./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2713693503 <...> Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. execve("./syz-executor2713693503", ["./syz-executor2713693503"], 0x7ffe861ba400 /* 10 vars */) = 0 brk(NULL) = 0x555555f62000 brk(0x555555f62c40) = 0x555555f62c40 arch_prctl(ARCH_SET_FS, 0x555555f62300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2713693503", 4096) = 28 brk(0x555555f83c40) = 0x555555f83c40 brk(0x555555f84000) = 0x555555f84000 mprotect(0x7efe2c534000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5085 mkdir("./syzkaller.e84zYG", 0700) = 0 chmod("./syzkaller.e84zYG", 0777) = 0 chdir("./syzkaller.e84zYG") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f625d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] chdir("./0") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe24068000 syzkaller login: [ 55.811664][ T5086] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5086 'syz-executor271' [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 67108864) = 67108864 [pid 5086] munmap(0x7efe24068000, 67108864) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 56.455066][ T5086] loop0: detected capacity change from 0 to 131072 [ 56.465475][ T5086] ======================================================= [ 56.465475][ T5086] WARNING: The mand mount option has been deprecated and [ 56.465475][ T5086] and is ignored by this kernel. Remove the mand [ 56.465475][ T5086] option from the mount to silence this warning. [ 56.465475][ T5086] ======================================================= [ 56.503571][ T5086] F2FS-fs (loop0): Corrupted extension count (4278190117 + 1 > 64) [ 56.511644][ T5086] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 56.521531][ T5086] F2FS-fs (loop0): invalid crc value [ 56.531350][ T5086] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5086] mount("/dev/loop0", "./file0", "f2fs", MS_RDONLY|MS_NOSUID|MS_SYNCHRONOUS|MS_MANDLOCK|MS_DIRSYNC|MS_REC|MS_POSIXACL|MS_STRICTATIME, "") = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file0") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./bus", 0777) = -1 E2BIG (Argument list too long) [pid 5086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5086] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5086, si_uid=0, si_status=SIGSEGV, si_utime=16 /* 0.16 s */, si_stime=57 /* 0.57 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f63620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 56.565284][ T5086] F2FS-fs (loop0): recover fsync data on readonly fs [ 56.573372][ T5086] F2FS-fs (loop0): Try to recover 2th superblock, ret: -30 [ 56.580701][ T5086] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 56.592760][ T5086] F2FS-fs (loop0): Corrupted max_depth of 3: 2049 [ 56.624029][ T5085] ------------[ cut here ]------------ [ 56.629701][ T5085] kernel BUG at fs/f2fs/inode.c:873! [ 56.635732][ T5085] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.643745][ T5085] CPU: 1 PID: 5085 Comm: syz-executor271 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 56.653647][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 56.663694][ T5085] RIP: 0010:f2fs_evict_inode+0x17e1/0x1eb0 [ 56.669511][ T5085] Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 dc 04 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 e9 bc 06 00 e9 99 fc ff ff e8 5f 4c de fd <0f> 0b e8 58 4c de fd 48 c7 c0 28 8b f1 8c 48 ba 00 00 00 00 00 fc [ 56.689108][ T5085] RSP: 0018:ffffc90003c6fac8 EFLAGS: 00010293 [ 56.695160][ T5085] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 56.703136][ T5085] RDX: ffff8880261557c0 RSI: ffffffff83a62181 RDI: 0000000000000007 [ 56.711096][ T5085] RBP: ffff8880735211d0 R08: 0000000000000007 R09: 0000000000000000 [ 56.719054][ T5085] R10: 0000000000000001 R11: 0000000000000005 R12: ffff888017d14000 [ 56.727012][ T5085] R13: ffff888073521680 R14: ffff888017d140b8 R15: ffff888076666a00 [ 56.734985][ T5085] FS: 0000555555f62300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 56.743910][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.750498][ T5085] CR2: 000055ea56793998 CR3: 0000000029387000 CR4: 00000000003506e0 [ 56.758476][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.766445][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.774415][ T5085] Call Trace: [ 56.777695][ T5085] [ 56.780628][ T5085] ? lock_acquire+0x32/0xc0 [ 56.785159][ T5085] ? inode_wait_for_writeback+0x1e/0x40 [ 56.790730][ T5085] ? f2fs_write_inode+0xe00/0xe00 [ 56.795767][ T5085] evict+0x2ed/0x6b0 [ 56.799674][ T5085] dispose_list+0x117/0x1e0 [ 56.804190][ T5085] evict_inodes+0x345/0x440 [ 56.808707][ T5085] ? dispose_list+0x1e0/0x1e0 [ 56.813394][ T5085] ? shrink_dcache_for_umount+0x169/0x340 [ 56.819120][ T5085] generic_shutdown_super+0xaf/0x480 [ 56.824414][ T5085] kill_block_super+0x9b/0xf0 [ 56.829097][ T5085] kill_f2fs_super+0x2af/0x3c0 [ 56.833874][ T5085] ? f2fs_drop_inode+0xa60/0xa60 [ 56.838860][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70 [ 56.844432][ T5085] ? kfree+0x146/0x1b0 [ 56.848524][ T5085] ? unregister_shrinker+0x200/0x300 [ 56.853825][ T5085] deactivate_locked_super+0x98/0x160 [ 56.859212][ T5085] deactivate_super+0xb1/0xd0 [ 56.863899][ T5085] cleanup_mnt+0x2ae/0x3d0 [ 56.868325][ T5085] task_work_run+0x16f/0x270 [ 56.872937][ T5085] ? task_work_cancel+0x30/0x30 [ 56.877807][ T5085] ? __x64_sys_umount+0x118/0x190 [ 56.882842][ T5085] ptrace_notify+0x118/0x140 [ 56.887437][ T5085] syscall_exit_to_user_mode_prepare+0x129/0x290 [ 56.893782][ T5085] syscall_exit_to_user_mode+0xd/0x50 [ 56.899168][ T5085] do_syscall_64+0x46/0xb0 [ 56.903611][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.909521][ T5085] RIP: 0033:0x7efe2c4b6db7 [ 56.913937][ T5085] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.933548][ T5085] RSP: 002b:00007ffc511511a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 56.941966][ T5085] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efe2c4b6db7 [ 56.949938][ T5085] RDX: 00007ffc51151269 RSI: 000000000000000a RDI: 00007ffc51151260 [ 56.957912][ T5085] RBP: 00007ffc51151260 R08: 00000000ffffffff R09: 00007ffc51151040 [ 56.965886][ T5085] R10: 0000555555f63653 R11: 0000000000000202 R12: 00007ffc511522d0 [ 56.973860][ T5085] R13: 0000555555f635f0 R14: 00007ffc511511d0 R15: 0000000000000001 [ 56.981843][ T5085] [ 56.984860][ T5085] Modules linked in: [ 56.988879][ T5085] ---[ end trace 0000000000000000 ]--- [ 56.994765][ T5085] RIP: 0010:f2fs_evict_inode+0x17e1/0x1eb0 [ 57.000577][ T5085] Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 dc 04 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 e9 bc 06 00 e9 99 fc ff ff e8 5f 4c de fd <0f> 0b e8 58 4c de fd 48 c7 c0 28 8b f1 8c 48 ba 00 00 00 00 00 fc [ 57.020248][ T5085] RSP: 0018:ffffc90003c6fac8 EFLAGS: 00010293 [ 57.026360][ T5085] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 57.034355][ T5085] RDX: ffff8880261557c0 RSI: ffffffff83a62181 RDI: 0000000000000007 [ 57.042354][ T5085] RBP: ffff8880735211d0 R08: 0000000000000007 R09: 0000000000000000 [ 57.050316][ T5085] R10: 0000000000000001 R11: 0000000000000005 R12: ffff888017d14000 [ 57.058302][ T5085] R13: ffff888073521680 R14: ffff888017d140b8 R15: ffff888076666a00 [ 57.066295][ T5085] FS: 0000555555f62300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.075266][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.081855][ T5085] CR2: 000055ea56793998 CR3: 0000000029387000 CR4: 00000000003506e0 [ 57.089890][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.097932][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.105947][ T5085] Kernel panic - not syncing: Fatal exception [ 57.112171][ T5085] Kernel Offset: disabled [ 57.116491][ T5085] Rebooting in 86400 seconds..