006] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5006] unlink("./38/binderfs") = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5006] rmdir("./38") = 0 [pid 5006] mkdir("./39", 0777) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5006] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5006] close(3 [pid 6588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 5006] <... close resumed>) = 0 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6589 ./strace-static-x86_64: Process 6589 attached [pid 6589] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6589] chdir("./39") = 0 [pid 6589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6589] setpgid(0, 0) = 0 [pid 6589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6589] write(3, "1000", 4) = 4 [pid 6589] close(3) = 0 [pid 6589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6589] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6589] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6589] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6590], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6590 [pid 6589] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6590 attached [pid 6590] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6590] memfd_create("syzkaller", 0) = 3 [pid 6590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6580] <... write resumed>) = 32394836 [pid 6580] munmap(0x7fedae557000, 32394836) = 0 [pid 6580] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6580] ioctl(4, LOOP_SET_FD, 3 [pid 6585] <... write resumed>) = 32394836 [pid 6585] munmap(0x7fedae557000, 32394836 [pid 6580] <... ioctl resumed>) = 0 [pid 6580] close(3) = 0 [pid 6580] mkdir("./bus", 0777) = 0 [pid 6580] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6585] <... munmap resumed>) = 0 [pid 6585] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6585] close(3) = 0 [pid 6585] mkdir("./bus", 0777) = 0 [ 158.454119][ T6580] loop3: detected capacity change from 0 to 63271 [ 158.474084][ T6580] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 158.483215][ T6585] loop5: detected capacity change from 0 to 63271 [ 158.494943][ T6585] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 158.495588][ T6580] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 158.511630][ T6585] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 158.533289][ T6585] F2FS-fs (loop5): invalid crc value [ 158.553960][ T6585] F2FS-fs (loop5): Found nat_bits in checkpoint [ 158.556071][ T6580] F2FS-fs (loop3): invalid crc value [pid 6585] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6588] <... write resumed>) = 32394836 [pid 6588] munmap(0x7fedae557000, 32394836) = 0 [pid 6588] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6588] close(3) = 0 [pid 6588] mkdir("./bus", 0777) = 0 [ 158.595748][ T6580] F2FS-fs (loop3): Found nat_bits in checkpoint [ 158.611666][ T6585] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 158.629800][ T6588] loop2: detected capacity change from 0 to 63271 [ 158.631033][ T6585] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [pid 6588] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6585] <... mount resumed>) = 0 [pid 6585] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6585] chdir("./bus") = 0 [pid 6585] ioctl(4, LOOP_CLR_FD) = 0 [pid 6585] close(4) = 0 [pid 6585] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] <... futex resumed>) = 1 [pid 6585] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6585] <... open resumed>) = 4 [pid 6585] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... mount resumed>) = 0 [pid 6580] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6580] chdir("./bus") = 0 [pid 6580] ioctl(4, LOOP_CLR_FD) = 0 [pid 6580] close(4) = 0 [pid 6580] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6580] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6578] <... futex resumed>) = 0 [pid 6580] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6578] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6580] <... open resumed>) = 4 [pid 6580] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] <... futex resumed>) = 0 [pid 6580] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6578] <... futex resumed>) = 0 [pid 6580] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 158.648014][ T6588] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 158.659731][ T6588] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 158.672160][ T6588] F2FS-fs (loop2): invalid crc value [ 158.679390][ T6580] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 158.686850][ T6580] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [pid 6578] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6584] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6584] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6584] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6584] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6602], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6602 [pid 6584] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6585] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6602 attached [pid 6602] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6602] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6602] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6584] exit_group(0) = ? [pid 6585] <... futex resumed>) = ? [pid 6585] +++ exited with 0 +++ [pid 6602] <... futex resumed>) = ? [pid 6602] +++ exited with 0 +++ [pid 6584] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6584, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- [pid 5011] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5011] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6578] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6578] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6578] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6578] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6603], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6603 [pid 6578] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6603 attached [pid 6603] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6603] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6603] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6603] <... futex resumed>) = 1 [ 158.728475][ T6588] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 6603] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6580] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] exit_group(0 [pid 6603] <... futex resumed>) = ? [pid 6578] <... exit_group resumed>) = ? [pid 6603] +++ exited with 0 +++ [pid 6580] <... futex resumed>) = ? [pid 6580] +++ exited with 0 +++ [pid 6578] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6578, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=25 /* 0.25 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5009] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6588] <... mount resumed>) = 0 [pid 6588] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6588] chdir("./bus") = 0 [pid 6588] ioctl(4, LOOP_CLR_FD) = 0 [pid 6588] close(4) = 0 [pid 6588] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6588] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6587] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6587] <... futex resumed>) = 0 [pid 6588] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6587] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] <... open resumed>) = 4 [pid 6588] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6588] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6587] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6587] <... futex resumed>) = 0 [pid 6588] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 158.840602][ T6588] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 158.848804][ T6588] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6587] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6590] <... write resumed>) = 32394836 [pid 6590] munmap(0x7fedae557000, 32394836) = 0 [pid 6590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6590] close(3) = 0 [pid 6590] mkdir("./bus", 0777) = 0 [pid 6590] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6587] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6587] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6587] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6587] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6605], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6605 [pid 6587] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6605 attached [pid 6605] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6605] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6605] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... futex resumed>) = 0 [pid 6605] <... futex resumed>) = 1 [pid 6605] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6588] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6587] exit_group(0) = ? [pid 6605] <... futex resumed>) = ? [pid 6588] <... futex resumed>) = ? [pid 6605] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ [pid 6587] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6587, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=25 /* 0.25 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 158.926114][ T6590] loop0: detected capacity change from 0 to 63271 [ 158.934862][ T6590] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(605) [ 158.944407][ T6590] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 159.006654][ T6590] F2FS-fs (loop0): invalid crc value [pid 5008] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./38/bus") = 0 [pid 5011] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./38/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./38") = 0 [pid 5011] mkdir("./39", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [ 159.056469][ T6590] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6609 ./strace-static-x86_64: Process 6609 attached [pid 6609] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6609] chdir("./39") = 0 [pid 6609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6609] setpgid(0, 0) = 0 [pid 6609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6609] write(3, "1000", 4) = 4 [pid 6609] close(3) = 0 [pid 6609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6609] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6609] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6609] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6610], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6610 [pid 6609] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5009] <... umount2 resumed>) = 0 [pid 5009] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5009] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5009] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5009] close(4) = 0 [pid 5009] rmdir("./38/bus") = 0 [pid 5009] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5009] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5009] unlink("./38/binderfs") = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5009] close(3) = 0 [pid 5009] rmdir("./38") = 0 [pid 5009] mkdir("./39", 0777) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5009] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5009] close(3) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6611 ./strace-static-x86_64: Process 6611 attached [pid 6611] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6611] chdir("./39") = 0 [pid 6611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6611] setpgid(0, 0) = 0 [pid 6611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6611] write(3, "1000", 4) = 4 [pid 6611] close(3) = 0 [pid 6611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6611] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6611] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6610 attached [pid 6610] set_robust_list(0x7fedb69779e0, 24 [pid 6611] <... mprotect resumed>) = 0 [pid 6611] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6613], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6613 [pid 6610] <... set_robust_list resumed>) = 0 [pid 6610] memfd_create("syzkaller", 0 [pid 6611] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6613 attached [pid 6610] <... memfd_create resumed>) = 3 [pid 6613] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6613] memfd_create("syzkaller", 0) = 3 [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6590] <... mount resumed>) = 0 [pid 6590] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6590] chdir("./bus") = 0 [pid 6590] ioctl(4, LOOP_CLR_FD) = 0 [pid 6590] close(4) = 0 [pid 6590] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6589] <... futex resumed>) = 0 [pid 6590] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6589] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6590] <... open resumed>) = 4 [pid 6590] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6589] <... futex resumed>) = 0 [pid 6590] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6589] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6589] <... futex resumed>) = 0 [pid 6590] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [ 159.157037][ T6590] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 159.164189][ T6590] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [pid 6589] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6589] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6589] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6589] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6589] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6614], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6614 [pid 6589] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6614 attached [pid 6614] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6614] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop0", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6614] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = 1 [pid 6614] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6590] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6590] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] exit_group(0 [pid 6614] <... futex resumed>) = ? [pid 6589] <... exit_group resumed>) = ? [pid 6614] +++ exited with 0 +++ [pid 6590] <... futex resumed>) = ? [pid 6590] +++ exited with 0 +++ [pid 6589] +++ exited with 0 +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6589, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- [pid 5006] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5006] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5006] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5006] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5006] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./39/bus") = 0 [pid 5008] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./39/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./39") = 0 [pid 5008] mkdir("./40", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6615 ./strace-static-x86_64: Process 6615 attached [pid 6615] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6615] chdir("./40") = 0 [pid 6615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6615] setpgid(0, 0) = 0 [pid 6615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6615] write(3, "1000", 4) = 4 [pid 6615] close(3) = 0 [pid 6615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6615] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6615] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6615] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6616], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6616 [pid 6615] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6616 attached [pid 6616] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6616] memfd_create("syzkaller", 0) = 3 [pid 6616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6613] <... write resumed>) = 32394836 [pid 6613] munmap(0x7fedae557000, 32394836) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6613] close(3) = 0 [pid 6613] mkdir("./bus", 0777) = 0 [ 159.518632][ T6613] loop3: detected capacity change from 0 to 63271 [ 159.529782][ T6613] F2FS-fs (loop3): Mismatch start address, segment0(512) cp_blkaddr(605) [ 159.538600][ T6613] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 159.548307][ T6613] F2FS-fs (loop3): invalid crc value [pid 6613] mount("/dev/loop3", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6610] <... write resumed>) = 32394836 [pid 6610] munmap(0x7fedae557000, 32394836) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6610] close(3 [pid 6616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6610] <... close resumed>) = 0 [pid 6610] mkdir("./bus", 0777) = 0 [ 159.566914][ T6613] F2FS-fs (loop3): Found nat_bits in checkpoint [ 159.586107][ T6610] loop5: detected capacity change from 0 to 63271 [ 159.605383][ T6613] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [pid 6610] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6613] <... mount resumed>) = 0 [pid 6613] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6613] chdir("./bus") = 0 [pid 6613] ioctl(4, LOOP_CLR_FD) = 0 [pid 6613] close(4) = 0 [pid 6613] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6613] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6611] <... futex resumed>) = 0 [pid 6613] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6611] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... open resumed>) = 4 [ 159.612836][ T6610] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 159.612923][ T6613] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 159.628856][ T6610] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 159.644036][ T6610] F2FS-fs (loop5): invalid crc value [ 159.651772][ T26] kauditd_printk_skb: 6 callbacks suppressed [pid 6613] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6613] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6611] <... futex resumed>) = 0 [pid 6613] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6611] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6611] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb041b000 [pid 6611] mprotect(0x7fedb041c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6611] clone(child_stack=0x7fedb043b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6624], tls=0x7fedb043b700, child_tidptr=0x7fedb043b9d0) = 6624 [pid 6611] futex(0x7fedb6a587b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7fedb6a587bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6624 attached [pid 6624] set_robust_list(0x7fedb043b9e0, 24) = 0 [pid 6624] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop3", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6624] futex(0x7fedb6a587bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6624] futex(0x7fedb6a587b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6616] <... write resumed>) = 32394836 [pid 6616] munmap(0x7fedae557000, 32394836 [pid 6613] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6613] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] exit_group(0 [pid 6613] <... futex resumed>) = ? [pid 6611] <... exit_group resumed>) = ? [pid 6624] <... futex resumed>) = ? [pid 6613] +++ exited with 0 +++ [ 159.651785][ T26] audit: type=1800 audit(1686876018.086:229): pid=6613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop3" ino=4 res=0 errno=0 [ 159.689591][ T6610] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6624] +++ exited with 0 +++ [pid 6611] +++ exited with 0 +++ [pid 5009] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6611, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=21 /* 0.21 s */} --- [pid 5009] restart_syscall(<... resuming interrupted clone ...> [pid 6616] <... munmap resumed>) = 0 [pid 5009] <... restart_syscall resumed>) = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5009] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6616] <... openat resumed>) = 4 [pid 5009] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6616] ioctl(4, LOOP_SET_FD, 3 [pid 5009] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5009] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5009] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6616] <... ioctl resumed>) = 0 [pid 6616] close(3) = 0 [pid 6616] mkdir("./bus", 0777 [pid 6610] <... mount resumed>) = 0 [pid 6616] <... mkdir resumed>) = 0 [pid 6616] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6610] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6610] chdir("./bus") = 0 [pid 6610] ioctl(4, LOOP_CLR_FD) = 0 [pid 6610] close(4) = 0 [pid 6610] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6610] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = 0 [pid 6609] <... futex resumed>) = 1 [pid 6610] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 159.753507][ T6616] loop2: detected capacity change from 0 to 63271 [ 159.754643][ T6610] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 159.767221][ T6610] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 159.776840][ T6616] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 159.785292][ T6616] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 6609] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... open resumed>) = 4 [pid 6610] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6610] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6609] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6610] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6609] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6610] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6609] <... futex resumed>) = 0 [pid 6610] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] exit_group(0) = ? [pid 6610] <... futex resumed>) = ? [pid 6610] +++ exited with 0 +++ [pid 6609] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6609, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 159.805542][ T26] audit: type=1800 audit(1686876018.236:230): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 159.811105][ T6616] F2FS-fs (loop2): invalid crc value [ 159.833273][ T6616] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5011] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6616] <... mount resumed>) = 0 [pid 6616] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6616] chdir("./bus") = 0 [pid 6616] ioctl(4, LOOP_CLR_FD) = 0 [pid 6616] close(4) = 0 [pid 6616] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 0 [ 159.869660][ T6616] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 159.876777][ T6616] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6616] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6616] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] <... futex resumed>) = 0 [pid 6616] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6615] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6616] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6616] <... futex resumed>) = 1 [pid 6616] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6616] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6615] exit_group(0) = ? [pid 6616] <... futex resumed>) = ? [pid 6616] +++ exited with 0 +++ [pid 6615] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6615, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=26 /* 0.26 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 159.905025][ T26] audit: type=1800 audit(1686876018.336:231): pid=6616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 5008] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./39/bus") = 0 [pid 5011] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./39/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./39") = 0 [pid 5011] mkdir("./40", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6630 ./strace-static-x86_64: Process 6630 attached [pid 6630] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6630] chdir("./40") = 0 [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6630] setpgid(0, 0) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6630] write(3, "1000", 4) = 4 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6630] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6630] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6630] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6631], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6631 [pid 6630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6631 attached [pid 6631] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6631] memfd_create("syzkaller", 0) = 3 [pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./40/bus") = 0 [pid 5008] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./40/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./40") = 0 [pid 5008] mkdir("./41", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6632 ./strace-static-x86_64: Process 6632 attached [pid 6632] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6632] chdir("./41") = 0 [pid 6632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6632] setpgid(0, 0) = 0 [pid 6632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6632] write(3, "1000", 4) = 4 [pid 6632] close(3) = 0 [pid 6632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6632] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6632] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6632] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6633], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6633 [pid 6632] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6633 attached [pid 6633] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6633] memfd_create("syzkaller", 0) = 3 [pid 6633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6631] <... write resumed>) = 32394836 [pid 6631] munmap(0x7fedae557000, 32394836) = 0 [pid 6631] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6631] close(3) = 0 [pid 6631] mkdir("./bus", 0777) = 0 [ 160.318512][ T6631] loop5: detected capacity change from 0 to 63271 [ 160.327934][ T6631] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 160.336447][ T6631] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 160.345400][ T6631] F2FS-fs (loop5): invalid crc value [ 160.352504][ T6631] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6631] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6633] <... write resumed>) = 32394836 [pid 6633] munmap(0x7fedae557000, 32394836) = 0 [pid 6633] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6633] ioctl(4, LOOP_SET_FD, 3 [pid 6631] <... mount resumed>) = 0 [pid 6631] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6631] chdir("./bus") = 0 [pid 6631] ioctl(4, LOOP_CLR_FD) = 0 [pid 6631] close(4) = 0 [pid 6631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... ioctl resumed>) = 0 [pid 6633] close(3) = 0 [pid 6633] mkdir("./bus", 0777 [pid 6631] <... futex resumed>) = 0 [pid 6630] <... futex resumed>) = 1 [pid 6631] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6633] <... mkdir resumed>) = 0 [pid 6630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 160.385901][ T6631] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 160.393113][ T6631] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 160.398886][ T6633] loop2: detected capacity change from 0 to 63271 [ 160.418273][ T6633] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [pid 6633] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6631] <... open resumed>) = 4 [pid 6631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6631] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC) = -1 EIO (Input/output error) [pid 6631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] <... futex resumed>) = 1 [pid 6631] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6631] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = 0 [pid 6630] exit_group(0) = ? [pid 6631] <... futex resumed>) = ? [pid 6631] +++ exited with 0 +++ [pid 6630] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6630, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 160.418436][ T26] audit: type=1800 audit(1686876018.856:232): pid=6631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [ 160.426871][ T6633] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 160.456949][ T6633] F2FS-fs (loop2): invalid crc value [ 160.464318][ T6633] F2FS-fs (loop2): Found nat_bits in checkpoint [pid 5011] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6633] <... mount resumed>) = 0 [pid 6633] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6633] chdir("./bus") = 0 [pid 6633] ioctl(4, LOOP_CLR_FD) = 0 [pid 6633] close(4) = 0 [pid 6633] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 0 [ 160.500154][ T6633] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 160.507442][ T6633] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6633] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6633] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6633] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6632] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6633] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 0 [pid 6633] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6633] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... futex resumed>) = 0 [pid 6632] exit_group(0) = ? [pid 6633] <... futex resumed>) = ? [ 160.533478][ T26] audit: type=1800 audit(1686876018.966:233): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [pid 6633] +++ exited with 0 +++ [pid 6632] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6632, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=24 /* 0.24 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [pid 5008] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./40/bus") = 0 [pid 5011] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./40/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./40") = 0 [pid 5011] mkdir("./41", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6642 ./strace-static-x86_64: Process 6642 attached [pid 6642] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6642] chdir("./41") = 0 [pid 6642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6642] setpgid(0, 0) = 0 [pid 6642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6642] write(3, "1000", 4) = 4 [pid 6642] close(3) = 0 [pid 6642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6642] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6642] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6642] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6643], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6643 [pid 6642] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6643] memfd_create("syzkaller", 0) = 3 [pid 6643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./41/bus") = 0 [pid 5008] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./41/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./41") = 0 [pid 5008] mkdir("./42", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6644 ./strace-static-x86_64: Process 6644 attached [pid 6644] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6644] chdir("./42") = 0 [pid 6644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6644] setpgid(0, 0) = 0 [pid 6644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6644] write(3, "1000", 4) = 4 [pid 6644] close(3) = 0 [pid 6644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6644] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6644] <... mmap resumed>) = 0x7fedb6957000 [pid 6644] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6644] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6645], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6645 [pid 6644] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6645 attached [pid 6645] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6645] memfd_create("syzkaller", 0) = 3 [pid 6645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836 [pid 6643] <... write resumed>) = 32394836 [pid 6643] munmap(0x7fedae557000, 32394836) = 0 [pid 6643] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6643] close(3) = 0 [pid 6643] mkdir("./bus", 0777) = 0 [ 160.932842][ T6643] loop5: detected capacity change from 0 to 63271 [ 160.941937][ T6643] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(605) [ 160.950455][ T6643] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 160.959579][ T6643] F2FS-fs (loop5): invalid crc value [ 160.966605][ T6643] F2FS-fs (loop5): Found nat_bits in checkpoint [pid 6643] mount("/dev/loop5", "./bus", "f2fs", MS_SYNCHRONOUS, "") = 0 [pid 6643] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6643] chdir("./bus") = 0 [pid 6643] ioctl(4, LOOP_CLR_FD) = 0 [pid 6643] close(4) = 0 [pid 6643] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6643] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6642] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... write resumed>) = 32394836 [pid 6643] <... open resumed>) = 4 [pid 6643] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 1 [pid 6643] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6645] munmap(0x7fedae557000, 32394836) = 0 [pid 6645] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 160.996136][ T6643] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 161.003479][ T6643] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 161.023351][ T26] audit: type=1800 audit(1686876019.456:234): pid=6643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop5" ino=4 res=0 errno=0 [pid 6645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6645] close(3) = 0 [pid 6645] mkdir("./bus", 0777) = 0 [pid 6645] mount("/dev/loop2", "./bus", "f2fs", MS_SYNCHRONOUS, "" [pid 6643] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6643] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... futex resumed>) = 0 [pid 6642] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6642] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 0 [pid 6643] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop5", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6643] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6642] exit_group(0) = ? [pid 6643] <... futex resumed>) = ? [pid 6643] +++ exited with 0 +++ [pid 6642] +++ exited with 0 +++ [pid 5011] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6642, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=22 /* 0.22 s */} --- [pid 5011] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5011] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5011] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 161.052248][ T6645] loop2: detected capacity change from 0 to 63271 [ 161.061252][ T6645] F2FS-fs (loop2): Mismatch start address, segment0(512) cp_blkaddr(605) [ 161.069018][ T6643] bio_check_eod: 17 callbacks suppressed [ 161.069030][ T6643] syz-executor278: attempt to access beyond end of device [ 161.069030][ T6643] loop5: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [ 161.069992][ T6645] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [pid 5011] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6645] <... mount resumed>) = 0 [pid 6645] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6645] chdir("./bus") = 0 [pid 6645] ioctl(4, LOOP_CLR_FD) = 0 [pid 6645] close(4) = 0 [pid 6645] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] <... futex resumed>) = 0 [pid 6645] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [ 161.099063][ T6645] F2FS-fs (loop2): invalid crc value [ 161.106742][ T6645] F2FS-fs (loop2): Found nat_bits in checkpoint [ 161.136710][ T6645] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 161.144058][ T6645] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [pid 6644] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... open resumed>) = 4 [pid 6645] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] futex(0x7fedb6a587a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] <... futex resumed>) = 0 [pid 6644] <... futex resumed>) = 1 [pid 6645] pwritev2(4, [{iov_base="\x85\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC [pid 6644] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... pwritev2 resumed>) = -1 EIO (Input/output error) [pid 6645] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 1 [pid 6645] quotactl(QCMD(Q_QUOTAON, PRJQUOTA), "/dev/loop2", 0 /* QFMT_VFS_??? */, "./bus") = -1 ESRCH (No such process) [pid 6645] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = 0 [pid 6644] exit_group(0) = ? [pid 6645] <... futex resumed>) = ? [pid 6645] +++ exited with 0 +++ [pid 6644] +++ exited with 0 +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6644, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=24 /* 0.24 s */} --- [pid 5008] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5008] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 4 entries */, 32768) = 104 [ 161.168418][ T26] audit: type=1800 audit(1686876019.606:235): pid=6645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor278" name="bus" dev="loop2" ino=4 res=0 errno=0 [ 161.203900][ T6645] syz-executor278: attempt to access beyond end of device [ 161.203900][ T6645] loop2: rw=2049, sector=77824, nr_sectors = 4096 limit=63271 [pid 5008] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5011] <... umount2 resumed>) = 0 [pid 5011] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5011] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5011] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5011] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5011] close(4) = 0 [pid 5011] rmdir("./41/bus") = 0 [pid 5011] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5011] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5011] unlink("./41/binderfs") = 0 [pid 5011] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5011] close(3) = 0 [pid 5011] rmdir("./41") = 0 [pid 5011] mkdir("./42", 0777) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5011] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5011] close(3) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6654 ./strace-static-x86_64: Process 6654 attached [pid 6654] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6654] chdir("./42") = 0 [pid 6654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6654] setpgid(0, 0) = 0 [pid 6654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6654] write(3, "1000", 4) = 4 [pid 6654] close(3) = 0 [pid 6654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6654] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6654] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6654] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6655], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6655 [pid 6654] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6655 attached [pid 6655] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6655] memfd_create("syzkaller", 0) = 3 [pid 6655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 5008] <... umount2 resumed>) = 0 [pid 5008] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5008] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5008] getdents64(4, 0x5555556f6660 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(4, 0x5555556f6660 /* 0 entries */, 32768) = 0 [pid 5008] close(4) = 0 [pid 5008] rmdir("./42/bus") = 0 [pid 5008] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5008] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5008] unlink("./42/binderfs") = 0 [pid 5008] getdents64(3, 0x5555556ee620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5008] rmdir("./42") = 0 [pid 5008] mkdir("./43", 0777) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5008] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5008] close(3) = 0 [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ed5d0) = 6656 ./strace-static-x86_64: Process 6656 attached [pid 6656] set_robust_list(0x5555556ed5e0, 24) = 0 [pid 6656] chdir("./43") = 0 [pid 6656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6656] setpgid(0, 0) = 0 [pid 6656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6656] write(3, "1000", 4) = 4 [pid 6656] close(3) = 0 [pid 6656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6656] futex(0x7fedb6a587ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fedb6957000 [pid 6656] mprotect(0x7fedb6958000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6656] clone(child_stack=0x7fedb69773f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6657], tls=0x7fedb6977700, child_tidptr=0x7fedb69779d0) = 6657 [pid 6656] futex(0x7fedb6a587a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7fedb6a587ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6657 attached [pid 6657] set_robust_list(0x7fedb69779e0, 24) = 0 [pid 6657] memfd_create("syzkaller", 0) = 3 [pid 6657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fedae557000 [pid 6655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32394836